Skip to content
Permalink
Browse files Browse the repository at this point in the history
Cast to size_t before multiplication
Need to cast to size_t before multiplication otherwise overflow check is useless.
  • Loading branch information
mayeut committed Sep 8, 2016
1 parent e078172 commit ef01f18
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/lib/openjp2/pi.c
Expand Up @@ -1241,7 +1241,7 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image,
l_current_pi->include = 00;
if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
{
l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
l_current_pi->include = (OPJ_INT16*) opj_calloc((size_t)(l_tcp->numlayers + 1U) * l_step_l, sizeof(OPJ_INT16));

This comment has been minimized.

Copy link
@stweil

stweil Sep 8, 2016

Contributor

I'd cast l_tcp->numlayers instead of the result of the addition. Otherwise the addition could overflow (resulting in 0). I admit that the chances that this will happen are very low. Or do we know that l_tcp->numlayers can never reach UINT32_MAX?

This comment has been minimized.

Copy link
@mayeut

mayeut Sep 8, 2016

Author Collaborator

The latter. It might need a comment in source code to clarify that information though: https://github.com/uclouvain/openjpeg/blob/master/src/lib/openjp2/j2k.c#L2546
If this wasn't the case we would need an overflow check on the addition as well because on x86, SIZE_MAX == UINT32_MAX

}

if
Expand Down

0 comments on commit ef01f18

Please sign in to comment.