[trunk] fixed a buffer overflow in opj_tcd_init_decode_tile

[openjpeg.git] / src / lib / openjp2 / bio.c

diff --git a/src/lib/openjp2/bio.c b/src/lib/openjp2/bio.c
index f4694069fba4e13991b0239f6ff738c56b771dc4..3ce649275394ec51f679d66838a4b513acccaf6c 100644 (file)
--- a/src/lib/openjp2/bio.c
+++ b/src/lib/openjp2/bio.c
@@ -1,9 +1,15 @@
 /*
- * Copyright (c) 2002-2007, Communications and Remote Sensing Laboratory, Universite catholique de Louvain (UCL), Belgium
- * Copyright (c) 2002-2007, Professor Benoit Macq
+ * The copyright in this software is being made available under the 2-clauses 
+ * BSD License, included below. This software may be subject to other third 
+ * party and contributor rights, including patent rights, and no such rights
+ * are granted under this license.
+ *
+ * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium
+ * Copyright (c) 2002-2014, Professor Benoit Macq
  * Copyright (c) 2001-2003, David Janssens
  * Copyright (c) 2002-2003, Yannick Verschueren
- * Copyright (c) 2003-2007, Francois-Olivier Devaux and Antonin Descampe
+ * Copyright (c) 2003-2007, Francois-Olivier Devaux 
+ * Copyright (c) 2003-2014, Antonin Descampe
  * Copyright (c) 2005, Herve Drolon, FreeImage Team
  * All rights reserved.
  *
@@ -54,13 +60,13 @@ Write a byte
 @param bio BIO handle
 @return Returns OPJ_TRUE if successful, returns OPJ_FALSE otherwise
 */
-static opj_bool opj_bio_byteout(opj_bio_t *bio);
+static OPJ_BOOL opj_bio_byteout(opj_bio_t *bio);
 /**
 Read a byte
 @param bio BIO handle
 @return Returns OPJ_TRUE if successful, returns OPJ_FALSE otherwise
 */
-static opj_bool opj_bio_bytein(opj_bio_t *bio);
+static OPJ_BOOL opj_bio_bytein(opj_bio_t *bio);
 
 /*@}*/
 
@@ -72,20 +78,20 @@ static opj_bool opj_bio_bytein(opj_bio_t *bio);
 ==========================================================
 */
 
-opj_bool opj_bio_byteout(opj_bio_t *bio) {
+OPJ_BOOL opj_bio_byteout(opj_bio_t *bio) {
        bio->buf = (bio->buf << 8) & 0xffff;
        bio->ct = bio->buf == 0xff00 ? 7 : 8;
-       if (bio->bp >= bio->end) {
+       if ((OPJ_SIZE_T)bio->bp >= (OPJ_SIZE_T)bio->end) {
                return OPJ_FALSE;
        }
        *bio->bp++ = (OPJ_BYTE)(bio->buf >> 8);
        return OPJ_TRUE;
 }
 
-opj_bool opj_bio_bytein(opj_bio_t *bio) {
+OPJ_BOOL opj_bio_bytein(opj_bio_t *bio) {
        bio->buf = (bio->buf << 8) & 0xffff;
        bio->ct = bio->buf == 0xff00 ? 7 : 8;
-       if (bio->bp >= bio->end) {
+       if ((OPJ_SIZE_T)bio->bp >= (OPJ_SIZE_T)bio->end) {
                return OPJ_FALSE;
        }
        bio->buf |= *bio->bp++;
@@ -146,29 +152,27 @@ void opj_bio_init_dec(opj_bio_t *bio, OPJ_BYTE *bp, OPJ_UINT32 len) {
 }
 
 void opj_bio_write(opj_bio_t *bio, OPJ_UINT32 v, OPJ_UINT32 n) {
-       OPJ_INT32 i;
-       for (i = n - 1; i >= 0; i--) {
+       OPJ_UINT32 i;
+       for (i = n - 1; i < n; i--) {
                opj_bio_putbit(bio, (v >> i) & 1);
        }
 }
 
 OPJ_UINT32 opj_bio_read(opj_bio_t *bio, OPJ_UINT32 n) {
-       OPJ_INT32 i;
+       OPJ_UINT32 i;
     OPJ_UINT32 v;
        v = 0;
-       for (i = n - 1; i >= 0; i--) {
+       for (i = n - 1; i < n; i--) {
                v += opj_bio_getbit(bio) << i;
        }
        return v;
 }
 
-opj_bool opj_bio_flush(opj_bio_t *bio) {
-       bio->ct = 0;
+OPJ_BOOL opj_bio_flush(opj_bio_t *bio) {
        if (! opj_bio_byteout(bio)) {
                return OPJ_FALSE;
        }
        if (bio->ct == 7) {
-               bio->ct = 0;
                if (! opj_bio_byteout(bio)) {
                        return OPJ_FALSE;
                }
@@ -176,13 +180,12 @@ opj_bool opj_bio_flush(opj_bio_t *bio) {
        return OPJ_TRUE;
 }
 
-opj_bool opj_bio_inalign(opj_bio_t *bio) {
-       bio->ct = 0;
+OPJ_BOOL opj_bio_inalign(opj_bio_t *bio) {
        if ((bio->buf & 0xff) == 0xff) {
                if (! opj_bio_bytein(bio)) {
                        return OPJ_FALSE;
                }
-               bio->ct = 0;
        }
+       bio->ct = 0;
        return OPJ_TRUE;
 }