--- Begin Message ---
Package: jasper
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for jasper.
CVE-2008-3522[0]:
| Buffer overflow in the jas_stream_printf function in
| libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
| context-dependent attackers to have an unknown impact via vectors
| related to the mif_hdr_put function and use of vsprintf.
CVE-2008-3521[1]:
| The jas_stream_tmpfile function in libjasper/base/jas_stream.c in
| JasPer 1.900.1 allows local users to overwrite arbitrary files via a
| symlink attack on a tmp.XXXXXXXXXX temporary file.
CVE-2008-3520[2]:
| Multiple integer overflows in JasPer 1.900.1 might allow
| context-dependent attackers to have an unknown impact via a crafted
| image file, related to integer multiplication for memory allocation.
CVE-2008-3521 is not really important as the file is opened
with O_EXCL but a patch for all these three issues is
attached.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
http://security-tracker.debian.net/tracker/CVE-2008-3522
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3521
http://security-tracker.debian.net/tracker/CVE-2008-3521
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://security-tracker.debian.net/tracker/CVE-2008-3520
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nurad jasper-1.900.1.orig/src/libjasper/base/jas_cm.c jasper-1.900.1.new/src/libjasper/base/jas_cm.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_cm.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/base/jas_cm.c 2008-10-03 14:17:55.000000000 +0200
@@ -704,8 +704,7 @@
{
jas_cmpxform_t **p;
assert(n >= pxformseq->numpxforms);
- p = (!pxformseq->pxforms) ? jas_malloc(n * sizeof(jas_cmpxform_t *)) :
- jas_realloc(pxformseq->pxforms, n * sizeof(jas_cmpxform_t *));
+ p = jas_realloc2(pxformseq->pxforms, n, sizeof(jas_cmpxform_t *));
if (!p) {
return -1;
}
@@ -889,13 +888,13 @@
jas_cmshapmatlut_cleanup(lut);
if (curv->numents == 0) {
lut->size = 2;
- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t))))
+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t))))
goto error;
lut->data[0] = 0.0;
lut->data[1] = 1.0;
} else if (curv->numents == 1) {
lut->size = 256;
- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t))))
+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t))))
goto error;
gamma = curv->ents[0] / 256.0;
for (i = 0; i < lut->size; ++i) {
@@ -903,7 +902,7 @@
}
} else {
lut->size = curv->numents;
- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t))))
+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t))))
goto error;
for (i = 0; i < lut->size; ++i) {
lut->data[i] = curv->ents[i] / 65535.0;
@@ -953,7 +952,7 @@
return -1;
}
}
- if (!(invlut->data = jas_malloc(n * sizeof(jas_cmreal_t))))
+ if (!(invlut->data = jas_alloc2(n, sizeof(jas_cmreal_t))))
return -1;
invlut->size = n;
for (i = 0; i < invlut->size; ++i) {
diff -Nurad jasper-1.900.1.orig/src/libjasper/base/jas_icc.c jasper-1.900.1.new/src/libjasper/base/jas_icc.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/base/jas_icc.c 2008-10-03 14:17:55.000000000 +0200
@@ -373,7 +373,7 @@
jas_icctagtab_t *tagtab;
tagtab = &prof->tagtab;
- if (!(tagtab->ents = jas_malloc(prof->attrtab->numattrs *
+ if (!(tagtab->ents = jas_alloc2(prof->attrtab->numattrs,
sizeof(jas_icctagtabent_t))))
goto error;
tagtab->numents = prof->attrtab->numattrs;
@@ -522,7 +522,7 @@
}
if (jas_iccgetuint32(in, &tagtab->numents))
goto error;
- if (!(tagtab->ents = jas_malloc(tagtab->numents *
+ if (!(tagtab->ents = jas_alloc2(tagtab->numents,
sizeof(jas_icctagtabent_t))))
goto error;
tagtabent = tagtab->ents;
@@ -743,8 +743,7 @@
{
jas_iccattr_t *newattrs;
assert(maxents >= tab->numattrs);
- newattrs = tab->attrs ? jas_realloc(tab->attrs, maxents *
- sizeof(jas_iccattr_t)) : jas_malloc(maxents * sizeof(jas_iccattr_t));
