1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
$NetBSD: patch-src_libjasper_jpc_jpc__t2dec.c,v 1.1 2016/05/16 14:03:40 he Exp $
Fix CVE-2008-3520, patches from
https://bugs.gentoo.org/show_bug.cgi?id=222819
--- src/libjasper/jpc/jpc_t2dec.c.orig 2007-01-19 21:43:07.000000000 +0000
+++ src/libjasper/jpc/jpc_t2dec.c
@@ -478,7 +478,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d
return 0;
}
pi->numcomps = dec->numcomps;
- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) {
+ if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) {
jpc_pi_destroy(pi);
return 0;
}
@@ -490,7 +490,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d
for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps;
compno < pi->numcomps; ++compno, ++tcomp, ++picomp) {
picomp->numrlvls = tcomp->numrlvls;
- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls *
+ if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls,
sizeof(jpc_pirlvl_t)))) {
jpc_pi_destroy(pi);
return 0;
@@ -503,7 +503,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d
rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) {
/* XXX sizeof(long) should be sizeof different type */
pirlvl->numprcs = rlvl->numprcs;
- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs *
+ if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs,
sizeof(long)))) {
jpc_pi_destroy(pi);
return 0;
|