diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2017-07-06 01:05:24 +0200 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2017-08-07 18:32:49 +0200 |
| commit | 61fb5dd7f81c2e3dfabbb99f59dc89572d59fa37 (patch) | |
| tree | 38e7107022e8c7ada17efb120cb4f836d7e5cab1 /src/lib/openjp2/j2k.c | |
| parent | 793edc38e41700e9b4cda4b7f9c79aba95b8d989 (diff) | |
Fix crash on Windows due to b7594c0fcb9dd3aa6356d72c4a525d76168da689
b7594c0fcb9dd3aa6356d72c4a525d76168da689 may put opj_tcd_tilecomp_t->data
allocated by opj_alloc_tile_component_data() as the image->comps[].data. As
opj_alloc_tile_component_data() use opj_aligned_malloc() we must be sure to
ue opj_alined_malloc()/_free() in all places where we alloc/free
image->comps[].data.
Note: this might have some compatibility impact in case user code does itself
the allocation/free of image->comps[].data
Diffstat (limited to 'src/lib/openjp2/j2k.c')
| -rw-r--r-- | src/lib/openjp2/j2k.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index b665924d..afbcc9c5 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -8798,15 +8798,18 @@ static OPJ_BOOL opj_j2k_update_image_data(opj_tcd_t * p_tcd, OPJ_BYTE * p_data, OPJ_SIZE_T l_width = l_img_comp_dest->w; OPJ_SIZE_T l_height = l_img_comp_dest->h; - if ((l_height == 0U) || (l_width > (SIZE_MAX / l_height))) { + if ((l_height == 0U) || (l_width > (SIZE_MAX / l_height)) || + l_width * l_height > SIZE_MAX / sizeof(OPJ_INT32)) { /* would overflow */ return OPJ_FALSE; } - l_img_comp_dest->data = (OPJ_INT32*) opj_calloc(l_width * l_height, + l_img_comp_dest->data = (OPJ_INT32*) opj_aligned_malloc(l_width * l_height * sizeof(OPJ_INT32)); if (! l_img_comp_dest->data) { return OPJ_FALSE; } + /* Do we really need this memset ? */ + memset(l_img_comp_dest->data, 0, l_width * l_height * sizeof(OPJ_INT32)); } /* Copy info from decoded comp image to output image */ @@ -10416,7 +10419,7 @@ static OPJ_BOOL opj_j2k_decode_tiles(opj_j2k_t *p_j2k, /* Transfer TCD data to output image data */ for (i = 0; i < p_j2k->m_output_image->numcomps; i++) { - opj_free(p_j2k->m_output_image->comps[i].data); + opj_aligned_free(p_j2k->m_output_image->comps[i].data); p_j2k->m_output_image->comps[i].data = p_j2k->m_tcd->tcd_image->tiles->comps[i].data; p_j2k->m_output_image->comps[i].resno_decoded = @@ -10821,7 +10824,7 @@ OPJ_BOOL opj_j2k_get_tile(opj_j2k_t *p_j2k, p_j2k->m_output_image->comps[compno].resno_decoded; if (p_image->comps[compno].data) { - opj_free(p_image->comps[compno].data); + opj_aligned_free(p_image->comps[compno].data); } p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; |