+ newattrs = jas_realloc2(tab->attrs, maxents, sizeof(jas_iccattr_t));
if (!newattrs)
return -1;
tab->attrs = newattrs;
@@ -999,7 +998,7 @@
if (jas_iccgetuint32(in, &curv->numents))
goto error;
- if (!(curv->ents = jas_malloc(curv->numents * sizeof(jas_iccuint16_t))))
+ if (!(curv->ents = jas_alloc2(curv->numents, sizeof(jas_iccuint16_t))))
goto error;
for (i = 0; i < curv->numents; ++i) {
if (jas_iccgetuint16(in, &curv->ents[i]))
@@ -1100,7 +1099,7 @@
if (jas_iccgetuint32(in, &txtdesc->uclangcode) ||
jas_iccgetuint32(in, &txtdesc->uclen))
goto error;
- if (!(txtdesc->ucdata = jas_malloc(txtdesc->uclen * 2)))
+ if (!(txtdesc->ucdata = jas_alloc2(txtdesc->uclen, 2)))
goto error;
if (jas_stream_read(in, txtdesc->ucdata, txtdesc->uclen * 2) !=
JAS_CAST(int, txtdesc->uclen * 2))
@@ -1292,17 +1291,17 @@
jas_iccgetuint16(in, &lut8->numouttabents))
goto error;
clutsize = jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans;
- if (!(lut8->clut = jas_malloc(clutsize * sizeof(jas_iccuint8_t))) ||
- !(lut8->intabsbuf = jas_malloc(lut8->numinchans *
- lut8->numintabents * sizeof(jas_iccuint8_t))) ||
- !(lut8->intabs = jas_malloc(lut8->numinchans *
+ if (!(lut8->clut = jas_alloc2(clutsize, sizeof(jas_iccuint8_t))) ||
+ !(lut8->intabsbuf = jas_alloc3(lut8->numinchans,
+ lut8->numintabents, sizeof(jas_iccuint8_t))) ||
+ !(lut8->intabs = jas_alloc2(lut8->numinchans,
sizeof(jas_iccuint8_t *))))
goto error;
for (i = 0; i < lut8->numinchans; ++i)
lut8->intabs[i] = &lut8->intabsbuf[i * lut8->numintabents];
- if (!(lut8->outtabsbuf = jas_malloc(lut8->numoutchans *
- lut8->numouttabents * sizeof(jas_iccuint8_t))) ||
- !(lut8->outtabs = jas_malloc(lut8->numoutchans *
+ if (!(lut8->outtabsbuf = jas_alloc3(lut8->numoutchans,
+ lut8->numouttabents, sizeof(jas_iccuint8_t))) ||
+ !(lut8->outtabs = jas_alloc2(lut8->numoutchans,
sizeof(jas_iccuint8_t *))))
goto error;
for (i = 0; i < lut8->numoutchans; ++i)
@@ -1461,17 +1460,17 @@
jas_iccgetuint16(in, &lut16->numouttabents))
goto error;
clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans;
- if (!(lut16->clut = jas_malloc(clutsize * sizeof(jas_iccuint16_t))) ||
- !(lut16->intabsbuf = jas_malloc(lut16->numinchans *
- lut16->numintabents * sizeof(jas_iccuint16_t))) ||
- !(lut16->intabs = jas_malloc(lut16->numinchans *
+ if (!(lut16->clut = jas_alloc2(clutsize, sizeof(jas_iccuint16_t))) ||
+ !(lut16->intabsbuf = jas_alloc3(lut16->numinchans,
+ lut16->numintabents, sizeof(jas_iccuint16_t))) ||
+ !(lut16->intabs = jas_alloc2(lut16->numinchans,
sizeof(jas_iccuint16_t *))))
goto error;
for (i = 0; i < lut16->numinchans; ++i)
lut16->intabs[i] = &lut16->intabsbuf[i * lut16->numintabents];
- if (!(lut16->outtabsbuf = jas_malloc(lut16->numoutchans *
- lut16->numouttabents * sizeof(jas_iccuint16_t))) ||
- !(lut16->outtabs = jas_malloc(lut16->numoutchans *
+ if (!(lut16->outtabsbuf = jas_alloc3(lut16->numoutchans,
+ lut16->numouttabents, sizeof(jas_iccuint16_t))) ||
+ !(lut16->outtabs = jas_alloc2(lut16->numoutchans,
sizeof(jas_iccuint16_t *))))
goto error;
for (i = 0; i < lut16->numoutchans; ++i)
diff -Nurad jasper-1.900.1.orig/src/libjasper/base/jas_image.c jasper-1.900.1.new/src/libjasper/base/jas_image.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_image.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/base/jas_image.c 2008-10-03 14:17:55.000000000 +0200
@@ -142,7 +142,7 @@
image->inmem_ = true;
/* Allocate memory for the per-component information. */
- if (!(image->cmpts_ = jas_malloc(image->maxcmpts_ *
+ if (!(image->cmpts_ = jas_alloc2(image->maxcmpts_,
sizeof(jas_image_cmpt_t *)))) {
jas_image_destroy(image);
return 0;
@@ -774,8 +774,7 @@
jas_image_cmpt_t **newcmpts;
int cmptno;
- newcmpts = (!image->cmpts_) ? jas_malloc(maxcmpts * sizeof(jas_image_cmpt_t *)) :
