Added check for integer overflow in get_num_images (#1397)

As discussed in pull request 1396, added a check for integer overflow.
Change list:
Defined num_images as unsigned int
Moved the if statement to check for an empty directory to the beginning of the read directory section
Added a check to see if num images would roll back to zero when incrementing.

diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c
index 646f137578614302bd91835149ea0622a138f062..2bbe5c4cf6904598ee695b378bb9d686ab9026ab 100644 (file)
--- a/src/bin/jp2/opj_compress.c
+++ b/src/bin/jp2/opj_compress.c
@@ -44,6 +44,7 @@
 #include <stdlib.h>
 #include <math.h>
 #include <assert.h>
+#include <limits.h>
 
 #ifdef _WIN32
 #include "windirent.h"
@@ -485,6 +486,11 @@ static unsigned int get_num_images(char *imgdirpath)
         if (strcmp(".", content->d_name) == 0 || strcmp("..", content->d_name) == 0) {
             continue;
         }
+        if (num_images == UINT_MAX) {
+            fprintf(stderr, "Too many files in folder %s\n", imgdirpath);
+            num_images = 0;
+            break;
+        }
         num_images++;
     }
     closedir(dir);
@@ -1957,6 +1963,11 @@ int main(int argc, char **argv)
     /* Read directory if necessary */
     if (img_fol.set_imgdir == 1) {
         num_images = get_num_images(img_fol.imgdirpath);
+        if (num_images == 0) {
+            fprintf(stdout, "Folder is empty\n");
+            ret = 0;
+            goto fin;
+        }
         dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
         if (dirptr) {
             dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(
@@ -1974,11 +1985,7 @@ int main(int argc, char **argv)
             ret = 0;
             goto fin;
         }
-        if (num_images == 0) {
-            fprintf(stdout, "Folder is empty\n");
-            ret = 0;
-            goto fin;
-        }
+
     } else {
         num_images = 1;
     }

diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index 0d3021cdf2a21da15aa42463c4570a5da9da61d2..8ac2d9c73845cea335457fe646b7cb3aab5e885b 100644 (file)
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -44,6 +44,7 @@
 #include <stdlib.h>
 #include <math.h>
 #include <time.h>
+#include <limits.h>
 
 #ifdef _WIN32
 #include "windirent.h"
@@ -160,7 +161,7 @@ typedef struct opj_decompress_params {
 
 /* -------------------------------------------------------------------------- */
 /* Declarations                                                               */
-int get_num_images(char *imgdirpath);
+unsigned int get_num_images(char *imgdirpath);
 int load_images(dircnt_t *dirptr, char *imgdirpath);
 int get_file_format(const char *filename);
 char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
@@ -370,11 +371,11 @@ static OPJ_BOOL parse_precision(const char* option,
 
 /* -------------------------------------------------------------------------- */
 
-int get_num_images(char *imgdirpath)
+unsigned int get_num_images(char *imgdirpath)
 {
     DIR *dir;
     struct dirent* content;
-    int num_images = 0;
+    unsigned int num_images = 0;
 
     /*Reading the input images from given input directory*/
 
@@ -388,7 +389,13 @@ int get_num_images(char *imgdirpath)
         if (strcmp(".", content->d_name) == 0 || strcmp("..", content->d_name) == 0) {
             continue;
         }
+        if (num_images == UINT_MAX) {
+            fprintf(stderr, "Too many files in folder %s\n", imgdirpath);
+            num_images = 0;
+            break;
+        }
         num_images++;
+
     }
     closedir(dir);
     return num_images;
@@ -1367,6 +1374,11 @@ int main(int argc, char **argv)
     if (img_fol.set_imgdir == 1) {
         int it_image;
         num_images = get_num_images(img_fol.imgdirpath);
+        if (num_images == 0) {
+            fprintf(stderr, "Folder is empty\n");
+            failed = 1;
+            goto fin;
+        }
         dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
         if (!dirptr) {
             destroy_parameters(&parameters);
@@ -1394,11 +1406,7 @@ int main(int argc, char **argv)
             failed = 1;
             goto fin;
         }
-        if (num_images == 0) {
-            fprintf(stderr, "Folder is empty\n");
-            failed = 1;
-            goto fin;
-        }
+
     } else {
         num_images = 1;
     }

diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
index 46b976a9ad4f058829e719accbd42183982e51ab..b297fefd58d2720c0663d83115c19ca1ca39a159 100644 (file)
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -36,6 +36,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <math.h>
+#include <limits.h>
 
 #ifdef _WIN32
 #include "windirent.h"
@@ -82,7 +83,7 @@ typedef struct img_folder {
 
 /* -------------------------------------------------------------------------- */
 /* Declarations                                                               */
-static int get_num_images(char *imgdirpath);
+static unsigned int get_num_images(char *imgdirpath);
 static int load_images(dircnt_t *dirptr, char *imgdirpath);
 static int get_file_format(const char *filename);
 static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
@@ -122,11 +123,11 @@ static void decode_help_display(void)
 }
 
 /* -------------------------------------------------------------------------- */
-static int get_num_images(char *imgdirpath)
+static unsigned int get_num_images(char *imgdirpath)
 {
     DIR *dir;
     struct dirent* content;
-    int num_images = 0;
+    unsigned int num_images = 0;
 
     /*Reading the input images from given input directory*/
 
@@ -140,6 +141,11 @@ static int get_num_images(char *imgdirpath)
         if (strcmp(".", content->d_name) == 0 || strcmp("..", content->d_name) == 0) {
             continue;
         }
+        if (num_images == UINT_MAX) {
+            fprintf(stderr, "Too many files in folder %s\n", imgdirpath);
+            num_images = 0;
+            break;
+        }
         num_images++;
     }
     closedir(dir);
@@ -510,7 +516,10 @@ int main(int argc, char *argv[])
     if (img_fol.set_imgdir == 1) {
         int it_image;
         num_images = get_num_images(img_fol.imgdirpath);
-
+        if (num_images == 0) {
+            fprintf(stdout, "Folder is empty\n");
+            goto fails;
+        }
         dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
         if (!dirptr) {
             return EXIT_FAILURE;
@@ -536,10 +545,7 @@ int main(int argc, char *argv[])
         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
             goto fails;
         }
-        if (num_images == 0) {
-            fprintf(stdout, "Folder is empty\n");
-            goto fails;
-        }
+
     } else {
         num_images = 1;
     }