walkero
/
openjpeg
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

opj_dwt_decode_partial_tile(): avoid undefined behaviour in lifting operation by properly initializing working buffer

This commit is contained in:
Even Rouault 2017-09-01 16:30:32 +02:00
parent f9e9942330
commit eee5104a88
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/lib/openjp2/dwt.c
View File

@ -1858,6 +1858,19 @@ static OPJ_BOOL opj_dwt_decode_partial_tile(
for (j = 0; j < rh; ++j) { for (j = 0; j < rh; ++j) {
if ((j >= win_ll_y0 && j < win_ll_y1) || if ((j >= win_ll_y0 && j < win_ll_y1) ||
(j >= win_lh_y0 + (OPJ_UINT32)v.sn && j < win_lh_y1 + (OPJ_UINT32)v.sn)) { (j >= win_lh_y0 + (OPJ_UINT32)v.sn && j < win_lh_y1 + (OPJ_UINT32)v.sn)) {
/* Avoids dwt.c:1584:44 (in opj_dwt_decode_partial_1): runtime error: */
/* signed integer overflow: -1094795586 + -1094795586 cannot be represented in type 'int' */
/* on opj_decompress -i ../../openjpeg/MAPA.jp2 -o out.tif -d 0,0,256,256 */
/* This is less extreme than memsetting the whole buffer to 0 */
/* although we could potentially do better with better handling of edge conditions */
if (win_tr_x1 >= 1 && win_tr_x1 < rw) {
h.mem[win_tr_x1 - 1] = 0;
}
if (win_tr_x1 < rw) {
h.mem[win_tr_x1] = 0;
}
opj_dwt_interleave_partial_h(h.mem, opj_dwt_interleave_partial_h(h.mem,
h.cas, h.cas,
sa, sa,