Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 163282 Details for
Bug 222819
media-libs/jasper <1.900.1-r3 multiple vulnerabilities (CVE-2008-{3520,3521,3522})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
jasper-1.900.1-CVE-2008-3520+1+2.patch
jasper-1.900.1-CVE-2008-3520+1+2.patch (text/plain), 26.85 KB, created by
Robert Buchholz (RETIRED)
on 2008-08-19 09:30:00 UTC
(
hide
)
Description:
jasper-1.900.1-CVE-2008-3520+1+2.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-08-19 09:30:00 UTC
Size:
26.85 KB
patch
obsolete
>--- src/libjasper/base/jas_cm.c >+++ src/libjasper/base/jas_cm.c >@@ -704,8 +704,7 @@ > { > jas_cmpxform_t **p; > assert(n >= pxformseq->numpxforms); >- p = (!pxformseq->pxforms) ? jas_malloc(n * sizeof(jas_cmpxform_t *)) : >- jas_realloc(pxformseq->pxforms, n * sizeof(jas_cmpxform_t *)); >+ p = jas_realloc2(pxformseq->pxforms, n, sizeof(jas_cmpxform_t *)); > if (!p) { > return -1; > } >@@ -889,13 +888,13 @@ > jas_cmshapmatlut_cleanup(lut); > if (curv->numents == 0) { > lut->size = 2; >- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) >+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) > goto error; > lut->data[0] = 0.0; > lut->data[1] = 1.0; > } else if (curv->numents == 1) { > lut->size = 256; >- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) >+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) > goto error; > gamma = curv->ents[0] / 256.0; > for (i = 0; i < lut->size; ++i) { >@@ -903,7 +902,7 @@ > } > } else { > lut->size = curv->numents; >- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) >+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) > goto error; > for (i = 0; i < lut->size; ++i) { > lut->data[i] = curv->ents[i] / 65535.0; >@@ -953,7 +952,7 @@ > return -1; > } > } >- if (!(invlut->data = jas_malloc(n * sizeof(jas_cmreal_t)))) >+ if (!(invlut->data = jas_alloc2(n, sizeof(jas_cmreal_t)))) > return -1; > invlut->size = n; > for (i = 0; i < invlut->size; ++i) { >--- src/libjasper/base/jas_icc.c >+++ src/libjasper/base/jas_icc.c >@@ -373,7 +373,7 @@ > jas_icctagtab_t *tagtab; > > tagtab = &prof->tagtab; >- if (!(tagtab->ents = jas_malloc(prof->attrtab->numattrs * >+ if (!(tagtab->ents = jas_alloc2(prof->attrtab->numattrs, > sizeof(jas_icctagtabent_t)))) > goto error; > tagtab->numents = prof->attrtab->numattrs; >@@ -522,7 +522,7 @@ > } > if (jas_iccgetuint32(in, &tagtab->numents)) > goto error; >- if (!(tagtab->ents = jas_malloc(tagtab->numents * >+ if (!(tagtab->ents = jas_alloc2(tagtab->numents, > sizeof(jas_icctagtabent_t)))) > goto error; > tagtabent = tagtab->ents; >@@ -743,8 +743,7 @@ > { > jas_iccattr_t *newattrs; > assert(maxents >= tab->numattrs); >- newattrs = tab->attrs ? jas_realloc(tab->attrs, maxents * >- sizeof(jas_iccattr_t)) : jas_malloc(maxents * sizeof(jas_iccattr_t)); >+ newattrs = jas_realloc2(tab->attrs, maxents, sizeof(jas_iccattr_t)); > if (!newattrs) > return -1; > tab->attrs = newattrs; >@@ -999,7 +998,7 @@ > > if (jas_iccgetuint32(in, &curv->numents)) > goto error; >- if (!(curv->ents = jas_malloc(curv->numents * sizeof(jas_iccuint16_t)))) >+ if (!(curv->ents = jas_alloc2(curv->numents, sizeof(jas_iccuint16_t)))) > goto error; > for (i = 0; i < curv->numents; ++i) { > if (jas_iccgetuint16(in, &curv->ents[i])) >@@ -1100,7 +1099,7 @@ > if (jas_iccgetuint32(in, &txtdesc->uclangcode) || > jas_iccgetuint32(in, &txtdesc->uclen)) > goto error; >- if (!