Upstream: https://github.com/uclouvain/openjpeg/commit/1daaa0b909aebdf71be36238d16dfbec83c494ed Bug: https://bugs.gentoo.org/783513 CVE-2021-29338 --- a/src/bin/jp2/opj_compress.c +++ b/src/bin/jp2/opj_compress.c @@ -1967,7 +1967,7 @@ int main(int argc, char **argv) goto fin; } for (i = 0; i < num_images; i++) { - dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN; + dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN; } } if (load_images(dirptr, img_fol.imgdirpath) == 1) { --- a/src/bin/jp2/opj_decompress.c +++ b/src/bin/jp2/opj_decompress.c @@ -1367,7 +1367,6 @@ int main(int argc, char **argv) if (img_fol.set_imgdir == 1) { int it_image; num_images = get_num_images(img_fol.imgdirpath); - dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t)); if (!dirptr) { destroy_parameters(¶meters); @@ -1387,7 +1386,8 @@ int main(int argc, char **argv) goto fin; } for (it_image = 0; it_image < num_images; it_image++) { - dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN; + dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image * + OPJ_PATH_LEN; } if (load_images(dirptr, img_fol.imgdirpath) == 1) { --- a/src/bin/jp2/opj_dump.c +++ b/src/bin/jp2/opj_dump.c @@ -529,13 +529,13 @@ int main(int argc, char *argv[]) } for (it_image = 0; it_image < num_images; it_image++) { - dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN; + dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image * + OPJ_PATH_LEN; } if (load_images(dirptr, img_fol.imgdirpath) == 1) { goto fails; } - if (num_images == 0) { fprintf(stdout, "Folder is empty\n"); goto fails;