projects
/
openjpeg.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
11445ed
)
Fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of Tencent...
author
Even Rouault
<even.rouault@spatialys.com>
Sat, 29 Jul 2017 17:13:49 +0000
(19:13 +0200)
committer
Even Rouault
<even.rouault@spatialys.com>
Sat, 29 Jul 2017 17:13:49 +0000
(19:13 +0200)
src/lib/openjp2/tcd.c
patch
|
blob
|
history
diff --git
a/src/lib/openjp2/tcd.c
b/src/lib/openjp2/tcd.c
index 567798525be9b93c62488cef77badf6a743c7e7d..08c5a765a12910c26243ecaeefc2a5ad9186ec0e 100644
(file)
--- a/
src/lib/openjp2/tcd.c
+++ b/
src/lib/openjp2/tcd.c
@@
-1182,8
+1182,9
@@
static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
{
OPJ_UINT32 l_data_size;
- l_data_size = (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
- (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+ /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+ l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+ (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
if (l_data_size > p_code_block->data_size) {
if (p_code_block->data) {