(txtdesc->ucdata = jas_malloc(txtdesc->uclen * 2))) >+ if (!(txtdesc->ucdata = jas_alloc2(txtdesc->uclen, 2))) > goto error; > if (jas_stream_read(in, txtdesc->ucdata, txtdesc->uclen * 2) != > JAS_CAST(int, txtdesc->uclen * 2)) >@@ -1292,17 +1291,17 @@ > jas_iccgetuint16(in, &lut8->numouttabents)) > goto error; > clutsize = jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans; >- if (!(lut8->clut = jas_malloc(clutsize * sizeof(jas_iccuint8_t))) || >- !(lut8->intabsbuf = jas_malloc(lut8->numinchans * >- lut8->numintabents * sizeof(jas_iccuint8_t))) || >- !(lut8->intabs = jas_malloc(lut8->numinchans * >+ if (!(lut8->clut = jas_alloc2(clutsize, sizeof(jas_iccuint8_t))) || >+ !(lut8->intabsbuf = jas_alloc3(lut8->numinchans, >+ lut8->numintabents, sizeof(jas_iccuint8_t))) || >+ !(lut8->intabs = jas_alloc2(lut8->numinchans, > sizeof(jas_iccuint8_t *)))) > goto error; > for (i = 0; i < lut8->numinchans; ++i) > lut8->intabs[i] = &lut8->intabsbuf[i * lut8->numintabents]; >- if (!(lut8->outtabsbuf = jas_malloc(lut8->numoutchans * >- lut8->numouttabents * sizeof(jas_iccuint8_t))) || >- !(lut8->outtabs = jas_malloc(lut8->numoutchans * >+ if (!(lut8->outtabsbuf = jas_alloc3(lut8->numoutchans, >+ lut8->numouttabents, sizeof(jas_iccuint8_t))) || >+ !(lut8->outtabs = jas_alloc2(lut8->numoutchans, > sizeof(jas_iccuint8_t *)))) > goto error; > for (i = 0; i < lut8->numoutchans; ++i) >@@ -1461,17 +1460,17 @@ > jas_iccgetuint16(in, &lut16->numouttabents)) > goto error; > clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans; >- if (!(lut16->clut = jas_malloc(clutsize * sizeof(jas_iccuint16_t))) || >+ if (!(lut16->clut = jas_alloc2(clutsize, sizeof(jas_iccuint16_t))) || > !(lut16->intabsbuf = jas_malloc(lut16->numinchans * > lut16->numintabents * sizeof(jas_iccuint16_t))) || >- !(lut16->intabs = jas_malloc(lut16->numinchans * >+ !(lut16->intabs = jas_alloc2(lut16->numinchans, > sizeof(jas_iccuint16_t *)))) > goto error; > for (i = 0; i < lut16->numinchans; ++i) > lut16->intabs[i] = &lut16->intabsbuf[i * lut16->numintabents]; >- if (!(lut16->outtabsbuf = jas_malloc(lut16->numoutchans * >- lut16->numouttabents * sizeof(jas_iccuint16_t))) || >- !(lut16->outtabs = jas_malloc(lut16->numoutchans * >+ if (!(lut16->outtabsbuf = jas_alloc3(lut16->numoutchans, >+ lut16->numouttabents, sizeof(jas_iccuint16_t))) || >+ !(lut16->outtabs = jas_alloc2(lut16->numoutchans, > sizeof(jas_iccuint16_t *)))) > goto error; > for (i = 0; i < lut16->numoutchans; ++i) >--- src/libjasper/base/jas_image.c >+++ src/libjasper/base/jas_image.c >@@ -142,7 +142,7 @@ > image->inmem_ = true; > > /* Allocate memory for the per-component information. */ >- if (!(image->cmpts_ = jas_malloc(image->maxcmpts_ * >+ if (!(image->cmpts_ = jas_alloc2(image->maxcmpts_, > sizeof(jas_image_cmpt_t *)))) { > jas_image_destroy(image); > return 0; >@@ -774,8 +774,7 @@ > jas_image_cmpt_t **newcmpts; > int cmptno; > >- newcmpts = (!image->cmpts_) ? jas_malloc(maxcmpts * sizeof(jas_image_cmpt_t *)) : >- jas_realloc(image->cmpts_, maxcmpts * sizeof(jas_image_cmpt_t *)); >+ newcmpts = jas_realloc2(image->cmpts_, maxcmpts, sizeof(jas_image_cmpt_t *)); > if (!newcmpts) { > return -1; > } >--- src/libjasper/base/jas_malloc.c >+++ src/libjasper/base/jas_malloc.c >@@ -76,6 +76,9 @@ > > /* We need the prototype for memset. */ > #include <string.h> >+#include <limits.h> >+#include <errno.h> >+#include <stdint.h> > > #include "jasper/jas_malloc.h" > >@@ -113,18 +116,50 @@ > > void *jas_realloc(void *ptr, size_t size) > { >- return realloc(ptr, size); >+ return ptr ? realloc(ptr, size) : malloc(size); > } > >-void *jas_calloc(size_t nmemb, size_t size) >+void *jas_realloc2(void *ptr, size_t nmemb, size_t size) >+{ >+ if (!ptr) >+ return jas_alloc2(nmemb, size); >+ if (nmemb && SIZE_MAX / nmemb < size) { >+ errno = ENOMEM; >+ return NULL; >+ } >+ return jas_realloc(ptr, nmemb * size); >+ >+} >+ >+void *jas_alloc2(size_t nmemb, size_t size) >+{ >+ if (nmemb && SIZE_MAX / nmemb < size) { >+ errno = ENOMEM; >+ return NULL; >+ } >+ >+ return jas_malloc(nmemb * size); >+} >+ >+void *jas_alloc3(size_t a, size_t b, size_t c) > { >- void *ptr; > size_t n; >- n = nmemb * size; >- if (!(ptr = jas_malloc(n * sizeof(char)))) { >- return 0; >+ >+ if (a && SIZE_MAX / a < b) { >+ errno = ENOMEM; >+ return NULL; > } >- memset(ptr, 0, n); >+ >+ return jas_alloc2(a*b, c); >+} >+ >+void *jas_calloc(size_t nmemb, size_t size) >+{ >+ void *ptr; >+ >+ ptr = jas_alloc2(nmemb, size); >+ if (ptr) >+ memset(ptr, 0, nmemb*size); > return ptr; > } > >--- src/libjasper/base/jas_seq.c >+++ src/libjasper/base/jas_seq.c >@@ -114,7 +114,7 @@ > matrix->datasize_ = numrows * numcols; > > if (matrix->maxrows_ > 0) { >- if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ * >+ if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_, > sizeof(jas_seqent_t *)))) { > jas_matrix_destroy(matrix); > return 0; >@@ -122,7 +122,7 @@ > } > > if (matrix->datasize_ > 0) { >- if (!(matrix->data_ = jas_malloc(matrix->datasize_ * >+ if (!(matrix->data_ = jas_alloc2(matrix->datasize_, > sizeof(jas_seqent_t)))) { > jas_matrix_destroy(matrix); > return 0; >@@ -220,7 +220,7 @@ > mat0->numrows_ = r1 - r0 + 1; > mat0->numcols_ = c1 - c0 + 1; > mat0->maxrows_ = mat0->numrows_; >- mat0->rows_ = jas_malloc(mat0->maxrows_ * sizeof(jas_seqent_t *)); >+ mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *)); > for (i = 0; i < mat0->numrows_; ++i) { > mat0->rows_[i] = mat1->rows_[r0 + i] + c0; > } >@@ -432,7 +432,8 @@ > for (i = 0; i < jas_matrix_numrows(matrix); ++i) { > for (j = 0; j < jas_matrix_numcols(matrix); ++j) { > x = jas_matrix_get(matrix, i, j); >- sprintf(sbuf, "%s%4ld", (strlen(buf) > 0) ? " " : "", >+ snprintf(sbuf, sizeof sbuf, >+ "%s%4ld", (strlen(buf) > 0) ? " " : "", > JAS_CAST(long, x)); > n = strlen(buf); > if (n + strlen(sbuf) > MAXLINELEN) { >--- src/libjasper/base/jas_stream.c >+++ src/libjasper/base/jas_stream.c >@@ -212,7 +212,7 @@ > if (buf) { > obj->buf_ = (unsigned char *) buf; > } else { >- obj->buf_ = jas_malloc(obj->bufsize_ * sizeof(char)); >+ obj->buf_ = jas_malloc(obj->bufsize_); > obj->myalloc_ = 1; > } > if (!obj->buf_) { >@@ -361,28 +361,22 @@ > } > obj->fd = -1; > obj->flags = 0; >- obj->pathname[0] = '\0'; > stream->obj_ = obj; > > /* Choose a file name. */ >- tmpnam(obj->pathname); >+ snprintf(obj->pathname, L_tmpnam, "%stmp.XXXXXXXXXX", P_tmpdir); > > /* Open the underlying file. */ >- if ((obj->fd = open(obj->pathname, O_CREAT | O_EXCL | O_RDWR | O_TRUNC | O_BINARY, >- JAS_STREAM_PERMS)) < 0) { >+ if ((obj->fd = mkstemp(obj->pathname)) < 0) { > jas_stream_destroy(stream); > return 0; > } > > /* Unlink the file so that it will disappear if the program > terminates abnormally. */ >- /* Under