summaryrefslogtreecommitdiff
path: root/src/lib/openjp2/t2.c
diff options
context:
space:
mode:
authorAntonin Descampe <antonin@gmail.com>2014-09-19 10:26:35 +0000
committerAntonin Descampe <antonin@gmail.com>2014-09-19 10:26:35 +0000
commit6868ee373ecc69ac472b6d61decc4741723c1540 (patch)
tree5fa382777fc9b16d79b4106858b6402d32790f6f /src/lib/openjp2/t2.c
parentb9a247b559e62e55f5561624cf4a19aee3c8afdc (diff)
added memory allocation checks (fixes issue 355)
Diffstat (limited to 'src/lib/openjp2/t2.c')
-rw-r--r--src/lib/openjp2/t2.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
index fbbe4e86..ec603dc4 100644
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -598,6 +598,10 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno,
}
bio = opj_bio_create();
+ if (!bio) {
+ /* FIXME event manager error callback */
+ return OPJ_FALSE;
+ }
opj_bio_init_enc(bio, c, length);
opj_bio_write(bio, 1, 1); /* Empty header bit */
@@ -1128,7 +1132,8 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2,
}
do {
- if (l_current_data + l_seg->newlen > p_src_data + p_max_length) {
+ /* Check possible overflow (on l_current_data only, assumes input args already checked) then size */
+ if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
return OPJ_FALSE;
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-22 21:14:34 +0000