Add include_size check for preventing overflow

## [CVE-2016-7163](https://nvd.nist.gov/vuln/detail/CVE-2016-7163)

`opj_pi_create_decode` in `src/lib/openjp2/pi.c` once caused Integer Overflow and was fixed in Commit c16bc05

## Similar code snippet 

`opj_pi_initialise_encode` in `src/lib/openjp2/pi.c` contains a similar logic (line 1698)

```C
    /* memory allocation for include*/
    l_current_pi->include_size = l_tcp->numlayers * l_step_l;
    l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
                            sizeof(OPJ_INT16));
```

Would it make sense to add a similar check as the practice of defending programming?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add include_size check for preventing overflow #1607

CVE-2016-7163

Similar code snippet

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add include_size check for preventing overflow #1607

Description

CVE-2016-7163

Similar code snippet

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions