projects
/
openjpeg.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ca74961
)
opj_t1_encode_cblk(): avoid undefined behaviour on fuzzed input (fixes #1432)
1433/head
author
Even Rouault
<even.rouault@spatialys.com>
Wed, 29 Jun 2022 09:47:58 +0000
(11:47 +0200)
committer
Even Rouault
<even.rouault@spatialys.com>
Wed, 29 Jun 2022 09:47:58 +0000
(11:47 +0200)
src/lib/openjp2/t1.c
patch
|
blob
|
history
diff --git
a/src/lib/openjp2/t1.c
b/src/lib/openjp2/t1.c
index f5fd233917d2e01790efb4cb9fa42dc09677fe29..c8c1c0e1ad9584973c1d9f43675d8a5bab3ede4a 100644
(file)
--- a/
src/lib/openjp2/t1.c
+++ b/
src/lib/openjp2/t1.c
@@
-2443,6
+2443,13
@@
static OPJ_FLOAT64 opj_t1_encode_cblk(opj_t1_t *t1,
OPJ_INT32 tmp = *datap;
if (tmp < 0) {
OPJ_UINT32 tmp_unsigned;
+ if (tmp == INT_MIN) {
+ /* To avoid undefined behaviour when negating INT_MIN */
+ /* but if we go here, it means we have supplied an input */
+ /* with more bit depth than we we can really support. */
+ /* Cf https://github.com/uclouvain/openjpeg/issues/1432 */
+ tmp = INT_MIN + 1;
+ }
max = opj_int_max(max, -tmp);
tmp_unsigned = opj_to_smr(tmp);
memcpy(datap, &tmp_unsigned, sizeof(OPJ_INT32));