Conversation
| || tile_info.x0 < (OPJ_INT32)image->x0 | ||
| || tile_info.y0 < (OPJ_INT32)image->y0 |
There was a problem hiding this comment.
x0 and y0 are signed, as set by OpenJPEG. So the tile offset can be theoretically negative.
Part of this block is to check 'if the tile is outside the image area'. If the tile offset is negative, that is definitely outside the image area.
There was a problem hiding this comment.
Would this cause issues for images with x0 or y0 greater than 2**31, since image->x0 is unsigned? The following suggestion would catch both cases:
| || tile_info.x0 < (OPJ_INT32)image->x0 | |
| || tile_info.y0 < (OPJ_INT32)image->y0 | |
| || tile_info.x0 < 0 | |
| || tile_info.y0 < 0 | |
| || (OPJ_UINT32)tile_info.x0 < image->x0 | |
| || (OPJ_UINT32)tile_info.y0 < image->y0 |
One could argue that such an image could have no valid tiles, but I do not see another check specifically for that case.
radarhere
force-pushed
the
warnings
branch
2 times, most recently
from
a2d8ec2 to
f15c64d
Compare
| return NULL; | ||
| } | ||
| if (count > (SIZE_MAX / (2 * sizeof(double))) - 1 ) { | ||
| if ((unsigned long long)count > (SIZE_MAX / (2 * sizeof(double))) - 1 ) { |
There was a problem hiding this comment.
Immediately before this, if count < 0 the code returns, so it is safe to cast to unsigned here.
| || tile_info.x1 - image->x0 > im->xsize | ||
| || tile_info.y1 - image->y0 > im->ysize) { |
There was a problem hiding this comment.
| || tile_info.x1 - image->x0 > im->xsize | |
| || tile_info.y1 - image->y0 > im->ysize) { | |
| || (OPJ_INT32)(tile_info.x1 - image->x0) > im->xsize | |
| || (OPJ_INT32)(tile_info.y1 - image->y0) > im->ysize) { |
The previous 4 lines verify that tile_info.x1 > tile_info.x0 and tile_info.x0 >= image->x0, so by transitivity tile_info.x1 > image->x0 and so the result fits into the type of tile_info.x1 (y is analogous).
3 participants
Helps #4586
Jpeg2KDecode.c - before and after
path.c - before and after