From 7f703c696b2196e1a1777530cd0a5aefe3194e69 Mon Sep 17 00:00:00 2001 From: trylab Date: Tue, 23 Aug 2016 17:02:21 +0800 Subject: [PATCH] Fix an integer overflow issue Making it more secure to call opj_calloc. --- src/lib/openjp2/pi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c index bf9c2e9c..affd5d0f 100644 --- a/src/lib/openjp2/pi.c +++ b/src/lib/openjp2/pi.c @@ -1240,7 +1240,7 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, /* memory allocation for include */ /* prevent an integer overflow issue */ l_current_pi->include = 00; - if (l_step_l && l_tcp->numlayers < UINT_MAX / l_step_l - 1) + if (l_step_l && l_tcp->numlayers < UINT_MAX / sizeof(OPJ_INT16) / l_step_l - 1) { l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); }