opj_compress/opj_uncompress: fix integer overflow in num_images (#1395)

Includes the fix for CVE-2021-29338 Credit to @kaniini based on #1346 Fixes #1338
author: Brad Parham <baparham@gmail.com> 2022-01-12 13:46:10 +0100
committer: GitHub <noreply@github.com> 2022-01-12 13:46:10 +0100
commit: 79c7d7af598b778c3cdcb455df23d50efc95eb3c (patch)
tree: 0be607d5433ddef5beba984999463fa54fadc6e5 /src/bin/jp2/opj_decompress.c
parent: fe2fa707161b2025ef82c325b9110c08bd0e812e (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index fc0012b6..e1217f89 100644
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -1374,14 +1374,13 @@ int main(int argc, char **argv)
             return EXIT_FAILURE;
         }
         /* Stores at max 10 image file names */
-        dirptr->filename_buf = (char*)malloc(sizeof(char) *
-                                             (size_t)num_images * OPJ_PATH_LEN);
+        dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN);
         if (!dirptr->filename_buf) {
             failed = 1;
             goto fin;
         }
 
-        dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
+        dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
 
         if (!dirptr->filename) {
             failed = 1;
author	Brad Parham <baparham@gmail.com>	2022-01-12 13:46:10 +0100
committer	GitHub <noreply@github.com>	2022-01-12 13:46:10 +0100
commit	79c7d7af598b778c3cdcb455df23d50efc95eb3c (patch)
tree	0be607d5433ddef5beba984999463fa54fadc6e5 /src/bin/jp2/opj_decompress.c
parent	fe2fa707161b2025ef82c325b9110c08bd0e812e (diff)