Fix an integer overflow issue (#809)

Prevent an integer overflow issue in function opj_pi_create_decode of
pi.c.

diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c
index cffad6684f0fc1f7521461c15c5135c19fb57bc6..36e2ff0cfcda001bbef53e097517ca417386f321 100644 (file)
--- a/src/lib/openjp2/pi.c
+++ b/src/lib/openjp2/pi.c
@@ -1237,7 +1237,13 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image,
        l_current_pi = l_pi;
 
        /* memory allocation for include */
-       l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
+       /* prevent an integer overflow issue */
+       l_current_pi->include = 00;
+       if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
+       {
+               l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
+       }
+
        if
                (!l_current_pi->include)
        {