If x is 0, 'x - 1' is in the previous line, or worse outside the buffer
for the first line.
If y is 0, 'x - image->comps[compno].w' is outside the buffer.
Finally, image->comps[compno].w is unsigned (at least in openjpeg2), so
the calculation could silently wrap around without the explicit cast t
On Thu, Oct 13, 2016 at 10:25 PM, Andreas Cadhalpun
wrote:
> If x is 0, 'x - 1' is in the previous line, or worse outside the buffer
> for the first line.
>
> If y is 0, 'x - image->comps[compno].w' is outside the buffer.
>
I'm slightly puzzled, as you say, these are for edge handling, edges
in t
On 14.10.2016 00:00, Hendrik Leppkes wrote:
> On Thu, Oct 13, 2016 at 10:25 PM, Andreas Cadhalpun
> wrote:
>> If x is 0, 'x - 1' is in the previous line, or worse outside the buffer
>> for the first line.
>>
>> If y is 0, 'x - image->comps[compno].w' is outside the buffer.
>>
>
> I'm slightly puz
On Fri, Oct 14, 2016 at 12:23:02AM +0200, Andreas Cadhalpun wrote:
> On 14.10.2016 00:00, Hendrik Leppkes wrote:
> > On Thu, Oct 13, 2016 at 10:25 PM, Andreas Cadhalpun
> > wrote:
> >> If x is 0, 'x - 1' is in the previous line, or worse outside the buffer
> >> for the first line.
> >>
> >> If y i
On 14.10.2016 00:49, Michael Niedermayer wrote:
> On Fri, Oct 14, 2016 at 12:23:02AM +0200, Andreas Cadhalpun wrote:
>> The avctx->width/avctx->height is not zero, but libopenjpeg_copy_unpacked8
>> does:
>
>> width = avctx->width / image->comps[compno].dx;
>> height = avctx->heigh
On Fri, Oct 14, 2016 at 02:00:49AM +0200, Andreas Cadhalpun wrote:
> On 14.10.2016 00:49, Michael Niedermayer wrote:
> > On Fri, Oct 14, 2016 at 12:23:02AM +0200, Andreas Cadhalpun wrote:
> >> The avctx->width/avctx->height is not zero, but libopenjpeg_copy_unpacked8
> >> does:
> >
> >> wi
On Thu, Oct 13, 2016 at 6:49 PM, Michael Niedermayer wrote:
>
> > libopenjpegenc.c | 18 +-
> > 1 file changed, 9 insertions(+), 9 deletions(-)
> > 17061aee3e88729993c9581f688cbfda01fccaac 0001-libopenjpegenc-fix-out-
> of-bounds-reads-when-filling-.patch
> > From 1461064c1eaab
On 14.10.2016 06:08, Michael Bradshaw wrote:
> On Thu, Oct 13, 2016 at 6:49 PM, Michael Niedermayer > wrote:
>>
>>> libopenjpegenc.c | 18 +-
>>> 1 file changed, 9 insertions(+), 9 deletions(-)
>>> 17061aee3e88729993c9581f688cbfda01fccaac 0001-libopenjpegenc-fix-out-
>> of-bound