Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper usage of opj_int_ceildiv can cause overflows #889

Closed
npm1 opened this issue Jan 24, 2017 · 2 comments
Closed

Improper usage of opj_int_ceildiv can cause overflows #889

npm1 opened this issue Jan 24, 2017 · 2 comments
Labels
bug

Comments

@npm1
Copy link

npm1 commented Jan 24, 2017

In j2k.c, there are places where the uint version should be used instead of using the int version while casting the parameters to int and casting back the result to uint. For example:
l_cp->tw = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(l_image->x1 - l_cp->tx0), (OPJ_INT32)l_cp->tdx);
should be
l_cp->tw = opj_uint_ceildiv(l_image->x1 - l_cp->tx0, l_cp->tdx);

This will prevent certain overflows because some of these values are read from file, and if they are big, the sum will overflow. See suggested fixes at:
https://pdfium-review.googlesource.com/c/2352/
@npm1
Copy link
Author

npm1 commented Mar 7, 2017
edited
Loading

So, does anyone know why if a, b, c are OPJ_UINT32, we try doing something like:
a = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)b, (OPJ_INT32)c);?
I think it is reasonable to change that to:
a = opj_uint_ceildiv(b, c);

@rouault
Copy link
Collaborator

rouault commented Jul 29, 2017

I believe this was fixed per d6654d9

@rouault rouault closed this as completed Jul 29, 2017
@detonin detonin added the bug label Aug 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@detonin @rouault @npm1