diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2017-09-01 16:30:32 +0200 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2017-09-01 16:30:32 +0200 |
| commit | eee5104a8885227167a349b6dabdb1f72a04d9d0 (patch) | |
| tree | dd7c8bcf5824be63de6d599681a01c541ab95f52 /src/lib | |
| parent | f9e9942330f476b66ac4a35d0ae521200878f343 (diff) | |
opj_dwt_decode_partial_tile(): avoid undefined behaviour in lifting operation by properly initializing working buffer
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/openjp2/dwt.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c index b32508db..047981d6 100644 --- a/src/lib/openjp2/dwt.c +++ b/src/lib/openjp2/dwt.c @@ -1858,6 +1858,19 @@ static OPJ_BOOL opj_dwt_decode_partial_tile( for (j = 0; j < rh; ++j) { if ((j >= win_ll_y0 && j < win_ll_y1) || (j >= win_lh_y0 + (OPJ_UINT32)v.sn && j < win_lh_y1 + (OPJ_UINT32)v.sn)) { + + /* Avoids dwt.c:1584:44 (in opj_dwt_decode_partial_1): runtime error: */ + /* signed integer overflow: -1094795586 + -1094795586 cannot be represented in type 'int' */ + /* on opj_decompress -i ../../openjpeg/MAPA.jp2 -o out.tif -d 0,0,256,256 */ + /* This is less extreme than memsetting the whole buffer to 0 */ + /* although we could potentially do better with better handling of edge conditions */ + if (win_tr_x1 >= 1 && win_tr_x1 < rw) { + h.mem[win_tr_x1 - 1] = 0; + } + if (win_tr_x1 < rw) { + h.mem[win_tr_x1] = 0; + } + opj_dwt_interleave_partial_h(h.mem, h.cas, sa, |