UNIX, one can unlink an open file and continue to do I/O >- on it. Not all operating systems support this functionality, however. >- For example, under Microsoft Windows the unlink operation will fail, >- since the file is open. */ > if (unlink(obj->pathname)) { >- /* We will try unlinking the file again after it is closed. */ >- obj->flags |= JAS_STREAM_FILEOBJ_DELONCLOSE; >+ jas_stream_destroy(stream); >+ return 0; > } > > /* Use full buffering. */ >@@ -553,7 +547,7 @@ > int ret; > > va_start(ap, fmt); >- ret = vsprintf(buf, fmt, ap); >+ ret = vsnprintf(buf, sizeof buf, fmt, ap); > jas_stream_puts(stream, buf); > va_end(ap); > return ret; >@@ -992,7 +986,7 @@ > unsigned char *buf; > > assert(m->buf_); >- if (!(buf = jas_realloc(m->buf_, bufsize * sizeof(unsigned char)))) { >+ if (!(buf = jas_realloc(m->buf_, bufsize))) { > return -1; > } > m->buf_ = buf; >--- src/libjasper/bmp/bmp_dec.c >+++ src/libjasper/bmp/bmp_dec.c >@@ -283,7 +283,7 @@ > } > > if (info->numcolors > 0) { >- if (!(info->palents = jas_malloc(info->numcolors * >+ if (!(info->palents = jas_alloc2(info->numcolors, > sizeof(bmp_palent_t)))) { > bmp_info_destroy(info); > return 0; >--- src/libjasper/include/jasper/jas_malloc.h >+++ src/libjasper/include/jasper/jas_malloc.h >@@ -95,6 +95,9 @@ > #define jas_free MEMFREE > #define jas_realloc MEMREALLOC > #define jas_calloc MEMCALLOC >+#define jas_alloc2(a, b) MEMALLOC((a)*(b)) >+#define jas_alloc3(a, b, c) MEMALLOC((a)*(b)*(c)) >+#define jas_realloc2(p, a, b) MEMREALLOC((p), (a)*(b)) > #endif > > /******************************************************************************\ >@@ -115,6 +118,12 @@ > /* Allocate a block of memory and initialize the contents to zero. */ > void *jas_calloc(size_t nmemb, size_t size); > >+/* size-checked double allocation .*/ >+void *jas_alloc2(size_t, size_t); >+ >+void *jas_alloc3(size_t, size_t, size_t); >+ >+void *jas_realloc2(void *, size_t, size_t); > #endif > > #ifdef __cplusplus >--- src/libjasper/jp2/jp2_cod.c >+++ src/libjasper/jp2/jp2_cod.c >@@ -795,11 +795,15 @@ > jp2_cmap_t *cmap = &box->data.cmap; > unsigned int i; > jp2_cmapent_t *ent; >- fprintf(out, "numchans = %d\n", (int) cmap->numchans); >+ if (jas_getdbglevel() >= 1) { >+ fprintf(out, "numchans = %d\n", (int) cmap->numchans); >+ } > for (i = 0; i < cmap->numchans; ++i) { > ent = &cmap->ents[i]; >- fprintf(out, "cmptno=%d; map=%d; pcol=%d\n", >- (int) ent->cmptno, (int) ent->map, (int) ent->pcol); >+ if (jas_getdbglevel() >= 1) { >+ fprintf(out, "cmptno=%d; map=%d; pcol=%d\n", >+ (int) ent->cmptno, (int) ent->map, (int) ent->pcol); >+ } > } > } > >--- src/libjasper/jp2/jp2_dec.c >+++ src/libjasper/jp2/jp2_dec.c >@@ -293,7 +293,9 @@ > dec->colr->data.colr.iccplen); > assert(iccprof); > jas_iccprof_gethdr(iccprof, &icchdr); >- jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); >+ if (jas_getdbglevel() >= 1) { >+ jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); >+ } > jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); > dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); > assert(dec->image->cmprof_); >--- src/libjasper/jp2/jp2_enc.c >+++ src/libjasper/jp2/jp2_enc.c >@@ -191,7 +191,7 @@ > } > bpcc = &box->data.bpcc; > bpcc->numcmpts = jas_image_numcmpts(image); >- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * >+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, > sizeof(uint_fast8_t)))) { > goto