Skip to content

Commit c16bc05

Browse files
trylabmayeut
authored andcommitted
Fix an integer overflow issue (#809)
Prevent an integer overflow issue in function opj_pi_create_decode of pi.c.
1 parent ea320da commit c16bc05

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

Diff for: src/lib/openjp2/pi.c

+7-1
Original file line numberDiff line numberDiff line change
@@ -1237,7 +1237,13 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image,
12371237
l_current_pi = l_pi;
12381238

12391239
/* memory allocation for include */
1240-
l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
1240+
/* prevent an integer overflow issue */
1241+
l_current_pi->include = 00;
1242+
if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
1243+
{
1244+
l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
1245+
}
1246+
12411247
if
12421248
(!l_current_pi->include)
12431249
{

0 commit comments

Comments
 (0)