- jas_realloc(image->cmpts_, maxcmpts * sizeof(jas_image_cmpt_t *));
+ newcmpts = jas_realloc2(image->cmpts_, maxcmpts, sizeof(jas_image_cmpt_t *));
if (!newcmpts) {
return -1;
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/base/jas_malloc.c jasper-1.900.1.new/src/libjasper/base/jas_malloc.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_malloc.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/base/jas_malloc.c 2008-10-03 14:17:55.000000000 +0200
@@ -76,6 +76,9 @@
/* We need the prototype for memset. */
#include <string.h>
+#include <limits.h>
+#include <errno.h>
+#include <stdint.h>
#include "jasper/jas_malloc.h"
@@ -113,18 +116,50 @@
void *jas_realloc(void *ptr, size_t size)
{
- return realloc(ptr, size);
+ return ptr ? realloc(ptr, size) : malloc(size);
}
-void *jas_calloc(size_t nmemb, size_t size)
+void *jas_realloc2(void *ptr, size_t nmemb, size_t size)
+{
+ if (!ptr)
+ return jas_alloc2(nmemb, size);
+ if (nmemb && SIZE_MAX / nmemb < size) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ return jas_realloc(ptr, nmemb * size);
+
+}
+
+void *jas_alloc2(size_t nmemb, size_t size)
+{
+ if (nmemb && SIZE_MAX / nmemb < size) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ return jas_malloc(nmemb * size);
+}
+
+void *jas_alloc3(size_t a, size_t b, size_t c)
{
- void *ptr;
size_t n;
- n = nmemb * size;
- if (!(ptr = jas_malloc(n * sizeof(char)))) {
- return 0;
+
+ if (a && SIZE_MAX / a < b) {
+ errno = ENOMEM;
+ return NULL;
}
- memset(ptr, 0, n);
+
+ return jas_alloc2(a*b, c);
+}
+
+void *jas_calloc(size_t nmemb, size_t size)
+{
+ void *ptr;
+
+ ptr = jas_alloc2(nmemb, size);
+ if (ptr)
+ memset(ptr, 0, nmemb*size);
return ptr;
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/base/jas_seq.c jasper-1.900.1.new/src/libjasper/base/jas_seq.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/base/jas_seq.c 2008-10-03 14:17:55.000000000 +0200
@@ -114,7 +114,7 @@
matrix->datasize_ = numrows * numcols;
if (matrix->maxrows_ > 0) {
- if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ *
+ if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_,
sizeof(jas_seqent_t *)))) {
jas_matrix_destroy(matrix);
return 0;
@@ -122,7 +122,7 @@
}
if (matrix->datasize_ > 0) {
- if (!(matrix->data_ = jas_malloc(matrix->datasize_ *
+ if (!(matrix->data_ = jas_alloc2(matrix->datasize_,
sizeof(jas_seqent_t)))) {
jas_matrix_destroy(matrix);
return 0;
@@ -220,7 +220,7 @@
mat0->numrows_ = r1 - r0 + 1;
mat0->numcols_ = c1 - c0 + 1;
mat0->maxrows_ = mat0->numrows_;
- mat0->rows_ = jas_malloc(mat0->maxrows_ * sizeof(jas_seqent_t *));
+ mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *));
for (i = 0; i < mat0->numrows_; ++i) {
mat0->rows_[i] = mat1->rows_[r0 + i] + c0;
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1.new/src/libjasper/base/jas_stream.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/base/jas_stream.c 2008-10-03 14:19:55.000000000 +0200
@@ -212,7 +212,7 @@
if (buf) {
obj->buf_ = (unsigned char *) buf;
} else {
- obj->buf_ = jas_malloc(obj->bufsize_ * sizeof(char));
+ obj->buf_ = jas_malloc(obj->bufsize_);
obj->myalloc_ = 1;
}
if (!obj->buf_) {
@@ -361,28 +361,22 @@
}
obj->fd = -1;
obj->flags = 0;
- obj->pathname[0] = '\0';
stream->obj_ = obj;
/* Choose a file name. */
- tmpnam(obj->pathname);
+ snprintf(obj->pathname, L_tmpnam, "%stmp.XXXXXXXXXX", P_tmpdir);
/* Open the underlying file. */
- if ((obj->fd = open(obj->pathname, O_CREAT | O_EXCL | O_RDWR | O_TRUNC | O_BINARY,
- JAS_STREAM_PERMS)) < 0) {
+ if ((obj->fd = mkstemp(obj->pathname)) < 0) {
jas_stream_destroy(stream);
return 0;
}
/* Unlink the file so that it will disappear if the program
terminates abnormally. */
- /* Under UNIX, one can unlink an open file and continue to do I/O
- on it. Not all operating systems support this functionality, however.
