pngtoimage(): fix wrong computation of x1,y1 if -d option is used, that would result in a heap buffer overflow (fixes #1284)

This commit is contained in:
Even Rouault 2020-11-30 22:31:51 +01:00
parent a2b2980a4b
commit b2072402b7
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 2 additions and 2 deletions

View File

@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
image->x0 = (OPJ_UINT32)params->image_offset_x0; image->x0 = (OPJ_UINT32)params->image_offset_x0;
image->y0 = (OPJ_UINT32)params->image_offset_y0; image->y0 = (OPJ_UINT32)params->image_offset_y0;
image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32)
params->subsampling_dx + 1 + image->x0); params->subsampling_dx + 1);
image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32) image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32)
params->subsampling_dy + 1 + image->y0); params->subsampling_dy + 1);
row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32)); row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32));
if (row32s == NULL) { if (row32s == NULL) {