summaryrefslogtreecommitdiff
path: root/third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch')
-rw-r--r--third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch91
1 files changed, 45 insertions, 46 deletions
diff --git a/third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch b/third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch
index 72105fec4f..f4f2ef5c01 100644
--- a/third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch
+++ b/third_party/libopenjpeg20/0022-jp2_apply_pclr_overflow.patch
@@ -1,53 +1,52 @@
diff --git a/third_party/libopenjpeg20/jp2.c b/third_party/libopenjpeg20/jp2.c
-index a6648f6..8128d98 100644
+index 1fa607d66..78a2d22ff 100644
--- a/third_party/libopenjpeg20/jp2.c
+++ b/third_party/libopenjpeg20/jp2.c
-@@ -972,6 +972,14 @@ static void opj_jp2_apply_pclr(opj_image_t *image, opj_jp2_color_t *color)
- nr_channels = color->jp2_pclr->nr_channels;
+@@ -1049,6 +1049,14 @@ static OPJ_BOOL opj_jp2_apply_pclr(opj_image_t *image,
+ }
- old_comps = image->comps;
-+ /* Overflow check: prevent integer overflow */
-+ for (i = 0; i < nr_channels; ++i) {
-+ cmp = cmap[i].cmp;
-+ if (old_comps[cmp].h == 0 || old_comps[cmp].w > ((OPJ_UINT32)-1) / sizeof(OPJ_INT32) / old_comps[cmp].h) {
-+ return;
-+ }
-+ }
+ old_comps = image->comps;
++ /* Overflow check: prevent integer overflow */
++ for (i = 0; i < nr_channels; ++i) {
++ cmp = cmap[i].cmp;
++ if (old_comps[cmp].h == 0 || old_comps[cmp].w > ((OPJ_UINT32)-1) / sizeof(OPJ_INT32) / old_comps[cmp].h) {
++ return OPJ_FALSE;
++ }
++ }
+
- new_comps = (opj_image_comp_t*)
- opj_malloc(nr_channels * sizeof(opj_image_comp_t));
- if (!new_comps) {
-@@ -1011,22 +1019,28 @@ static void opj_jp2_apply_pclr(opj_image_t *image, opj_jp2_color_t *color)
- /* Palette mapping: */
- cmp = cmap[i].cmp; pcol = cmap[i].pcol;
- src = old_comps[cmp].data;
-- assert( src );
-+ dst = new_comps[i].data;
- max = new_comps[i].w * new_comps[i].h;
+ new_comps = (opj_image_comp_t*)
+ opj_malloc(nr_channels * sizeof(opj_image_comp_t));
+ if (!new_comps) {
+@@ -1093,21 +1101,27 @@ static OPJ_BOOL opj_jp2_apply_pclr(opj_image_t *image,
+ cmp = cmap[i].cmp;
+ pcol = cmap[i].pcol;
+ src = old_comps[cmp].data;
+- assert(src); /* verified above */
++ dst = new_comps[i].data;
+ max = new_comps[i].w * new_comps[i].h;
-+ /* Prevent null pointer access */
-+ if (!src || !dst) {
-+ for (j = 0; j < nr_channels; ++j) {
-+ opj_free(new_comps[j].data);
-+ }
-+ opj_free(new_comps);
-+ new_comps = NULL;
-+ return;
-+ }
++ /* Prevent null pointer access */
++ if (!src || !dst) {
++ for (j = 0; j < nr_channels; ++j) {
++ opj_free(new_comps[j].data);
++ }
++ opj_free(new_comps);
++ new_comps = NULL;
++ return OPJ_FALSE;
++ }
+
- /* Direct use: */
- if(cmap[i].mtyp == 0) {
- assert( cmp == 0 ); // probably wrong.
-- dst = new_comps[i].data;
-- assert( dst );
- for(j = 0; j < max; ++j) {
- dst[j] = src[j];
- }
- }
- else {
- assert( i == pcol ); // probably wrong?
-- dst = new_comps[i].data;
-- assert( dst );
- for(j = 0; j < max; ++j) {
- /* The index */
- if((k = src[j]) < 0) k = 0; else if(k > top_k) k = top_k;
+ /* Direct use: */
+ if (cmap[i].mtyp == 0) {
+ assert( cmp == 0 ); // probably wrong.
+- dst = new_comps[i].data;
+- assert(dst);
+ for (j = 0; j < max; ++j) {
+ dst[j] = src[j];
+ }
+ } else {
+ assert( i == pcol ); // probably wrong?
+- dst = new_comps[i].data;
+- assert(dst);
+ for (j = 0; j < max; ++j) {
+ /* The index */
+ if ((k = src[j]) < 0) {