Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed comparison warnings #4752

Merged
merged 1 commit into from
Oct 5, 2020
Merged

Fixed comparison warnings #4752

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/libImaging/Jpeg2KDecode.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -742,8 +742,8 @@ j2k_decode_entry(Imaging im, ImagingCodecState state)
swapped), bail. */
if (tile_info.x0 >= tile_info.x1
|| tile_info.y0 >= tile_info.y1
|| tile_info.x0 < image->x0
|| tile_info.y0 < image->y0
|| tile_info.x0 < (OPJ_INT32)image->x0
|| tile_info.y0 < (OPJ_INT32)image->y0
Comment on lines +745 to +746
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

x0 and y0 are signed, as set by OpenJPEG. So the tile offset can be theoretically negative.
Part of this block is to check 'if the tile is outside the image area'. If the tile offset is negative, that is definitely outside the image area.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this cause issues for images with x0 or y0 greater than 2**31, since image->x0 is unsigned? The following suggestion would catch both cases:

Suggested change
|| tile_info.x0 < (OPJ_INT32)image->x0
|| tile_info.y0 < (OPJ_INT32)image->y0
|| tile_info.x0 < 0
|| tile_info.y0 < 0
|| (OPJ_UINT32)tile_info.x0 < image->x0
|| (OPJ_UINT32)tile_info.y0 < image->y0

One could argue that such an image could have no valid tiles, but I do not see another check specifically for that case.

|| tile_info.x1 - image->x0 > im->xsize
|| tile_info.y1 - image->y0 > im->ysize) {
Comment on lines 747 to 748
Copy link
Contributor

@nulano nulano Jul 2, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
|| tile_info.x1 - image->x0 > im->xsize
|| tile_info.y1 - image->y0 > im->ysize) {
|| (OPJ_INT32)(tile_info.x1 - image->x0) > im->xsize
|| (OPJ_INT32)(tile_info.y1 - image->y0) > im->ysize) {

The previous 4 lines verify that tile_info.x1 > tile_info.x0 and tile_info.x0 >= image->x0, so by transitivity tile_info.x1 > image->x0 and so the result fits into the type of tile_info.x1 (y is analogous).

state->errcode = IMAGING_CODEC_BROKEN;
Expand Down
2 changes: 1 addition & 1 deletion src/path.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ alloc_array(Py_ssize_t count)
PyErr_NoMemory();
return NULL;
}
if (count > (SIZE_MAX / (2 * sizeof(double))) - 1 ) {
if ((unsigned long long)count > (SIZE_MAX / (2 * sizeof(double))) - 1 ) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Immediately before this, if count < 0 the code returns, so it is safe to cast to unsigned here.

PyErr_NoMemory();
return NULL;
}
Expand Down