diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2019-11-17 01:18:26 +0100 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2019-11-17 01:18:26 +0100 |
| commit | 4cb1f663049aab96e122d1ff16f601d0cc0be976 (patch) | |
| tree | 613301fcf6c159089f8e173103fbde162e5a66b8 /src/lib/openjp2/pi.h | |
| parent | 5875a6b44618fb7dfd5cd6d742533eaee2014060 (diff) | |
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
Diffstat (limited to 'src/lib/openjp2/pi.h')
| -rw-r--r-- | src/lib/openjp2/pi.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/openjp2/pi.h b/src/lib/openjp2/pi.h index 8c0dc25c..87380208 100644 --- a/src/lib/openjp2/pi.h +++ b/src/lib/openjp2/pi.h @@ -102,9 +102,9 @@ typedef struct opj_pi_iterator { /** Components*/ opj_pi_comp_t *comps; /** FIXME DOC*/ - OPJ_INT32 tx0, ty0, tx1, ty1; + OPJ_UINT32 tx0, ty0, tx1, ty1; /** FIXME DOC*/ - OPJ_INT32 x, y; + OPJ_UINT32 x, y; /** FIXME DOC*/ OPJ_UINT32 dx, dy; } opj_pi_iterator_t; |
