Skip to content

Commit 1f0dfe5

Browse files
committed
Fixed an integer overflow problem in the JPC codec that later resulted
in the use of uninitialized data.
1 parent 862ba25 commit 1f0dfe5

File tree

2 files changed

+20
-20
lines changed

2 files changed

+20
-20
lines changed

Diff for: src/libjasper/jpc/jpc_t2cod.c

+10-10
Original file line numberDiff line numberDiff line change
@@ -432,18 +432,18 @@ static int jpc_pi_nextcprl(register jpc_pi_t *pi)
432432
&pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
433433
++pi->picomp) {
434434
pirlvl = pi->picomp->pirlvls;
435-
pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
436-
pi->picomp->numrlvls - 1));
437-
pi->ystep = pi->picomp->vsamp * (1 << (pirlvl->prcheightexpn +
438-
pi->picomp->numrlvls - 1));
435+
pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) <<
436+
(pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1));
437+
pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) <<
438+
(pirlvl->prcheightexpn + pi->picomp->numrlvls - 1));
439439
for (rlvlno = 1, pirlvl = &pi->picomp->pirlvls[1];
440440
rlvlno < pi->picomp->numrlvls; ++rlvlno, ++pirlvl) {
441-
pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * (1 <<
442-
(pirlvl->prcwidthexpn + pi->picomp->numrlvls -
443-
rlvlno - 1)));
444-
pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * (1 <<
445-
(pirlvl->prcheightexpn + pi->picomp->numrlvls -
446-
rlvlno - 1)));
441+
pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp *
442+
(JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn +
443+
pi->picomp->numrlvls - rlvlno - 1)));
444+
pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp *
445+
(JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn +
446+
pi->picomp->numrlvls - rlvlno - 1)));
447447
}
448448
for (pi->y = pi->ystart; pi->y < pi->yend;
449449
pi->y += pi->ystep - (pi->y % pi->ystep)) {

Diff for: src/libjasper/jpc/jpc_t2cod.h

+10-10
Original file line numberDiff line numberDiff line change
@@ -129,10 +129,10 @@ typedef struct {
129129
jpc_pirlvl_t *pirlvls;
130130

131131
/* The horizontal sampling period. */
132-
int hsamp;
132+
uint_fast32_t hsamp;
133133

134134
/* The vertical sampling period. */
135-
int vsamp;
135+
uint_fast32_t vsamp;
136136

137137
} jpc_picomp_t;
138138

@@ -171,32 +171,32 @@ typedef struct {
171171
int lyrno;
172172

173173
/* The x-coordinate of the current position. */
174-
int x;
174+
uint_fast32_t x;
175175

176176
/* The y-coordinate of the current position. */
177-
int y;
177+
uint_fast32_t y;
178178

179179
/* The horizontal step size. */
180-
int xstep;
180+
uint_fast32_t xstep;
181181

182182
/* The vertical step size. */
183-
int ystep;
183+
uint_fast32_t ystep;
184184

185185
/* The x-coordinate of the top-left corner of the tile on the reference
186186
grid. */
187-
int xstart;
187+
uint_fast32_t xstart;
188188

189189
/* The y-coordinate of the top-left corner of the tile on the reference
190190
grid. */
191-
int ystart;
191+
uint_fast32_t ystart;
192192

193193
/* The x-coordinate of the bottom-right corner of the tile on the
194194
reference grid (plus one). */
195-
int xend;
195+
uint_fast32_t xend;
196196

197197
/* The y-coordinate of the bottom-right corner of the tile on the
198198
reference grid (plus one). */
199-
int yend;
199+
uint_fast32_t yend;
200200

201201
/* The current progression change. */
202202
jpc_pchg_t *pchg;

0 commit comments

Comments
 (0)