opj_compress/opj_uncompress: fix integer overflow in num_images (#1395)

author Brad Parham <baparham@gmail.com>

Wed, 12 Jan 2022 12:46:10 +0000 (13:46 +0100)

committer GitHub <noreply@github.com>

Wed, 12 Jan 2022 12:46:10 +0000 (13:46 +0100)
author Brad Parham <baparham@gmail.com>
Wed, 12 Jan 2022 12:46:10 +0000 (13:46 +0100)
committer GitHub <noreply@github.com>
Wed, 12 Jan 2022 12:46:10 +0000 (13:46 +0100)
diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c

index 8c71d45367d64b714f2b84e16d6c3d9ccf37fc19..1399d52771e31bee96de2de27b20e94ec82b0309 100644 (file)
--- a/src/bin/jp2/opj_compress.c
+++ b/src/bin/jp2/opj_compress.c
@@ -1959,9 +1959,9 @@ int main(int argc, char **argv)
          num_images = get_num_images(img_fol.imgdirpath);
          dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
          if (dirptr) {
-            dirptr->filename_buf = (char*)malloc(num_images * OPJ_PATH_LEN * sizeof(
+            dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(
                      char)); /* Stores at max 10 image file names*/
-            dirptr->filename = (char**) malloc(num_images * sizeof(char*));
+            dirptr->filename = (char**) calloc(num_images, sizeof(char*));
              if (!dirptr->filename_buf) {
                  ret = 0;
                  goto fin;
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c

index fc0012b6367497e4d7eac4470c1be87d844dbe69..e1217f8913a0145f383daf4e48c63fcda64d9b3d 100644 (file)
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -1374,14 +1374,13 @@ int main(int argc, char **argv)
              return EXIT_FAILURE;
          }
          /* Stores at max 10 image file names */
-        dirptr->filename_buf = (char*)malloc(sizeof(char) *
-                                             (size_t)num_images * OPJ_PATH_LEN);
+        dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN);
          if (!dirptr->filename_buf) {
              failed = 1;
              goto fin;
          }
  
-        dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
+        dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
  
          if (!dirptr->filename) {
              failed = 1;
diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c

index 6111d2ab6749d814cc8124e011fb3570475df6b4..d2646f10e1a54d730e9dd7612abcdb4ed2fe63bf 100644 (file)
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -515,13 +515,14 @@ int main(int argc, char *argv[])
          if (!dirptr) {
              return EXIT_FAILURE;
          }
-        dirptr->filename_buf = (char*)malloc((size_t)num_images * OPJ_PATH_LEN * sizeof(
-                char)); /* Stores at max 10 image file names*/
+        /* Stores at max 10 image file names*/
+        dirptr->filename_buf = (char*) calloc((size_t) num_images,
+                                              OPJ_PATH_LEN * sizeof(char));
          if (!dirptr->filename_buf) {
              free(dirptr);
              return EXIT_FAILURE;
          }
-        dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
+        dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
  
          if (!dirptr->filename) {
              goto fails;
author	Brad Parham <baparham@gmail.com>
	Wed, 12 Jan 2022 12:46:10 +0000 (13:46 +0100)
committer	GitHub <noreply@github.com>
	Wed, 12 Jan 2022 12:46:10 +0000 (13:46 +0100)
src/bin/jp2/opj_compress.c		patch \| blob \| history
src/bin/jp2/opj_decompress.c		patch \| blob \| history
src/bin/jp2/opj_dump.c		patch \| blob \| history