- Modified TileManager.cc to verify that malloc() has correctly alloc…

…ated memory.

- Updated numerical types to std::size_t in RawTile.h, TileManager.cc, KakaduImage.cc, OpenJPEG.cc and Transforms.cc when allocating memory via new to avoid integer overflow - fixes remaining problems identified in #223.

ChangeLog

@@ -1,3 +1,10 @@
+16/01/2022:
+	- Modified TileManager.cc to verify that malloc() has correctly allocated memory.
+	- Updated numerical types to std::size_t in RawTile.h, TileManager.cc, KakaduImage.cc, OpenJPEG.cc and Transforms.cc
+	  when allocating memory via new to avoid integer overflow - fixes remaining problems identified in
+	  https://github.com/ruven/iipsrv/issues/223.
+
+
 15/01/2022:
 	- Added verification that image has been set in SPECTRA.cc and check on the validity of the requested tile
 	  resolution in JTL.cc. Fixes a couple of the crash conditions reported in https://github.com/ruven/iipsrv/issues/223

src/KakaduImage.cc

@@ -447,11 +447,12 @@ RawTile KakaduImage::getRegion( int seq, int ang, unsigned int res, int layers,
 
   RawTile rawtile( 0, res, seq, ang, w, h, channels, obpc );
 
-  if( obpc == 16 ) rawtile.data = new unsigned short[w*h*channels];
-  else if( obpc == 8 ) rawtile.data = new unsigned char[w*h*channels];
+  size_t np = (size_t) w * (size_t) h * (size_t) channels;
+  if( obpc == 16 ) rawtile.data = new unsigned short[np];
+  else if( obpc == 8 ) rawtile.data = new unsigned char[np];
   else throw file_error( "Kakadu :: Unsupported number of bits" );
 
-  rawtile.dataLength = w*h*channels*(obpc/8);
+  rawtile.dataLength = np*(obpc/8);
   rawtile.filename = getImagePath();
   rawtile.timestamp = timestamp;
 

src/OpenJPEGImage.cc

@@ -376,11 +376,12 @@ RawTile OpenJPEGImage::getRegion( int ha, int va, unsigned int res, int layers,
 
   RawTile rawtile( 0, res, ha, va, w, h, channels, obpc );
 
-  if( obpc == 16 ) rawtile.data = new unsigned short[w * h * channels];
-  else if( obpc == 8 ) rawtile.data = new unsigned char[w * h * channels];
+  size_t np = (size_t) w * (size_t) h * (size_t) channels;
+  if( obpc == 16 ) rawtile.data = new unsigned short[np];
+  else if( obpc == 8 ) rawtile.data = new unsigned char[np];
   else throw file_error( "OpenJPEG :: Unsupported number of bits" );
 
-  rawtile.dataLength = w*h*channels*(obpc/8);
+  rawtile.dataLength = np*(obpc/8);
   rawtile.filename = getImagePath();
   rawtile.timestamp = timestamp;
 

src/RawTile.h

@@ -79,7 +79,7 @@ class RawTile{
   int memoryManaged;
 
   /// The size of the data pointed to by data
-  unsigned int dataLength;
+  size_t dataLength;
 
   /// The width in pixels of this tile
   unsigned int width;

src/TileManager.cc

@@ -4,7 +4,7 @@
 
 /*  IIP Server: Tile Cache Handler
 
-    Copyright (C) 2005-2021 Ruven Pillay.
+    Copyright (C) 2005-2022 Ruven Pillay.
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -130,8 +130,14 @@ void TileManager::crop( RawTile *ttt ){
 
   // Create a new buffer, fill it with the old data, then copy
   // back the cropped part into the RawTile buffer
-  int len = tw * th * ttt->channels * (ttt->bpc/8);
+  unsigned int len = tw * th * ttt->channels * (ttt->bpc/8);
   unsigned char* buffer = (unsigned char*) malloc( len );
+
+  // Check whether we have successfully allocated memory via malloc
+  if( buffer == NULL ){
+    std::bad_alloc e;
+    throw e;
+  }
   unsigned char* src_ptr = (unsigned char*) memcpy( buffer, ttt->data, len );
   unsigned char* dst_ptr = (unsigned char*) ttt->data;
 
@@ -365,21 +371,22 @@ RawTile TileManager::getRegion( unsigned int res, int seq, int ang, int layers,
 
   // Create an empty tile with the correct dimensions
   RawTile region( 0, res, seq, ang, width, height, channels, bpc );
-  region.dataLength = width * height * channels * (bpc/8);
+  size_t np = (size_t) width * (size_t) height * (size_t) channels;
+  region.dataLength = np * (bpc/8);
   region.sampleType = sampleType;
 
   // Allocate memory for the region
-  if( bpc == 8 ) region.data = new unsigned char[width*height*channels];
-  else if( bpc == 16 ) region.data = new unsigned short[width*height*channels];
-  else if( bpc == 32 && sampleType == FIXEDPOINT ) region.data = new int[width*height*channels];
-  else if( bpc == 32 && sampleType == FLOATINGPOINT ) region.data = new float[width*height*channels];
+  if( bpc == 8 ) region.data = new unsigned char[np];
+  else if( bpc == 16 ) region.data = new unsigned short[np];
+  else if( bpc == 32 && sampleType == FIXEDPOINT ) region.data = new int[np];
+  else if( bpc == 32 && sampleType == FLOATINGPOINT ) region.data = new float[np];
 
   unsigned int current_height = 0;
 
   // Decode the image strip by strip
   for( unsigned int i=starty; i<endy; i++ ){
 
-    unsigned int buffer_index = 0;
+    unsigned long buffer_index = 0;
 
     // Keep track of the current pixel boundary horizontally. ie. only up
     //  to the beginning of the current tile boundary.

src/Transforms.cc

@@ -532,7 +532,7 @@ void Transform::interpolate_nearestneighbour( RawTile& in, unsigned int resample
   // Correctly set our Rawtile info
   in.width = resampled_width;
   in.height = resampled_height;
-  in.dataLength = resampled_width * resampled_height * channels * (in.bpc/8);
+  in.dataLength = (size_t)resampled_width * (size_t)resampled_height * (size_t)channels * (size_t)(in.bpc/8);
   in.data = output;
 }
 
@@ -618,7 +618,7 @@ void Transform::interpolate_bilinear( RawTile& in, unsigned int resampled_width,
   // Correctly set our Rawtile info
   in.width = resampled_width;
   in.height = resampled_height;
-  in.dataLength = resampled_width * resampled_height * channels * (in.bpc/8);
+  in.dataLength = (size_t)resampled_width * (size_t)resampled_height * (size_t)channels * (size_t)(in.bpc/8);
   in.data = output;
 }