- For example, under Microsoft Windows the unlink operation will fail,
- since the file is open. */
if (unlink(obj->pathname)) {
- /* We will try unlinking the file again after it is closed. */
- obj->flags |= JAS_STREAM_FILEOBJ_DELONCLOSE;
+ jas_stream_destroy(stream);
+ return 0;
}
/* Use full buffering. */
@@ -553,7 +547,7 @@
int ret;
va_start(ap, fmt);
- ret = vsprintf(buf, fmt, ap);
+ ret = vsnprintf(buf, sizeof buf, fmt, ap);
jas_stream_puts(stream, buf);
va_end(ap);
return ret;
@@ -992,7 +986,7 @@
unsigned char *buf;
assert(m->buf_);
- if (!(buf = jas_realloc(m->buf_, bufsize * sizeof(unsigned char)))) {
+ if (!(buf = jas_realloc(m->buf_, bufsize))) {
return -1;
}
m->buf_ = buf;
diff -Nurad jasper-1.900.1.orig/src/libjasper/bmp/bmp_dec.c jasper-1.900.1.new/src/libjasper/bmp/bmp_dec.c
--- jasper-1.900.1.orig/src/libjasper/bmp/bmp_dec.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/bmp/bmp_dec.c 2008-10-03 14:17:55.000000000 +0200
@@ -283,7 +283,7 @@
}
if (info->numcolors > 0) {
- if (!(info->palents = jas_malloc(info->numcolors *
+ if (!(info->palents = jas_alloc2(info->numcolors,
sizeof(bmp_palent_t)))) {
bmp_info_destroy(info);
return 0;
diff -Nurad jasper-1.900.1.orig/src/libjasper/include/jasper/jas_malloc.h jasper-1.900.1.new/src/libjasper/include/jasper/jas_malloc.h
--- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_malloc.h 2007-01-19 22:43:04.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/include/jasper/jas_malloc.h 2008-10-03 14:17:55.000000000 +0200
@@ -95,6 +95,9 @@
#define jas_free MEMFREE
#define jas_realloc MEMREALLOC
#define jas_calloc MEMCALLOC
+#define jas_alloc2(a, b) MEMALLOC((a)*(b))
+#define jas_alloc3(a, b, c) MEMALLOC((a)*(b)*(c))
+#define jas_realloc2(p, a, b) MEMREALLOC((p), (a)*(b))
#endif
/******************************************************************************\
@@ -115,6 +118,12 @@
/* Allocate a block of memory and initialize the contents to zero. */
void *jas_calloc(size_t nmemb, size_t size);
+/* size-checked double allocation .*/
+void *jas_alloc2(size_t, size_t);
+
+void *jas_alloc3(size_t, size_t, size_t);
+
+void *jas_realloc2(void *, size_t, size_t);
#endif
#ifdef __cplusplus
diff -Nurad jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c jasper-1.900.1.new/src/libjasper/jp2/jp2_cod.c
--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jp2/jp2_cod.c 2008-10-03 14:17:55.000000000 +0200
@@ -372,7 +372,7 @@
jp2_bpcc_t *bpcc = &box->data.bpcc;
unsigned int i;
bpcc->numcmpts = box->datalen;
- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * sizeof(uint_fast8_t)))) {
+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) {
return -1;
}
for (i = 0; i < bpcc->numcmpts; ++i) {
@@ -416,7 +416,7 @@
break;
case JP2_COLR_ICC:
colr->iccplen = box->datalen - 3;
- if (!(colr->iccp = jas_malloc(colr->iccplen * sizeof(uint_fast8_t)))) {
+ if (!(colr->iccp = jas_alloc2(colr->iccplen, sizeof(uint_fast8_t)))) {
return -1;
}
if (jas_stream_read(in, colr->iccp, colr->iccplen) != colr->iccplen) {
@@ -453,7 +453,7 @@
if (jp2_getuint16(in, &cdef->numchans)) {
return -1;
}
- if (!(cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)))) {
+ if (!(cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)))) {
return -1;
}
for (channo = 0; channo < cdef->numchans; ++channo) {
@@ -766,7 +766,7 @@
unsigned int i;
cmap->numchans = (box->datalen) / 4;
- if (!(cmap->ents = jas_malloc(cmap->numchans * sizeof(jp2_cmapent_t)))) {
+ if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) {
return -1;
}
for (i = 0; i < cmap->numchans; ++i) {
@@ -828,10 +828,10 @@
return -1;
}
lutsize = pclr->numlutents * pclr->numchans;
- if (!(pclr->lutdata = jas_malloc(lutsize * sizeof(int_fast32_t)))) {
+ if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) {
return -1;
}
- if (!(pclr->bpc = jas_malloc(pclr->numchans * sizeof(uint_fast8_t)))) {
+ if (!(pclr->bpc = jas_alloc2(pclr->numchans, sizeof(uint_fast8_t)))) {
return -1;
}
for (i = 0; i < pclr->numchans; ++i) {
diff -Nurad jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c jasper-1.900.1.new/src/libjasper/jp2/jp2_dec.c
--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jp2/jp2_dec.c 2008-10-03 14:17:55.000000000 +0200
@@ -336,7 +336,7 @@
}
/* Allocate space for the channel-number to component-number LUT. */
- if (!(dec->chantocmptlut = jas_malloc(dec->numchans * sizeof(uint_fast16_t)))) {
+ if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) {
