diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2022-06-29 11:47:58 +0200 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2022-06-29 11:47:58 +0200 |
| commit | dd1a2d6480a4584896fda2f0072a723c572f2f29 (patch) | |
| tree | 871bced9b55993700cc2c65795180eb89e5304f2 /src | |
| parent | ca7496165649a826b9b11ab272acd4bdfe32f6ca (diff) | |
opj_t1_encode_cblk(): avoid undefined behaviour on fuzzed input (fixes #1432)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/openjp2/t1.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/openjp2/t1.c b/src/lib/openjp2/t1.c index f5fd2339..c8c1c0e1 100644 --- a/src/lib/openjp2/t1.c +++ b/src/lib/openjp2/t1.c @@ -2443,6 +2443,13 @@ static OPJ_FLOAT64 opj_t1_encode_cblk(opj_t1_t *t1, OPJ_INT32 tmp = *datap; if (tmp < 0) { OPJ_UINT32 tmp_unsigned; + if (tmp == INT_MIN) { + /* To avoid undefined behaviour when negating INT_MIN */ + /* but if we go here, it means we have supplied an input */ + /* with more bit depth than we we can really support. */ + /* Cf https://github.com/uclouvain/openjpeg/issues/1432 */ + tmp = INT_MIN + 1; + } max = opj_int_max(max, -tmp); tmp_unsigned = opj_to_smr(tmp); memcpy(datap, &tmp_unsigned, sizeof(OPJ_INT32)); |