Avoid overflow in multiplications in utilities related to big number of files in a directory (CVE-2021-29338) (#1396)

author: Eharve14 <71228603+Eharve14@users.noreply.github.com> 2022-01-13 15:05:52 -0500
committer: GitHub <noreply@github.com> 2022-01-13 21:05:52 +0100
commit: 1daaa0b909aebdf71be36238d16dfbec83c494ed (patch)
tree: 09ea40a045010a8ad9bb4b563e020102004df01d /src
parent: 79c7d7af598b778c3cdcb455df23d50efc95eb3c (diff)
3 files changed, 5 insertions, 5 deletions
diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c
index 1399d527..646f1375 100644
--- a/src/bin/jp2/opj_compress.c
+++ b/src/bin/jp2/opj_compress.c
@@ -1967,7 +1967,7 @@ int main(int argc, char **argv)
                 goto fin;
             }
             for (i = 0; i < num_images; i++) {
-                dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN;
+                dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN;
             }
         }
         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index e1217f89..0d3021cd 100644
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -1367,7 +1367,6 @@ int main(int argc, char **argv)
     if (img_fol.set_imgdir == 1) {
         int it_image;
         num_images = get_num_images(img_fol.imgdirpath);
-
         dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
         if (!dirptr) {
             destroy_parameters(&parameters);
@@ -1387,7 +1386,8 @@ int main(int argc, char **argv)
             goto fin;
         }
         for (it_image = 0; it_image < num_images; it_image++) {
-            dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
+            dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
+                                         OPJ_PATH_LEN;
         }
 
         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
index d2646f10..46b976a9 100644
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -529,13 +529,13 @@ int main(int argc, char *argv[])
         }
 
         for (it_image = 0; it_image < num_images; it_image++) {
-            dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
+            dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
+                                         OPJ_PATH_LEN;
         }
 
         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
             goto fails;
         }
-
         if (num_images == 0) {
             fprintf(stdout, "Folder is empty\n");
             goto fails;
author	Eharve14 <71228603+Eharve14@users.noreply.github.com>	2022-01-13 15:05:52 -0500
committer	GitHub <noreply@github.com>	2022-01-13 21:05:52 +0100
commit	1daaa0b909aebdf71be36238d16dfbec83c494ed (patch)
tree	09ea40a045010a8ad9bb4b563e020102004df01d /src
parent	79c7d7af598b778c3cdcb455df23d50efc95eb3c (diff)