From 2bd1657c07e9815b89d0553c782b841d11630580 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Fri, 1 Dec 2023 09:27:08 -0800 Subject: [PATCH] Fixed a potential integer overflow problem in the jas_safeui32_to_intfast32 function. --- src/libjasper/include/jasper/jas_math.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libjasper/include/jasper/jas_math.h b/src/libjasper/include/jasper/jas_math.h index 17c07116..6df20412 100644 --- a/src/libjasper/include/jasper/jas_math.h +++ b/src/libjasper/include/jasper/jas_math.h @@ -407,7 +407,7 @@ inline static bool jas_safe_uint_mul(unsigned x, unsigned y, unsigned *result) * Safe 32-bit unsigned integer arithmetic (i.e., with overflow checking). \******************************************************************************/ -#define JAS_SAFEUI32_MAX (0xffffffffU) +#define JAS_SAFEUI32_MAX (0xffffffffUL) typedef struct { bool valid; @@ -432,7 +432,8 @@ JAS_ATTRIBUTE_PURE static inline bool jas_safeui32_to_intfast32(jas_safeui32_t x, int_fast32_t* y) { - if (x.value <= INT_FAST32_MAX) { + const long I32_MAX = 0x7fffffffL; + if (x.value <= I32_MAX) { *y = x.value; return true; } else {