jas_eprintf("error: no memory\n");
goto error;
}
@@ -354,7 +354,7 @@
if (cmapent->map == JP2_CMAP_DIRECT) {
dec->chantocmptlut[channo] = channo;
} else if (cmapent->map == JP2_CMAP_PALETTE) {
- lutents = jas_malloc(pclrd->numlutents * sizeof(int_fast32_t));
+ lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t));
for (i = 0; i < pclrd->numlutents; ++i) {
lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans];
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/jp2/jp2_enc.c jasper-1.900.1.new/src/libjasper/jp2/jp2_enc.c
--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_enc.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jp2/jp2_enc.c 2008-10-03 14:17:55.000000000 +0200
@@ -191,7 +191,7 @@
}
bpcc = &box->data.bpcc;
bpcc->numcmpts = jas_image_numcmpts(image);
- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts *
+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts,
sizeof(uint_fast8_t)))) {
goto error;
}
@@ -285,7 +285,7 @@
}
cdef = &box->data.cdef;
cdef->numchans = jas_image_numcmpts(image);
- cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t));
+ cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t));
for (i = 0; i < jas_image_numcmpts(image); ++i) {
cdefchanent = &cdef->ents[i];
cdefchanent->channo = i;
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c jasper-1.900.1.new/src/libjasper/jpc/jpc_cs.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_cs.c 2008-10-03 14:17:55.000000000 +0200
@@ -502,7 +502,7 @@
!siz->tileheight || !siz->numcomps) {
return -1;
}
- if (!(siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)))) {
+ if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) {
return -1;
}
for (i = 0; i < siz->numcomps; ++i) {
@@ -982,8 +982,11 @@
compparms->numstepsizes = (len - n) / 2;
break;
}
- if (compparms->numstepsizes > 0) {
- compparms->stepsizes = jas_malloc(compparms->numstepsizes *
+ if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
+ jpc_qcx_destroycompparms(compparms);
+ return -1;
+ } else if (compparms->numstepsizes > 0) {
+ compparms->stepsizes = jas_alloc2(compparms->numstepsizes,
sizeof(uint_fast16_t));
assert(compparms->stepsizes);
for (i = 0; i < compparms->numstepsizes; ++i) {
@@ -1091,7 +1094,7 @@
ppm->len = ms->len - 1;
if (ppm->len > 0) {
- if (!(ppm->data = jas_malloc(ppm->len * sizeof(unsigned char)))) {
+ if (!(ppm->data = jas_malloc(ppm->len))) {
goto error;
}
if (JAS_CAST(uint, jas_stream_read(in, ppm->data, ppm->len)) != ppm->len) {
@@ -1160,7 +1163,7 @@
}
ppt->len = ms->len - 1;
if (ppt->len > 0) {
- if (!(ppt->data = jas_malloc(ppt->len * sizeof(unsigned char)))) {
+ if (!(ppt->data = jas_malloc(ppt->len))) {
goto error;
}
if (jas_stream_read(in, (char *) ppt->data, ppt->len) != JAS_CAST(int, ppt->len)) {
@@ -1223,7 +1226,7 @@
uint_fast8_t tmp;
poc->numpchgs = (cstate->numcomps > 256) ? (ms->len / 9) :
(ms->len / 7);
- if (!(poc->pchgs = jas_malloc(poc->numpchgs * sizeof(jpc_pocpchg_t)))) {
+ if (!(poc->pchgs = jas_alloc2(poc->numpchgs, sizeof(jpc_pocpchg_t)))) {
goto error;
}
for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno,
@@ -1328,7 +1331,7 @@
jpc_crgcomp_t *comp;
uint_fast16_t compno;
crg->numcomps = cstate->numcomps;
- if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) {
+ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
return -1;
}
for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
@@ -1467,7 +1470,7 @@
cstate = 0;
if (ms->len > 0) {
- if (!(unk->data = jas_malloc(ms->len * sizeof(unsigned char)))) {
+ if (!(unk->data = jas_malloc(ms->len))) {
return -1;
}
if (jas_stream_read(in, (char *) unk->data, ms->len) != JAS_CAST(int, ms->len)) {
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1.new/src/libjasper/jpc/jpc_dec.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_dec.c 2008-10-03 14:17:55.000000000 +0200
@@ -449,7 +449,7 @@
if (dec->state == JPC_MH) {
- compinfos = jas_malloc(dec->numcomps * sizeof(jas_image_cmptparm_t));
+ compinfos = jas_alloc2(dec->numcomps, sizeof(jas_image_cmptparm_t));
assert(compinfos);
for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos;
cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) {
@@ -692,7 +692,7 @@
tile->realmode = 1;
}
tcomp->numrlvls = ccp->numrlvls;
- if (!(tcomp->rlvls = jas_malloc(tcomp->numrlvls *
+ if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls,
sizeof(jpc_dec_rlvl_t)))) {
return -1;
}
@@ -764,7 +764,7 @@
rlvl->cbgheightexpn);
rlvl->numbands = (!rlvlno) ? 1 : 3;
