third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch - Issue 2270343002: openjpeg: Prevent an integer overflow in opj_jp2_apply_pclr.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch

Issue 2270343002: openjpeg: Prevent an integer overflow in opj_jp2_apply_pclr. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Original patch. Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 diff --git a/third_party/libopenjpeg20/jp2.c b/third_party/libopenjpeg20/jp2.c

	2 index a6648f6..220fb30 100644

	3 --- a/third_party/libopenjpeg20/jp2.c

	4 +++ b/third_party/libopenjpeg20/jp2.c

	5 @@ -972,6 +972,14 @@ static void opj_jp2_apply_pclr(opj_image_t image, opj_jp2_ color_t color)

	6 nr_channels = color->jp2_pclr->nr_channels;

	7

	8 old_comps = image->comps;

	9 + /* Overflow check: prevent integer overflow */

	10 + for (i = 0; i < nr_channels; ++i) {

	11 + cmp = cmap[i].cmp;

	12 + if (old_comps[cmp].h == 0 \|\| old_comps[cmp].w > UINT_MAX / sizeof(OPJ_I NT32) / old_comps[cmp].h) {

	13 + return;

	14 + }

	15 + }

	16 +

	17 new_comps = (opj_image_comp_t*)

	18 opj_malloc(nr_channels * sizeof(opj_image_comp_t));

	19 if (!new_comps) {

	20 @@ -1011,22 +1019,30 @@ static void opj_jp2_apply_pclr(opj_image_t image, opj_j p2_color_t color)

	21 /* Palette mapping: */

	22 cmp = cmap[i].cmp; pcol = cmap[i].pcol;

	23 src = old_comps[cmp].data;

	24 - assert( src );

	25 + dst = new_comps[i].data;

	26 max = new_comps[i].w * new_comps[i].h;

	27

	28 + /* Prevent null pointer access */

	29 + if (!src \|\| !dst) {

	30 + for (j = 0; j < nr_channels; ++j) {

	31 + if (new_comps[j].data) {

	32 + opj_free(new_comps[j].data);

	33 + }

	34 + }

	35 + opj_free(new_comps);

	36 + new_comps = NULL;

	37 + return;

	38 + }

	39 +

	40 /* Direct use: */

	41 if(cmap[i].mtyp == 0) {

	42 assert( cmp == 0 ); // probably wrong.

	43 - dst = new_comps[i].data;

	44 - assert( dst );

	45 for(j = 0; j < max; ++j) {

	46 dst[j] = src[j];

	47 }

	48 }

	49 else {

	50 assert( i == pcol ); // probably wrong?

	51 - dst = new_comps[i].data;

	52 - assert( dst );

	53 for(j = 0; j < max; ++j) {

	54 /* The index */

	55 if((k = src[j]) < 0) k = 0; else if(k > top_k) k = top_k;

OLD	NEW

« no previous file with comments | « no previous file | third_party/libopenjpeg20/README.pdfium » ('j') | third_party/libopenjpeg20/jp2.c » ('J')