error; > } >@@ -285,7 +285,7 @@ > } > cdef = &box->data.cdef; > cdef->numchans = jas_image_numcmpts(image); >- cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)); >+ cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)); > for (i = 0; i < jas_image_numcmpts(image); ++i) { > cdefchanent = &cdef->ents[i]; > cdefchanent->channo = i; >@@ -343,7 +343,8 @@ > /* Output the JPEG-2000 code stream. */ > > overhead = jas_stream_getrwcount(out); >- sprintf(buf, "%s\n_jp2overhead=%lu\n", (optstr ? optstr : ""), >+ snprintf(buf, sizeof buf, "%s\n_jp2overhead=%lu\n", >+ (optstr ? optstr : ""), > (unsigned long) overhead); > > if (jpc_encode(image, out, buf)) { >--- src/libjasper/jpc/jpc_cs.c >+++ src/libjasper/jpc/jpc_cs.c >@@ -502,7 +502,7 @@ > !siz->tileheight || !siz->numcomps) { > return -1; > } >- if (!(siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)))) { >+ if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { > return -1; > } > for (i = 0; i < siz->numcomps; ++i) { >@@ -986,7 +986,7 @@ > jpc_qcx_destroycompparms(compparms); > return -1; > } else if (compparms->numstepsizes > 0) { >- compparms->stepsizes = jas_malloc(compparms->numstepsizes * >+ compparms->stepsizes = jas_alloc2(compparms->numstepsizes, > sizeof(uint_fast16_t)); > assert(compparms->stepsizes); > for (i = 0; i < compparms->numstepsizes; ++i) { >@@ -1094,7 +1094,7 @@ > > ppm->len = ms->len - 1; > if (ppm->len > 0) { >- if (!(ppm->data = jas_malloc(ppm->len * sizeof(unsigned char)))) { >+ if (!(ppm->data = jas_malloc(ppm->len))) { > goto error; > } > if (JAS_CAST(uint, jas_stream_read(in, ppm->data, ppm->len)) != ppm->len) { >@@ -1163,7 +1163,7 @@ > } > ppt->len = ms->len - 1; > if (ppt->len > 0) { >- if (!(ppt->data = jas_malloc(ppt->len * sizeof(unsigned char)))) { >+ if (!(ppt->data = jas_malloc(ppt->len))) { > goto error; > } > if (jas_stream_read(in, (char *) ppt->data, ppt->len) != JAS_CAST(int, ppt->len)) { >@@ -1226,7 +1226,7 @@ > uint_fast8_t tmp; > poc->numpchgs = (cstate->numcomps > 256) ? (ms->len / 9) : > (ms->len / 7); >- if (!(poc->pchgs = jas_malloc(poc->numpchgs * sizeof(jpc_pocpchg_t)))) { >+ if (!(poc->pchgs = jas_alloc2(poc->numpchgs, sizeof(jpc_pocpchg_t)))) { > goto error; > } > for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno, >@@ -1331,7 +1331,7 @@ > jpc_crgcomp_t *comp; > uint_fast16_t compno; > crg->numcomps = cstate->numcomps; >- if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) { >+ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { > return -1; > } > for (compno = 0, comp = crg->comps; compno < cstate->numcomps; >@@ -1470,7 +1470,7 @@ > cstate = 0; > > if (ms->len > 0) { >- if (!(unk->data = jas_malloc(ms->len * sizeof(unsigned char)))) { >+ if (!(unk->data = jas_malloc(ms->len))) { > return -1; > } > if (jas_stream_read(in, (char *) unk->data, ms->len) != JAS_CAST(int, ms->len)) { >--- src/libjasper/jpc/jpc_dec.c >+++ src/libjasper/jpc/jpc_dec.c >@@ -1466,7 +1466,9 @@ > dec = 0; > > jas_eprintf("warning: ignoring unknown marker segment\n"); >- jpc_ms_dump(ms, stderr); >+ if (jas_getdbglevel() >= 1) { >+ jpc_ms_dump(ms, stderr); >+ } > return 0; > } > >--- src/libjasper/jpc/jpc_enc.c >+++ src/libjasper/jpc/jpc_enc.c >@@ -403,7 +403,7 @@ > vsteplcm *= jas_image_cmptvstep(image, cmptno); > } > >- if (!(cp->ccps = jas_malloc(cp->numcmpts * sizeof(jpc_enc_ccp_t)))) { >+ if (!