Merge pull request #1433 from rouault/fix_1432

opj_t1_encode_cblk(): avoid undefined behaviour on fuzzed input (fixes #1432)
This commit is contained in:
Even Rouault 2022-06-30 12:57:39 +02:00 committed by GitHub
commit e3f07dcc07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions

View File

@ -2443,6 +2443,13 @@ static OPJ_FLOAT64 opj_t1_encode_cblk(opj_t1_t *t1,
OPJ_INT32 tmp = *datap; OPJ_INT32 tmp = *datap;
if (tmp < 0) { if (tmp < 0) {
OPJ_UINT32 tmp_unsigned; OPJ_UINT32 tmp_unsigned;
if (tmp == INT_MIN) {
/* To avoid undefined behaviour when negating INT_MIN */
/* but if we go here, it means we have supplied an input */
/* with more bit depth than we we can really support. */
/* Cf https://github.com/uclouvain/openjpeg/issues/1432 */
tmp = INT_MIN + 1;
}
max = opj_int_max(max, -tmp); max = opj_int_max(max, -tmp);
tmp_unsigned = opj_to_smr(tmp); tmp_unsigned = opj_to_smr(tmp);
memcpy(datap, &tmp_unsigned, sizeof(OPJ_INT32)); memcpy(datap, &tmp_unsigned, sizeof(OPJ_INT32));