if ((flags & ((T1_SIGMA_THIS | T1_PI_THIS) << (ci * 3U))) == 0U &&
(flags & (T1_SIGMA_NEIGHBOURS << (ci * 3U))) != 0U) {
OPJ_UINT32 ctxt1 = opj_t1_getctxno_zc(mqc, flags >> (ci * 3U));
- v = opj_int_abs(*datap) & one ? 1 : 0;
+ v = (opj_int_abs(*datap) & one) ? 1 : 0;
#ifdef DEBUG_ENC_SIG
fprintf(stderr, " ctxt1=%d\n", ctxt1);
#endif
OPJ_UINT32 ctxt = opj_t1_getctxno_mag(shift_flags);
*nmsedec += opj_t1_getnmsedec_ref((OPJ_UINT32)opj_int_abs(*datap),
(OPJ_UINT32)bpno);
- v = opj_int_abs(*datap) & one ? 1 : 0;
+ v = (opj_int_abs(*datap) & one) ? 1 : 0;
#ifdef DEBUG_ENC_REF
fprintf(stderr, " ctxt=%d\n", ctxt);
#endif
for (ci = runlen; ci < lim; ++ci) {
OPJ_UINT32 vsc;
opj_flag_t flags;
+ OPJ_UINT32 ctxt1;
flags = *flagsp;
}
if (!(flags & ((T1_SIGMA_THIS | T1_PI_THIS) << (ci * 3U)))) {
- OPJ_UINT32 ctxt1 = opj_t1_getctxno_zc(mqc, flags >> (ci * 3U));
+ ctxt1 = opj_t1_getctxno_zc(mqc, flags >> (ci * 3U));
#ifdef DEBUG_ENC_CLN
printf(" ctxt1=%d\n", ctxt1);
#endif
opj_mqc_setcurctx(mqc, ctxt1);
- v = opj_int_abs(*datap) & one ? 1 : 0;
+ v = (opj_int_abs(*datap) & one) ? 1 : 0;
opj_mqc_encode(mqc, v);
if (v) {
OPJ_UINT32 ctxt2, spb;
cblk_w = (OPJ_UINT32)(cblk->x1 - cblk->x0);
cblk_h = (OPJ_UINT32)(cblk->y1 - cblk->y0);
- cblk->decoded_data = opj_aligned_malloc(cblk_w * cblk_h * sizeof(OPJ_INT32));
+ cblk->decoded_data = (OPJ_INT32*)opj_aligned_malloc(sizeof(OPJ_INT32) *
+ cblk_w * cblk_h);
if (cblk->decoded_data == NULL) {
if (job->p_manager_mutex) {
opj_mutex_lock(job->p_manager_mutex);
return;
}
/* Zero-init required */
- memset(cblk->decoded_data, 0, cblk_w * cblk_h * sizeof(OPJ_INT32));
+ memset(cblk->decoded_data, 0, sizeof(OPJ_INT32) * cblk_w * cblk_h);
} else if (cblk->decoded_data) {
/* Not sure if that code path can happen, but better be */
/* safe than sorry */
t1 = (opj_t1_t*) opj_tls_get(tls, OPJ_TLS_KEY_T1);
if (t1 == NULL) {
t1 = opj_t1_create(OPJ_FALSE);
- opj_tls_set(tls, OPJ_TLS_KEY_T1, t1, opj_t1_destroy_wrapper);
+ if (t1 == NULL) {
+ opj_event_msg(job->p_manager, EVT_ERROR,
+ "Cannot allocate Tier 1 handle\n");
+ *(job->pret) = OPJ_FALSE;
+ opj_free(job);
+ return;
+ }
+ if (!opj_tls_set(tls, OPJ_TLS_KEY_T1, t1, opj_t1_destroy_wrapper)) {
+ opj_event_msg(job->p_manager, EVT_ERROR,
+ "Unable to set t1 handle as TLS\n");
+ opj_t1_destroy(t1);
+ *(job->pret) = OPJ_FALSE;
+ opj_free(job);
+ return;
+ }
}
t1->mustuse_cblkdatabuffer = job->mustuse_cblkdatabuffer;
}
} else if (cblk->numchunks == 1) {
cblkdata = cblk->chunks[0].data;
+ } else {
+ /* Not sure if that can happen in practice, but avoid Coverity to */
+ /* think we will dereference a null cblkdta pointer */
+ return OPJ_TRUE;
}
/* For subtile decoding, directly decode in the decoded_data buffer of */
t1->data = tiledp;
t1->data_stride = tile_w;
if (tccp->qmfbid == 1) {
+ /* Do multiplication on unsigned type, even if the
+ * underlying type is signed, to avoid potential
+ * int overflow on large value (the output will be
+ * incorrect in such situation, but whatever...)
+ * This assumes complement-to-2 signed integer
+ * representation
+ * Fixes https://github.com/uclouvain/openjpeg/issues/1053
+ */
+ OPJ_UINT32* OPJ_RESTRICT tiledp_u = (OPJ_UINT32*) tiledp;
for (j = 0; j < cblk_h; ++j) {
for (i = 0; i < cblk_w; ++i) {
- tiledp[tileIndex] *= (1 << T1_NMSEDEC_FRACBITS);
+ tiledp_u[tileIndex] <<= T1_NMSEDEC_FRACBITS;
tileIndex++;
}
tileIndex += tileLineAdvance;