--- src/libjasper/jp2/jp2_cod.c
+++ src/libjasper/jp2/jp2_cod.c
@@ -247,7 +247,7 @@
box = 0;
tmpstream = 0;
- if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
+ if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) {
goto error;
}
box->ops = &jp2_boxinfo_unk.ops;
--- src/libjasper/jpc/jpc_cs.c
+++ src/libjasper/jpc/jpc_cs.c
@@ -983,7 +983,10 @@
compparms->numstepsizes = (len - n) / 2;
break;
}
-if (compparms->numstepsizes > 0) {
+if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
+ jpc_qcx_destroycompparms(compparms);
+ return -1;
+ } else if (compparms->numstepsizes > 0) {
compparms->stepsizes = jas_malloc(compparms->numstepsizes *
sizeof(uint_fast32_t));
assert(compparms->stepsizes);
--- src/libjasper/jpc/jpc_dec.c
+++ src/libjasper/jpc/jpc_dec.c
@@ -1207,7 +1207,7 @@
dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
dec->numtiles = dec->numhtiles * dec->numvtiles;
- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) {
+ if (!(dec->tiles = jas_calloc(dec->numtiles, sizeof(jpc_dec_tile_t)))) {
return -1;
}
@@ -1231,7 +1231,7 @@
tile->pkthdrstreampos = 0;
tile->pptstab = 0;
tile->cp = 0;
- if (!(tile->tcomps = jas_malloc(dec->numcomps *
+ if (!(tile->tcomps = jas_calloc(dec->numcomps,
sizeof(jpc_dec_tcomp_t)))) {
return -1;
}
distrib
>
Mandriva
>
2007.0
>
x86_64
>
media
>
main-updates-src
>
by-pkgid
>
e8f887d203af484f2e4b85505052cfda
>
files
>
3