(cp->ccps = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_ccp_t)))) { > goto error; > } > for (cmptno = 0, ccp = cp->ccps; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno, >@@ -656,7 +656,7 @@ > > if (ilyrrates && numilyrrates > 0) { > tcp->numlyrs = numilyrrates + 1; >- if (!(tcp->ilyrrates = jas_malloc((tcp->numlyrs - 1) * >+ if (!(tcp->ilyrrates = jas_alloc2((tcp->numlyrs - 1), > sizeof(jpc_fix_t)))) { > goto error; > } >@@ -940,7 +940,7 @@ > siz->tilewidth = cp->tilewidth; > siz->tileheight = cp->tileheight; > siz->numcomps = cp->numcmpts; >- siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)); >+ siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)); > assert(siz->comps); > for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) { > siz->comps[i].prec = cp->ccps[i].prec; >@@ -958,7 +958,8 @@ > if (!(enc->mrk = jpc_ms_create(JPC_MS_COM))) { > return -1; > } >- sprintf(buf, "Creator: JasPer Version %s", jas_getversion()); >+ snprintf(buf, sizeof buf, "Creator: JasPer Version %s", >+ jas_getversion()); > com = &enc->mrk->parms.com; > com->len = strlen(buf); > com->regid = JPC_COM_LATIN; >@@ -977,7 +978,7 @@ > return -1; > } > crg = &enc->mrk->parms.crg; >- crg->comps = jas_malloc(crg->numcomps * sizeof(jpc_crgcomp_t)); >+ crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t)); > if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { > jas_eprintf("cannot write CRG marker\n"); > return -1; >@@ -1955,7 +1956,7 @@ > tile->mctid = cp->tcp.mctid; > > tile->numlyrs = cp->tcp.numlyrs; >- if (!(tile->lyrsizes = jas_malloc(tile->numlyrs * >+ if (!(tile->lyrsizes = jas_alloc2(tile->numlyrs, > sizeof(uint_fast32_t)))) { > goto error; > } >@@ -1964,7 +1965,7 @@ > } > > /* Allocate an array for the per-tile-component information. */ >- if (!(tile->tcmpts = jas_malloc(cp->numcmpts * sizeof(jpc_enc_tcmpt_t)))) { >+ if (!(tile->tcmpts = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_tcmpt_t)))) { > goto error; > } > /* Initialize a few members critical for error recovery. */ >@@ -2110,7 +2111,7 @@ > jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data), > jas_seq2d_yend(tcmpt->data), bandinfos); > >- if (!(tcmpt->rlvls = jas_malloc(tcmpt->numrlvls * sizeof(jpc_enc_rlvl_t)))) { >+ if (!(tcmpt->rlvls = jas_alloc2(tcmpt->numrlvls, sizeof(jpc_enc_rlvl_t)))) { > goto error; > } > for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls; >@@ -2213,7 +2214,7 @@ > rlvl->numvprcs = JPC_FLOORDIVPOW2(brprcbry - tlprctly, rlvl->prcheightexpn); > rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs; > >- if (!(rlvl->bands = jas_malloc(rlvl->numbands * sizeof(jpc_enc_band_t)))) { >+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_enc_band_t)))) { > goto error; > } > for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; >@@ -2290,7 +2291,7 @@ > band->synweight = bandinfo->synenergywt; > > if (band->data) { >- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_enc_prc_t)))) { >+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_enc_prc_t)))) { > goto error; > } > for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, >@@ -2422,7 +2423,7 @@ > goto error; > } > >- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_enc_cblk_t)))) { >+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_enc_cblk_t)))) { > goto error; > } > for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks; >--- src/libjasper/jpc/jpc_mqdec.c >+++ src/libjasper/jpc/jpc_mqdec.c >@@ -118,7 +118,7 @@ > mqdec->in = in; > mqdec->maxctxs = maxctxs; > /* Allocate memory for the per-context state information. */ >- if (!