- if (!(rlvl->bands = jas_malloc(rlvl->numbands *
+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands,
sizeof(jpc_dec_band_t)))) {
return -1;
}
@@ -797,7 +797,7 @@
assert(rlvl->numprcs);
- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_dec_prc_t)))) {
+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) {
return -1;
}
@@ -834,7 +834,7 @@
if (!(prc->numimsbstagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) {
return -1;
}
- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_dec_cblk_t)))) {
+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) {
return -1;
}
@@ -1069,12 +1069,12 @@
/* Apply an inverse intercomponent transform if necessary. */
switch (tile->cp->mctid) {
case JPC_MCT_RCT:
- assert(dec->numcomps == 3);
+ assert(dec->numcomps == 3 || dec->numcomps == 4);
jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data,
tile->tcomps[2].data);
break;
case JPC_MCT_ICT:
- assert(dec->numcomps == 3);
+ assert(dec->numcomps == 3 || dec->numcomps == 4);
jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data,
tile->tcomps[2].data);
break;
@@ -1181,7 +1181,7 @@
return -1;
}
- if (!(dec->cmpts = jas_malloc(dec->numcomps * sizeof(jpc_dec_cmpt_t)))) {
+ if (!(dec->cmpts = jas_alloc2(dec->numcomps, sizeof(jpc_dec_cmpt_t)))) {
return -1;
}
@@ -1204,7 +1204,7 @@
dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
dec->numtiles = dec->numhtiles * dec->numvtiles;
- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) {
+ if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) {
return -1;
}
@@ -1228,7 +1228,7 @@
tile->pkthdrstreampos = 0;
tile->pptstab = 0;
tile->cp = 0;
- if (!(tile->tcomps = jas_malloc(dec->numcomps *
+ if (!(tile->tcomps = jas_alloc2(dec->numcomps,
sizeof(jpc_dec_tcomp_t)))) {
return -1;
}
@@ -1489,7 +1489,7 @@
cp->numlyrs = 0;
cp->mctid = 0;
cp->csty = 0;
- if (!(cp->ccps = jas_malloc(cp->numcomps * sizeof(jpc_dec_ccp_t)))) {
+ if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) {
return 0;
}
if (!(cp->pchglist = jpc_pchglist_create())) {
@@ -2048,7 +2048,7 @@
}
streamlist->numstreams = 0;
streamlist->maxstreams = 100;
- if (!(streamlist->streams = jas_malloc(streamlist->maxstreams *
+ if (!(streamlist->streams = jas_alloc2(streamlist->maxstreams,
sizeof(jas_stream_t *)))) {
jas_free(streamlist);
return 0;
@@ -2068,8 +2068,8 @@
/* Grow the array of streams if necessary. */
if (streamlist->numstreams >= streamlist->maxstreams) {
newmaxstreams = streamlist->maxstreams + 1024;
- if (!(newstreams = jas_realloc(streamlist->streams,
- (newmaxstreams + 1024) * sizeof(jas_stream_t *)))) {
+ if (!(newstreams = jas_realloc2(streamlist->streams,
+ (newmaxstreams + 1024), sizeof(jas_stream_t *)))) {
return -1;
}
for (i = streamlist->numstreams; i < streamlist->maxstreams; ++i) {
@@ -2155,8 +2155,7 @@
{
jpc_ppxstabent_t **newents;
if (tab->maxents < maxents) {
- newents = (tab->ents) ? jas_realloc(tab->ents, maxents *
- sizeof(jpc_ppxstabent_t *)) : jas_malloc(maxents * sizeof(jpc_ppxstabent_t *));
+ newents = jas_realloc2(tab->ents, maxents, sizeof(jpc_ppxstabent_t *));
if (!newents) {
return -1;
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_enc.c jasper-1.900.1.new/src/libjasper/jpc/jpc_enc.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_enc.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_enc.c 2008-10-03 14:17:55.000000000 +0200
@@ -403,7 +403,7 @@
vsteplcm *= jas_image_cmptvstep(image, cmptno);
}
- if (!(cp->ccps = jas_malloc(cp->numcmpts * sizeof(jpc_enc_ccp_t)))) {
+ if (!(cp->ccps = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_ccp_t)))) {
goto error;
}
for (cmptno = 0, ccp = cp->ccps; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno,
@@ -656,7 +656,7 @@
if (ilyrrates && numilyrrates > 0) {
tcp->numlyrs = numilyrrates + 1;
- if (!(tcp->ilyrrates = jas_malloc((tcp->numlyrs - 1) *
+ if (!(tcp->ilyrrates = jas_alloc2((tcp->numlyrs - 1),
sizeof(jpc_fix_t)))) {
goto error;
}
@@ -940,7 +940,7 @@
siz->tilewidth = cp->tilewidth;
siz->tileheight = cp->tileheight;
siz->numcomps = cp->numcmpts;
- siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t));
+ siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t));
assert(siz->comps);
for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) {
siz->comps[i].prec = cp->ccps[i].prec;
@@ -977,7 +977,7 @@
return -1;
}
crg = &enc->mrk->parms.crg;
- crg->comps = jas_malloc(crg->numcomps * sizeof(jpc_crgcomp_t));
+ crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t));
