opj_t1_allocate_buffers(): remove useless overflow checks

This commit is contained in:
Even Rouault 2017-08-21 23:12:45 +02:00
parent 6ce49bf5ae
commit 84bbb4a874
1 changed files with 13 additions and 60 deletions

View File

@ -1426,27 +1426,18 @@ static OPJ_BOOL opj_t1_allocate_buffers(
OPJ_UINT32 w, OPJ_UINT32 w,
OPJ_UINT32 h) OPJ_UINT32 h)
{ {
size_t flagssize; OPJ_UINT32 flagssize;
OPJ_UINT32 flags_stride; OPJ_UINT32 flags_stride;
/* No risk of overflow. Prior checks ensure those assert are met */
/* They are per the specification */
assert(w <= 1024);
assert(h <= 1024);
assert(w * h <= 4096);
/* encoder uses tile buffer, so no need to allocate */ /* encoder uses tile buffer, so no need to allocate */
if (!t1->encoder) { if (!t1->encoder) {
size_t datasize; OPJ_UINT32 datasize = w * h;
#if (SIZE_MAX / 0xFFFFFFFFU) < 0xFFFFFFFFU /* UINT32_MAX */
/* Overflow check */
if ((w > 0U) && ((size_t)h > (SIZE_MAX / (size_t)w))) {
/* FIXME event manager error callback */
return OPJ_FALSE;
}
#endif
datasize = (size_t)w * h;
/* Overflow check */
if (datasize > (SIZE_MAX / sizeof(OPJ_INT32))) {
/* FIXME event manager error callback */
return OPJ_FALSE;
}
if (datasize > (size_t)t1->datasize) { if (datasize > (size_t)t1->datasize) {
opj_aligned_free(t1->data); opj_aligned_free(t1->data);
@ -1455,15 +1446,7 @@ static OPJ_BOOL opj_t1_allocate_buffers(
/* FIXME event manager error callback */ /* FIXME event manager error callback */
return OPJ_FALSE; return OPJ_FALSE;
} }
#if SIZE_MAX > 0xFFFFFFFFU /* UINT32_MAX */ t1->datasize = datasize;
/* TODO remove this if t1->datasize type changes to size_t */
/* Overflow check */
if (datasize > (size_t)0xFFFFFFFFU /* UINT32_MAX */) {
/* FIXME event manager error callback */
return OPJ_FALSE;
}
#endif
t1->datasize = (OPJ_UINT32)datasize;
} }
/* memset first arg is declared to never be null by gcc */ /* memset first arg is declared to never be null by gcc */
if (t1->data != NULL) { if (t1->data != NULL) {
@ -1471,40 +1454,18 @@ static OPJ_BOOL opj_t1_allocate_buffers(
} }
} }
/* Overflow check */
if (w > (0xFFFFFFFFU /* UINT32_MAX */ - 2U)) {
/* FIXME event manager error callback */
return OPJ_FALSE;
}
flags_stride = w + 2U; /* can't be 0U */ flags_stride = w + 2U; /* can't be 0U */
#if (SIZE_MAX - 3U) < 0xFFFFFFFFU /* UINT32_MAX */
/* Overflow check */
if (h > (0xFFFFFFFFU /* UINT32_MAX */ - 3U)) {
/* FIXME event manager error callback */
return OPJ_FALSE;
}
#endif
flagssize = (h + 3U) / 4U + 2U; flagssize = (h + 3U) / 4U + 2U;
/* Overflow check */ flagssize *= flags_stride;
if (flagssize > (SIZE_MAX / (size_t)flags_stride)) {
/* FIXME event manager error callback */
return OPJ_FALSE;
}
flagssize *= (size_t)flags_stride;
{ {
/* BIG FAT XXX */
opj_flag_t* p; opj_flag_t* p;
OPJ_UINT32 x; OPJ_UINT32 x;
OPJ_UINT32 flags_height = (h + 3U) / 4U; OPJ_UINT32 flags_height = (h + 3U) / 4U;
if (flagssize > (size_t)t1->flagssize) { if (flagssize > t1->flagssize) {
/* Overflow check */
if (flagssize > (SIZE_MAX / sizeof(opj_flag_t))) {
/* FIXME event manager error callback */
return OPJ_FALSE;
}
opj_aligned_free(t1->flags); opj_aligned_free(t1->flags);
t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof( t1->flags = (opj_flag_t*) opj_aligned_malloc(flagssize * sizeof(
opj_flag_t)); opj_flag_t));
@ -1512,16 +1473,8 @@ static OPJ_BOOL opj_t1_allocate_buffers(
/* FIXME event manager error callback */ /* FIXME event manager error callback */
return OPJ_FALSE; return OPJ_FALSE;
} }
#if SIZE_MAX > 0xFFFFFFFFU /* UINT32_MAX */
/* TODO remove this if t1->flagssize type changes to size_t */
/* Overflow check */
if (flagssize > (size_t)0xFFFFFFFFU /* UINT32_MAX */) {
/* FIXME event manager error callback */
return OPJ_FALSE;
} }
#endif t1->flagssize = flagssize;
}
t1->flagssize = (OPJ_UINT32)flagssize;
memset(t1->flags, 0, flagssize * sizeof(opj_flag_t)); memset(t1->flags, 0, flagssize * sizeof(opj_flag_t));