(mqdec->ctxs = jas_malloc(mqdec->maxctxs * sizeof(jpc_mqstate_t *)))) { >+ if (!(mqdec->ctxs = jas_alloc2(mqdec->maxctxs, sizeof(jpc_mqstate_t *)))) { > goto error; > } > /* Set the current context to the first context. */ >--- src/libjasper/jpc/jpc_mqenc.c >+++ src/libjasper/jpc/jpc_mqenc.c >@@ -197,7 +197,7 @@ > mqenc->maxctxs = maxctxs; > > /* Allocate memory for the per-context state information. */ >- if (!(mqenc->ctxs = jas_malloc(mqenc->maxctxs * sizeof(jpc_mqstate_t *)))) { >+ if (!(mqenc->ctxs = jas_alloc2(mqenc->maxctxs, sizeof(jpc_mqstate_t *)))) { > goto error; > } > >--- src/libjasper/jpc/jpc_qmfb.c >+++ src/libjasper/jpc/jpc_qmfb.c >@@ -321,7 +321,7 @@ > #if !defined(HAVE_VLA) > /* Get a buffer. */ > if (bufsize > QMFB_SPLITBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide in this case. */ > abort(); > } >@@ -389,7 +389,7 @@ > #if !defined(HAVE_VLA) > /* Get a buffer. */ > if (bufsize > QMFB_SPLITBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide in this case. */ > abort(); > } >@@ -460,7 +460,7 @@ > #if !defined(HAVE_VLA) > /* Get a buffer. */ > if (bufsize > QMFB_SPLITBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide in this case. */ > abort(); > } >@@ -549,7 +549,7 @@ > #if !defined(HAVE_VLA) > /* Get a buffer. */ > if (bufsize > QMFB_SPLITBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide in this case. */ > abort(); > } >@@ -633,7 +633,7 @@ > #if !defined(HAVE_VLA) > /* Allocate memory for the join buffer from the heap. */ > if (bufsize > QMFB_JOINBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide. */ > abort(); > } >@@ -698,7 +698,7 @@ > #if !defined(HAVE_VLA) > /* Allocate memory for the join buffer from the heap. */ > if (bufsize > QMFB_JOINBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide. */ > abort(); > } >@@ -766,7 +766,7 @@ > #if !defined(HAVE_VLA) > /* Allocate memory for the join buffer from the heap. */ > if (bufsize > QMFB_JOINBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide. */ > abort(); > } >@@ -852,7 +852,7 @@ > #if !defined(HAVE_VLA) > /* Allocate memory for the join buffer from the heap. */ > if (bufsize > QMFB_JOINBUFSIZE) { >- if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t)))) { >+ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { > /* We have no choice but to commit suicide. */ > abort(); > } >--- src/libjasper/jpc/jpc_t1enc.c >+++ src/libjasper/jpc/jpc_t1enc.c >@@ -219,7 +219,7 @@ > > cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0; > if (cblk->numpasses > 0) { >- cblk->passes = jas_malloc(cblk->numpasses * sizeof(jpc_enc_pass_t)); >+ cblk->passes = jas_alloc2(cblk->numpasses, sizeof(jpc_enc_pass_t)); > assert(cblk->passes); > } else { > cblk->passes = 0; >--- src/libjasper/jpc/jpc_t2cod.c >+++ src/libjasper/jpc/jpc_t2cod.c >@@ -573,7 +573,7 @@ > } > if (pchglist->numpchgs >= pchglist->maxpchgs) { > newmaxpchgs = pchglist->maxpchgs + 128; >- if (!(newpchgs = jas_realloc(pchglist->pchgs, newmaxpchgs * sizeof(jpc_pchg_t *)))) { >+ if (!