|
 |
83be9e |
From 1f0dfe5a42911b6880a1445f13f6d615ddb55387 Mon Sep 17 00:00:00 2001
|
|
|
83be9e |
From: Michael Adams <mdadams@ece.uvic.ca>
|
|
|
83be9e |
Date: Fri, 4 Nov 2016 07:20:23 -0700
|
|
|
83be9e |
Subject: [PATCH] Fixed an integer overflow problem in the JPC codec that later
|
|
|
83be9e |
resulted in the use of uninitialized data.
|
|
|
83be9e |
|
|
|
83be9e |
---
|
|
|
83be9e |
src/libjasper/jpc/jpc_t2cod.c | 20 ++++++++++----------
|
|
|
83be9e |
src/libjasper/jpc/jpc_t2cod.h | 20 ++++++++++----------
|
|
|
83be9e |
2 files changed, 20 insertions(+), 20 deletions(-)
|
|
|
83be9e |
|
|
|
83be9e |
diff --git a/src/libjasper/jpc/jpc_t2cod.c b/src/libjasper/jpc/jpc_t2cod.c
|
|
|
83be9e |
index 08315dd..174442a 100644
|
|
|
83be9e |
--- a/src/libjasper/jpc/jpc_t2cod.c
|
|
|
83be9e |
+++ b/src/libjasper/jpc/jpc_t2cod.c
|
|
|
83be9e |
@@ -432,18 +432,18 @@ static int jpc_pi_nextcprl(register jpc_pi_t *pi)
|
|
|
83be9e |
&pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
|
|
|
83be9e |
++pi->picomp) {
|
|
|
83be9e |
pirlvl = pi->picomp->pirlvls;
|
|
|
83be9e |
- pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
|
|
|
83be9e |
- pi->picomp->numrlvls - 1));
|
|
|
83be9e |
- pi->ystep = pi->picomp->vsamp * (1 << (pirlvl->prcheightexpn +
|
|
|
83be9e |
- pi->picomp->numrlvls - 1));
|
|
|
83be9e |
+ pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) <<
|
|
|
83be9e |
+ (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1));
|
|
|
83be9e |
+ pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) <<
|
|
|
83be9e |
+ (pirlvl->prcheightexpn + pi->picomp->numrlvls - 1));
|
|
|
83be9e |
for (rlvlno = 1, pirlvl = &pi->picomp->pirlvls[1];
|
|
|
83be9e |
rlvlno < pi->picomp->numrlvls; ++rlvlno, ++pirlvl) {
|
|
|
83be9e |
- pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * (1 <<
|
|
|
83be9e |
- (pirlvl->prcwidthexpn + pi->picomp->numrlvls -
|
|
|
83be9e |
- rlvlno - 1)));
|
|
|
83be9e |
- pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * (1 <<
|
|
|
83be9e |
- (pirlvl->prcheightexpn + pi->picomp->numrlvls -
|
|
|
83be9e |
- rlvlno - 1)));
|
|
|
83be9e |
+ pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp *
|
|
|
83be9e |
+ (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn +
|
|
|
83be9e |
+ pi->picomp->numrlvls - rlvlno - 1)));
|
|
|
83be9e |
+ pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp *
|
|
|
83be9e |
+ (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn +
|
|
|
83be9e |
+ pi->picomp->numrlvls - rlvlno - 1)));
|
|
|
83be9e |
}
|
|
|
83be9e |
for (pi->y = pi->ystart; pi->y < pi->yend;
|
|
|
83be9e |
pi->y += pi->ystep - (pi->y % pi->ystep)) {
|
|
|
83be9e |
diff --git a/src/libjasper/jpc/jpc_t2cod.h b/src/libjasper/jpc/jpc_t2cod.h
|
|
|
83be9e |
index 0a176c9..690e031 100644
|
|
|
83be9e |
--- a/src/libjasper/jpc/jpc_t2cod.h
|
|
|
83be9e |
+++ b/src/libjasper/jpc/jpc_t2cod.h
|
|
|
83be9e |
@@ -129,10 +129,10 @@ typedef struct {
|
|
|
83be9e |
jpc_pirlvl_t *pirlvls;
|
|
|
83be9e |
|
|
|
83be9e |
/* The horizontal sampling period. */
|
|
|
83be9e |
- int hsamp;
|
|
|
83be9e |
+ uint_fast32_t hsamp;
|
|
|
83be9e |
|
|
|
83be9e |
/* The vertical sampling period. */
|
|
|
83be9e |
- int vsamp;
|
|
|
83be9e |
+ uint_fast32_t vsamp;
|
|
|
83be9e |
|
|
|
83be9e |
} jpc_picomp_t;
|
|
|
83be9e |
|
|
|
83be9e |
@@ -171,32 +171,32 @@ typedef struct {
|
|
|
83be9e |
int lyrno;
|
|
|
83be9e |
|
|
|
83be9e |
/* The x-coordinate of the current position. */
|
|
|
83be9e |
- int x;
|
|
|
83be9e |
+ uint_fast32_t x;
|
|
|
83be9e |
|
|
|
83be9e |
/* The y-coordinate of the current position. */
|
|
|
83be9e |
- int y;
|
|
|
83be9e |
+ uint_fast32_t y;
|
|
|
83be9e |
|
|
|
83be9e |
/* The horizontal step size. */
|
|
|
83be9e |
- int xstep;
|
|
|
83be9e |
+ uint_fast32_t xstep;
|
|
|
83be9e |
|
|
|
83be9e |
/* The vertical step size. */
|
|
|
83be9e |
- int ystep;
|
|
|
83be9e |
+ uint_fast32_t ystep;
|
|
|
83be9e |
|
|
|
83be9e |
/* The x-coordinate of the top-left corner of the tile on the reference
|
|
|
83be9e |
grid. */
|
|
|
83be9e |
- int xstart;
|
|
|
83be9e |
+ uint_fast32_t xstart;
|
|
|
83be9e |
|
|
|
83be9e |
/* The y-coordinate of the top-left corner of the tile on the reference
|
|
|
83be9e |
grid. */
|
|
|
83be9e |
- int ystart;
|
|
|
83be9e |
+ uint_fast32_t ystart;
|
|
|
83be9e |
|
|
|
83be9e |
/* The x-coordinate of the bottom-right corner of the tile on the
|
|
|
83be9e |
reference grid (plus one). */
|
|
|
83be9e |
- int xend;
|
|
|
83be9e |
+ uint_fast32_t xend;
|
|
|
83be9e |
|
|
|
83be9e |
/* The y-coordinate of the bottom-right corner of the tile on the
|
|
|
83be9e |
reference grid (plus one). */
|
|
|
83be9e |
- int yend;
|
|
|
83be9e |
+ uint_fast32_t yend;
|
|
|
83be9e |
|
|
|
83be9e |
/* The current progression change. */
|
|
|
83be9e |
jpc_pchg_t *pchg;
|