Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix multiple potential vulnerabilities and bugs #1168

Merged
merged 8 commits into from Dec 7, 2018
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in…
… function

opj_get_encoding_parameters

Signed-off-by: Young_X <YangX92@hotmail.com>
  • Loading branch information
Yoha-test committed Nov 28, 2018
commit c58df149900df862806d0e892859b41115875845
19 changes: 11 additions & 8 deletions src/lib/openjp2/pi.c
Expand Up @@ -748,6 +748,9 @@ static void opj_get_encoding_parameters(const opj_image_t *p_image,
/* position in x and y of tile */
OPJ_UINT32 p, q;

/* non-corrected (in regard to image offset) tile offset */
OPJ_UINT32 l_tx0, l_ty0;

/* preconditions */
assert(p_cp != 00);
assert(p_image != 00);
Expand All @@ -763,14 +766,14 @@ static void opj_get_encoding_parameters(const opj_image_t *p_image,
q = p_tileno / p_cp->tw;

/* find extent of tile */
*p_tx0 = opj_int_max((OPJ_INT32)(p_cp->tx0 + p * p_cp->tdx),
(OPJ_INT32)p_image->x0);
*p_tx1 = opj_int_min((OPJ_INT32)(p_cp->tx0 + (p + 1) * p_cp->tdx),
(OPJ_INT32)p_image->x1);
*p_ty0 = opj_int_max((OPJ_INT32)(p_cp->ty0 + q * p_cp->tdy),
(OPJ_INT32)p_image->y0);
*p_ty1 = opj_int_min((OPJ_INT32)(p_cp->ty0 + (q + 1) * p_cp->tdy),
(OPJ_INT32)p_image->y1);
l_tx0 = p_cp->tx0 + p *
p_cp->tdx; /* can't be greater than p_image->x1 so won't overflow */
*p_tx0 = (OPJ_INT32)opj_uint_max(l_tx0, p_image->x0);
*p_tx1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_tx0, p_cp->tdx), p_image->x1);
l_ty0 = p_cp->ty0 + q *
p_cp->tdy; /* can't be greater than p_image->y1 so won't overflow */
*p_ty0 = (OPJ_INT32)opj_uint_max(l_ty0, p_image->y0);
*p_ty1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_ty0, p_cp->tdy), p_image->y1);

/* max precision is 0 (can only grow) */
*p_max_prec = 0;
Expand Down