if (jpc_putms(enc->out, enc->cstate, enc->mrk)) {
jas_eprintf("cannot write CRG marker\n");
return -1;
@@ -1955,7 +1955,7 @@
tile->mctid = cp->tcp.mctid;
tile->numlyrs = cp->tcp.numlyrs;
- if (!(tile->lyrsizes = jas_malloc(tile->numlyrs *
+ if (!(tile->lyrsizes = jas_alloc2(tile->numlyrs,
sizeof(uint_fast32_t)))) {
goto error;
}
@@ -1964,7 +1964,7 @@
}
/* Allocate an array for the per-tile-component information. */
- if (!(tile->tcmpts = jas_malloc(cp->numcmpts * sizeof(jpc_enc_tcmpt_t)))) {
+ if (!(tile->tcmpts = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_tcmpt_t)))) {
goto error;
}
/* Initialize a few members critical for error recovery. */
@@ -2110,7 +2110,7 @@
jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data),
jas_seq2d_yend(tcmpt->data), bandinfos);
- if (!(tcmpt->rlvls = jas_malloc(tcmpt->numrlvls * sizeof(jpc_enc_rlvl_t)))) {
+ if (!(tcmpt->rlvls = jas_alloc2(tcmpt->numrlvls, sizeof(jpc_enc_rlvl_t)))) {
goto error;
}
for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls;
@@ -2213,7 +2213,7 @@
rlvl->numvprcs = JPC_FLOORDIVPOW2(brprcbry - tlprctly, rlvl->prcheightexpn);
rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs;
- if (!(rlvl->bands = jas_malloc(rlvl->numbands * sizeof(jpc_enc_band_t)))) {
+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_enc_band_t)))) {
goto error;
}
for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands;
@@ -2290,7 +2290,7 @@
band->synweight = bandinfo->synenergywt;
if (band->data) {
- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_enc_prc_t)))) {
+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_enc_prc_t)))) {
goto error;
}
for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno,
@@ -2422,7 +2422,7 @@
goto error;
}
- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_enc_cblk_t)))) {
+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_enc_cblk_t)))) {
goto error;
}
for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks;
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqdec.c jasper-1.900.1.new/src/libjasper/jpc/jpc_mqdec.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqdec.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_mqdec.c 2008-10-03 14:17:55.000000000 +0200
@@ -118,7 +118,7 @@
mqdec->in = in;
mqdec->maxctxs = maxctxs;
/* Allocate memory for the per-context state information. */
- if (!(mqdec->ctxs = jas_malloc(mqdec->maxctxs * sizeof(jpc_mqstate_t *)))) {
+ if (!(mqdec->ctxs = jas_alloc2(mqdec->maxctxs, sizeof(jpc_mqstate_t *)))) {
goto error;
}
/* Set the current context to the first context. */
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqenc.c jasper-1.900.1.new/src/libjasper/jpc/jpc_mqenc.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqenc.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_mqenc.c 2008-10-03 14:17:55.000000000 +0200
@@ -197,7 +197,7 @@
mqenc->maxctxs = maxctxs;
/* Allocate memory for the per-context state information. */
- if (!(mqenc->ctxs = jas_malloc(mqenc->maxctxs * sizeof(jpc_mqstate_t *)))) {
+ if (!(mqenc->ctxs = jas_alloc2(mqenc->maxctxs, sizeof(jpc_mqstate_t *)))) {
goto error;
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c 2008-10-03 14:17:55.000000000 +0200
@@ -321,7 +321,7 @@
#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide in this case. */
abort();
}
@@ -389,7 +389,7 @@
#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide in this case. */
abort();
}
@@ -460,7 +460,7 @@
#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide in this case. */
abort();
}
@@ -549,7 +549,7 @@
#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide in this case. */
abort();
}
@@ -633,7 +633,7 @@
#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide. */
abort();
}
@@ -698,7 +698,7 @@
#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide. */
abort();
}
@@ -766,7 +766,7 @@
#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide. */
abort();
}
@@ -852,7 +852,7 @@
#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t)))) {
+ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
/* We have no choice but to commit suicide. */
abort();
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_t1enc.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t1enc.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t1enc.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t1enc.c 2008-10-03 14:17:55.000000000 +0200
@@ -219,7 +219,7 @@
cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0;