(newpchgs = jas_realloc2(pchglist->pchgs, newmaxpchgs, sizeof(jpc_pchg_t *)))) { > return -1; > } > pchglist->maxpchgs = newmaxpchgs; >--- src/libjasper/jpc/jpc_t2dec.c >+++ src/libjasper/jpc/jpc_t2dec.c >@@ -478,7 +478,7 @@ > return 0; > } > pi->numcomps = dec->numcomps; >- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) { >+ if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { > jpc_pi_destroy(pi); > return 0; > } >@@ -490,7 +490,7 @@ > for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps; > compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { > picomp->numrlvls = tcomp->numrlvls; >- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls * >+ if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, > sizeof(jpc_pirlvl_t)))) { > jpc_pi_destroy(pi); > return 0; >@@ -503,7 +503,7 @@ > rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) { > /* XXX sizeof(long) should be sizeof different type */ > pirlvl->numprcs = rlvl->numprcs; >- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs * >+ if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, > sizeof(long)))) { > jpc_pi_destroy(pi); > return 0; >--- src/libjasper/jpc/jpc_t2enc.c >+++ src/libjasper/jpc/jpc_t2enc.c >@@ -565,7 +565,7 @@ > } > pi->pktno = -1; > pi->numcomps = cp->numcmpts; >- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) { >+ if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { > jpc_pi_destroy(pi); > return 0; > } >@@ -577,7 +577,7 @@ > for (compno = 0, tcomp = tile->tcmpts, picomp = pi->picomps; > compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { > picomp->numrlvls = tcomp->numrlvls; >- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls * >+ if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, > sizeof(jpc_pirlvl_t)))) { > jpc_pi_destroy(pi); > return 0; >@@ -591,7 +591,7 @@ > /* XXX sizeof(long) should be sizeof different type */ > pirlvl->numprcs = rlvl->numprcs; > if (rlvl->numprcs) { >- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs * >+ if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, > sizeof(long)))) { > jpc_pi_destroy(pi); > return 0; >--- src/libjasper/jpc/jpc_tagtree.c >+++ src/libjasper/jpc/jpc_tagtree.c >@@ -125,7 +125,7 @@ > ++numlvls; > } while (n > 1); > >- if (!(tree->nodes_ = jas_malloc(tree->numnodes_ * sizeof(jpc_tagtreenode_t)))) { >+ if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) { > return 0; > } > >--- src/libjasper/jpc/jpc_util.c >+++ src/libjasper/jpc/jpc_util.c >@@ -109,7 +109,7 @@ > } > > if (n) { >- if (!(vs = jas_malloc(n * sizeof(double)))) { >+ if (!(vs = jas_alloc2(n, sizeof(double)))) { > return -1; > } > >--- src/libjasper/mif/mif_cod.c >+++ src/libjasper/mif/mif_cod.c >@@ -438,8 +438,7 @@ > int cmptno; > mif_cmpt_t **newcmpts; > assert(maxcmpts >= hdr->numcmpts); >- newcmpts = (!hdr->cmpts) ? jas_malloc(maxcmpts * sizeof(mif_cmpt_t *)) : >- jas_realloc(hdr->cmpts, maxcmpts * sizeof(mif_cmpt_t *)); >+ newcmpts = jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *)); > if (!newcmpts) { > return -1; > } >--- src/libjasper/pnm/pnm_enc.c >+++ src/libjasper/pnm/pnm_enc.c >@@ -374,7 +374,7 @@ > } > } > } else { >- n = sprintf(buf, "%s%ld", ((!(!x && !cmptno)) ? " " : ""), >+ n = snprintf(buf, sizeof buf, "%s%ld", ((!(!x && !cmptno)) ? " " : ""), > (long) v); > if (linelen > 0 && linelen + n > PNM_MAXLINELEN) { > jas_stream_printf(out, "\n");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=163282">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 222819
: 163282 |
163324
|
163328
|
163329
|
170366
