From e74ee84320208aa8e1952805fc602cc5d93e3838 Mon Sep 17 00:00:00 2001 From: Eric Harvey Date: Thu, 13 Jan 2022 10:44:11 -0500 Subject: [PATCH] Revised to address int overflow in for loop only --- src/bin/jp2/opj_compress.c | 8 +------- src/bin/jp2/opj_decompress.c | 9 +-------- src/bin/jp2/opj_dump.c | 8 +------- 3 files changed, 3 insertions(+), 22 deletions(-) diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c index d077d539..ce3235d7 100644 --- a/src/bin/jp2/opj_compress.c +++ b/src/bin/jp2/opj_compress.c @@ -1957,11 +1957,6 @@ int main(int argc, char **argv) /* Read directory if necessary */ if (img_fol.set_imgdir == 1) { num_images = get_num_images(img_fol.imgdirpath); - if((num_images > SIZE_MAX/(OPJ_PATH_LEN * sizeof(char)))){ - fprintf(stdout, "Max images exceeded\n"); - ret = 0; - goto fin; - } else { dirptr = (dircnt_t*)malloc(sizeof(dircnt_t)); if (dirptr) { dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof( @@ -1971,7 +1966,7 @@ int main(int argc, char **argv) ret = 0; goto fin; } - for (i = 0; i < num_images; i++) { + for (size_t i = 0; i < num_images; i++) { dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN; } } @@ -1979,7 +1974,6 @@ int main(int argc, char **argv) ret = 0; goto fin; } - } if (num_images == 0) { fprintf(stdout, "Folder is empty\n"); ret = 0; diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c index 22b7a1e7..75ef3157 100644 --- a/src/bin/jp2/opj_decompress.c +++ b/src/bin/jp2/opj_decompress.c @@ -1365,13 +1365,7 @@ int main(int argc, char **argv) /* Initialize reading of directory */ if (img_fol.set_imgdir == 1) { - int it_image; num_images = get_num_images(img_fol.imgdirpath); - if( num_images > SIZE_MAX/(sizeof(char)* OPJ_PATH_LEN)){ - fprintf(stderr, "Max number of images exceeded\n"); - failed = 1; - goto fin; - } else { dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t)); if (!dirptr) { destroy_parameters(¶meters); @@ -1390,7 +1384,7 @@ int main(int argc, char **argv) failed = 1; goto fin; } - for (it_image = 0; it_image < num_images; it_image++) { + for (size_t it_image = 0; it_image < num_images; it_image++) { dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN; } @@ -1398,7 +1392,6 @@ int main(int argc, char **argv) failed = 1; goto fin; } - } if (num_images == 0) { fprintf(stderr, "Folder is empty\n"); failed = 1; diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c index 73874e63..de35ba74 100644 --- a/src/bin/jp2/opj_dump.c +++ b/src/bin/jp2/opj_dump.c @@ -508,7 +508,6 @@ int main(int argc, char *argv[]) /* Initialize reading of directory */ if (img_fol.set_imgdir == 1) { - int it_image; num_images = get_num_images(img_fol.imgdirpath); dirptr = (dircnt_t*)malloc(sizeof(dircnt_t)); @@ -516,10 +515,6 @@ int main(int argc, char *argv[]) return EXIT_FAILURE; } /* Stores at max 10 image file names*/ - if(num_images> SIZE_MAX/(OPJ_PATH_LEN * sizeof(char))){ - free(dirptr); - return EXIT_FAILURE; - }else{ dirptr->filename_buf = (char*) calloc((size_t) num_images, OPJ_PATH_LEN * sizeof(char)); if (!dirptr->filename_buf) { @@ -532,14 +527,13 @@ int main(int argc, char *argv[]) goto fails; } - for (it_image = 0; it_image < num_images; it_image++) { + for (size_t it_image = 0; it_image < num_images; it_image++) { dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN; } if (load_images(dirptr, img_fol.imgdirpath) == 1) { goto fails; } - } if (num_images == 0) { fprintf(stdout, "Folder is empty\n"); goto fails;