From 36dc83e3ac2437b34253bdc66f2bffa4362e2537 Mon Sep 17 00:00:00 2001
From: Andrew Murray <radarhere@users.noreply.github.com>
Date: Tue, 22 Dec 2020 16:07:32 +1100
Subject: [PATCH] Fixed comparison between unsigned int and int

---
 src/libImaging/Jpeg2KDecode.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/libImaging/Jpeg2KDecode.c b/src/libImaging/Jpeg2KDecode.c
index b08e607a706..8cce5454f40 100644
--- a/src/libImaging/Jpeg2KDecode.c
+++ b/src/libImaging/Jpeg2KDecode.c
@@ -742,10 +742,12 @@ j2k_decode_entry(Imaging im, ImagingCodecState state)
            swapped), bail. */
         if (tile_info.x0 >= tile_info.x1
             || tile_info.y0 >= tile_info.y1
-            || tile_info.x0 < (OPJ_INT32)image->x0
-            || tile_info.y0 < (OPJ_INT32)image->y0
-            || tile_info.x1 - image->x0 > im->xsize
-            || tile_info.y1 - image->y0 > im->ysize) {
+            || tile_info.x0 < 0
+            || tile_info.y0 < 0
+            || (OPJ_UINT32)tile_info.x0 < image->x0
+            || (OPJ_UINT32)tile_info.y0 < image->y0
+            || (OPJ_INT32)(tile_info.x1 - image->x0) > im->xsize
+            || (OPJ_INT32)(tile_info.y1 - image->y0) > im->ysize) {
             state->errcode = IMAGING_CODEC_BROKEN;
             state->state = J2K_STATE_FAILED;
             goto quick_exit;