walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix undefined shift behaviour in opj_dwt_is_whole_tile_decoding(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3255. Credit to OSS Fuzz

This commit is contained in:
Even Rouault 2017-09-01 10:26:18 +02:00
parent 04b70908a7
commit 6ce49bf5ae
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/lib/openjp2/dwt.c
View File

@ -1218,13 +1218,14 @@ static OPJ_BOOL opj_dwt_is_whole_tile_decoding(opj_tcd_t *p_tcd,
/* Tolerate small margin within the reduced resolution factor to consider if */ /* Tolerate small margin within the reduced resolution factor to consider if */
/* the whole tile path must be taken */ /* the whole tile path must be taken */
return (tcx0 >= (OPJ_UINT32)tilec->x0 && return (tcx0 >= (OPJ_UINT32)tilec->x0 &&
((tcx0 - (OPJ_UINT32)tilec->x0) >> shift) == 0 &&
tcy0 >= (OPJ_UINT32)tilec->y0 && tcy0 >= (OPJ_UINT32)tilec->y0 &&
((tcy0 - (OPJ_UINT32)tilec->y0) >> shift) == 0 &&
tcx1 <= (OPJ_UINT32)tilec->x1 && tcx1 <= (OPJ_UINT32)tilec->x1 &&
(((OPJ_UINT32)tilec->x1 - tcx1) >> shift) == 0 &&
tcy1 <= (OPJ_UINT32)tilec->y1 && tcy1 <= (OPJ_UINT32)tilec->y1 &&
(((OPJ_UINT32)tilec->y1 - tcy1) >> shift) == 0); (shift >= 32 ||
(((tcx0 - (OPJ_UINT32)tilec->x0) >> shift) == 0 &&
((tcy0 - (OPJ_UINT32)tilec->y0) >> shift) == 0 &&
(((OPJ_UINT32)tilec->x1 - tcx1) >> shift) == 0 &&
(((OPJ_UINT32)tilec->y1 - tcy1) >> shift) == 0)));
} }
/* <summary> */ /* <summary> */