==========================================================
*/
+static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg)
+{
+ (void)pi;
+ (void)msg;
+}
+
static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi)
{
opj_pi_comp_t *comp = NULL;
for (pi->precno = pi->poc.precno0; pi->precno < pi->poc.precno1; pi->precno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ /* Avoids index out of bounds access with */
+ /* id_000098,sig_11,src_005411,op_havoc,rep_2 of */
+ /* https://github.com/uclouvain/openjpeg/issues/938 */
+ /* Not sure if this is the most clever fix. Perhaps */
+ /* include should be resized when a POC arises, or */
+ /* the POC should be rejected */
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
for (pi->precno = pi->poc.precno0; pi->precno < pi->poc.precno1; pi->precno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
for (pi->layno = pi->poc.layno0; pi->layno < pi->poc.layno1; pi->layno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
for (pi->layno = pi->poc.layno0; pi->layno < pi->poc.layno1; pi->layno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
for (pi->layno = pi->poc.layno0; pi->layno < pi->poc.layno1; pi->layno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
/* prevent an integer overflow issue */
/* 0 < l_tcp->numlayers < 65536 c.f. opj_j2k_read_cod in j2k.c */
l_current_pi->include = 00;
- if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U))) {
- l_current_pi->include = (OPJ_INT16*) opj_calloc((size_t)(
- l_tcp->numlayers + 1U) * l_step_l, sizeof(OPJ_INT16));
+ if (l_step_l <= (UINT_MAX / (l_tcp->numlayers + 1U))) {
+ l_current_pi->include_size = (l_tcp->numlayers + 1U) * l_step_l;
+ l_current_pi->include = (OPJ_INT16*) opj_calloc(
+ l_current_pi->include_size, sizeof(OPJ_INT16));
}
if (!l_current_pi->include) {
}
/* special treatment*/
l_current_pi->include = (l_current_pi - 1)->include;
+ l_current_pi->include_size = (l_current_pi - 1)->include_size;
++l_current_pi;
}
opj_free(l_tmp_data);
l_current_pi = l_pi;
/* memory allocation for include*/
- l_current_pi->include = (OPJ_INT16*) opj_calloc(l_tcp->numlayers * l_step_l,
+ l_current_pi->include_size = l_tcp->numlayers * l_step_l;
+ l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
sizeof(OPJ_INT16));
if (!l_current_pi->include) {
opj_free(l_tmp_data);
/* special treatment*/
l_current_pi->include = (l_current_pi - 1)->include;
+ l_current_pi->include_size = (l_current_pi - 1)->include_size;
++l_current_pi;
}