if (cblk->numpasses > 0) {
- cblk->passes = jas_malloc(cblk->numpasses * sizeof(jpc_enc_pass_t));
+ cblk->passes = jas_alloc2(cblk->numpasses, sizeof(jpc_enc_pass_t));
assert(cblk->passes);
} else {
cblk->passes = 0;
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c 2008-10-03 14:17:55.000000000 +0200
@@ -573,7 +573,7 @@
}
if (pchglist->numpchgs >= pchglist->maxpchgs) {
newmaxpchgs = pchglist->maxpchgs + 128;
- if (!(newpchgs = jas_realloc(pchglist->pchgs, newmaxpchgs * sizeof(jpc_pchg_t *)))) {
+ if (!(newpchgs = jas_realloc2(pchglist->pchgs, newmaxpchgs, sizeof(jpc_pchg_t *)))) {
return -1;
}
pchglist->maxpchgs = newmaxpchgs;
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2dec.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t2dec.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2dec.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t2dec.c 2008-10-03 14:17:55.000000000 +0200
@@ -478,7 +478,7 @@
return 0;
}
pi->numcomps = dec->numcomps;
- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) {
+ if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) {
jpc_pi_destroy(pi);
return 0;
}
@@ -490,7 +490,7 @@
for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps;
compno < pi->numcomps; ++compno, ++tcomp, ++picomp) {
picomp->numrlvls = tcomp->numrlvls;
- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls *
+ if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls,
sizeof(jpc_pirlvl_t)))) {
jpc_pi_destroy(pi);
return 0;
@@ -503,7 +503,7 @@
rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) {
/* XXX sizeof(long) should be sizeof different type */
pirlvl->numprcs = rlvl->numprcs;
- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs *
+ if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs,
sizeof(long)))) {
jpc_pi_destroy(pi);
return 0;
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2enc.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t2enc.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2enc.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t2enc.c 2008-10-03 14:17:55.000000000 +0200
@@ -565,7 +565,7 @@
}
pi->pktno = -1;
pi->numcomps = cp->numcmpts;
- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) {
+ if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) {
jpc_pi_destroy(pi);
return 0;
}
@@ -577,7 +577,7 @@
for (compno = 0, tcomp = tile->tcmpts, picomp = pi->picomps;
compno < pi->numcomps; ++compno, ++tcomp, ++picomp) {
picomp->numrlvls = tcomp->numrlvls;
- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls *
+ if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls,
sizeof(jpc_pirlvl_t)))) {
jpc_pi_destroy(pi);
return 0;
@@ -591,7 +591,7 @@
/* XXX sizeof(long) should be sizeof different type */
pirlvl->numprcs = rlvl->numprcs;
if (rlvl->numprcs) {
- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs *
+ if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs,
sizeof(long)))) {
jpc_pi_destroy(pi);
return 0;
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_tagtree.c jasper-1.900.1.new/src/libjasper/jpc/jpc_tagtree.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_tagtree.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_tagtree.c 2008-10-03 14:17:55.000000000 +0200
@@ -125,7 +125,7 @@
++numlvls;
} while (n > 1);
- if (!(tree->nodes_ = jas_malloc(tree->numnodes_ * sizeof(jpc_tagtreenode_t)))) {
+ if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) {
return 0;
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/jpc/jpc_util.c jasper-1.900.1.new/src/libjasper/jpc/jpc_util.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_util.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_util.c 2008-10-03 14:17:55.000000000 +0200
@@ -109,7 +109,7 @@
}
if (n) {
- if (!(vs = jas_malloc(n * sizeof(double)))) {
+ if (!(vs = jas_alloc2(n, sizeof(double)))) {
return -1;
}
diff -Nurad jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1.new/src/libjasper/mif/mif_cod.c
--- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/mif/mif_cod.c 2008-10-03 14:17:55.000000000 +0200
@@ -438,8 +438,7 @@
int cmptno;
mif_cmpt_t **newcmpts;
assert(maxcmpts >= hdr->numcmpts);
- newcmpts = (!hdr->cmpts) ? jas_malloc(maxcmpts * sizeof(mif_cmpt_t *)) :
- jas_realloc(hdr->cmpts, maxcmpts * sizeof(mif_cmpt_t *));
+ newcmpts = jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *));
if (!newcmpts) {
return -1;
}
pgp6NYVne6PFs.pgp
Description: PGP signature
--- End Message ---
