OPJ_BOOL opj_bio_byteout(opj_bio_t *bio) {
bio->buf = (bio->buf << 8) & 0xffff;
bio->ct = bio->buf == 0xff00 ? 7 : 8;
- if (bio->bp >= bio->end) {
+ if ((OPJ_SIZE_T)bio->bp >= (OPJ_SIZE_T)bio->end) {
return OPJ_FALSE;
}
*bio->bp++ = (OPJ_BYTE)(bio->buf >> 8);
OPJ_BOOL opj_bio_bytein(opj_bio_t *bio) {
bio->buf = (bio->buf << 8) & 0xffff;
bio->ct = bio->buf == 0xff00 ? 7 : 8;
- if (bio->bp >= bio->end) {
+ if ((OPJ_SIZE_T)bio->bp >= (OPJ_SIZE_T)bio->end) {
return OPJ_FALSE;
}
bio->buf |= *bio->bp++;
if (bytes_to_read > sizeof(OPJ_UINT32))
bytes_to_read = sizeof(OPJ_UINT32);
- if ((ptrdiff_t)p_pclr_header_size < p_pclr_header_data - orig_header_data + (ptrdiff_t)bytes_to_read)
+ if ((ptrdiff_t)p_pclr_header_size < (ptrdiff_t)(p_pclr_header_data - orig_header_data) + (ptrdiff_t)bytes_to_read)
return OPJ_FALSE;
opj_read_bytes(p_pclr_header_data, &l_value , bytes_to_read); /* Cji */
}
do {
- if (* p_data_read + l_seg->newlen > p_max_length) {
+ /* Check possible overflow then size */
+ if (((*p_data_read + l_seg->newlen) < (*p_data_read)) || ((*p_data_read + l_seg->newlen) > p_max_length)) {
fprintf(stderr, "skip: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
return OPJ_FALSE;
projects / openjpeg / commitdiff