Added multiplication check for calloc calls, see comment on commit 79c7d7a

2022-01-13 00:55:34 -05:00 · 2022-01-13 00:55:34 -05:00 · d564919d3a
parent 33c2d33c5d
commit d564919d3a
3 changed files with 16 additions and 2 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "cstdlib": "c"
+    }
+}
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@ -1367,7 +1367,11 @@ int main(int argc, char **argv)
    if (img_fol.set_imgdir == 1) {
        int it_image;
        num_images = get_num_images(img_fol.imgdirpath);
-
+        if( num_images > SIZE_MAX/(sizeof(char)* OPJ_PATH_LEN)){
+             fprintf(stderr, "Max number of images exceeded\n");
+             failed = 1;
+             goto fin;
+        } else {
        dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
        if (!dirptr) {
            destroy_parameters(&parameters);
@ -1394,6 +1398,7 @@ int main(int argc, char **argv)
            failed = 1;
            goto fin;
        }
+        }
        if (num_images == 0) {
            fprintf(stderr, "Folder is empty\n");
            failed = 1;
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@ -516,6 +516,10 @@ int main(int argc, char *argv[])
            return EXIT_FAILURE;
        }
        /* Stores at max 10 image file names*/
+        if(num_images> SIZE_MAX/(OPJ_PATH_LEN * sizeof(char))){
+            free(dirptr);
+            return EXIT_FAILURE;
+        }else{
        dirptr->filename_buf = (char*) calloc((size_t) num_images,
                                              OPJ_PATH_LEN * sizeof(char));
        if (!dirptr->filename_buf) {
@ -535,7 +539,7 @@ int main(int argc, char *argv[])
        if (load_images(dirptr, img_fol.imgdirpath) == 1) {
            goto fails;
        }
-
+        }
        if (num_images == 0) {
            fprintf(stdout, "Folder is empty\n");
            goto fails;