Replace int operation with uint operation for preventing overflow

## [CVE-2018-20847](https://nvd.nist.gov/vuln/detail/CVE-2018-20847)

`opj_get_all_encoding_parameters` in `src/lib/openjp2/pi.c` once led to integer overflow and was fixed in Commit 5d00b71.

## Similar Code Snippet

`opj_j2k_update_rates` in `src/lib/openjp2/j2k.c` contains a similar logic

```C
            /* 4 borders of the tile rescale on the image if necessary */
            l_x0 = opj_int_max((OPJ_INT32)(l_cp->tx0 + j * l_cp->tdx),
                               (OPJ_INT32)l_image->x0);
            l_y0 = opj_int_max((OPJ_INT32)(l_cp->ty0 + i * l_cp->tdy),
                               (OPJ_INT32)l_image->y0);
            l_x1 = opj_int_min((OPJ_INT32)(l_cp->tx0 + (j + 1) * l_cp->tdx),
                               (OPJ_INT32)l_image->x1);
            l_y1 = opj_int_min((OPJ_INT32)(l_cp->ty0 + (i + 1) * l_cp->tdy),
                               (OPJ_INT32)l_image->y1);
```

Would it make sense to replace `opj_int_*` with `opj_uint_*` as the patch did for defending programming?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Replace int operation with uint operation for preventing overflow #1608

CVE-2018-20847

Similar Code Snippet

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Replace int operation with uint operation for preventing overflow #1608

Description

CVE-2018-20847

Similar Code Snippet

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions