Merge 01719f0423
into 2d606701e8
This commit is contained in:
commit
44c0cf143e
|
@ -1072,6 +1072,8 @@ void color_esycc_to_rgb(opj_image_t *image)
|
||||||
int y, cb, cr, sign1, sign2, val;
|
int y, cb, cr, sign1, sign2, val;
|
||||||
unsigned int w, h, max, i;
|
unsigned int w, h, max, i;
|
||||||
int flip_value = (1 << (image->comps[0].prec - 1));
|
int flip_value = (1 << (image->comps[0].prec - 1));
|
||||||
|
// runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
|
||||||
|
// runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
|
||||||
int max_value = (1 << image->comps[0].prec) - 1;
|
int max_value = (1 << image->comps[0].prec) - 1;
|
||||||
|
|
||||||
if (
|
if (
|
||||||
|
|
|
@ -1192,6 +1192,7 @@ OPJ_BOOL opj_t1_ht_decode_cblk(opj_t1_t *t1,
|
||||||
cblkdata = t1->cblkdatabuffer;
|
cblkdata = t1->cblkdatabuffer;
|
||||||
cblk_len = 0;
|
cblk_len = 0;
|
||||||
for (i = 0; i < cblk->numchunks; i++) {
|
for (i = 0; i < cblk->numchunks; i++) {
|
||||||
|
assert(cblkdata!=NULL && "memcpy on NULL is undefined behaviour");
|
||||||
memcpy(cblkdata + cblk_len, cblk->chunks[i].data, cblk->chunks[i].len);
|
memcpy(cblkdata + cblk_len, cblk->chunks[i].data, cblk->chunks[i].len);
|
||||||
cblk_len += cblk->chunks[i].len;
|
cblk_len += cblk->chunks[i].len;
|
||||||
}
|
}
|
||||||
|
|
|
@ -7817,6 +7817,11 @@ OPJ_BOOL opj_j2k_setup_encoder(opj_j2k_t *p_j2k,
|
||||||
image->comps[0].h * image->comps[0].prec) /
|
image->comps[0].h * image->comps[0].prec) /
|
||||||
((double)parameters->tcp_rates[parameters->tcp_numlayers - 1] * 8 *
|
((double)parameters->tcp_rates[parameters->tcp_numlayers - 1] * 8 *
|
||||||
image->comps[0].dx * image->comps[0].dy));
|
image->comps[0].dx * image->comps[0].dy));
|
||||||
|
// this is problematic because INT_MAX is converted to float, but
|
||||||
|
// it can not represent that value (2147483647) exactly, instead it
|
||||||
|
// becomes 2147483648.0f which means the else clause may be hit with
|
||||||
|
// the value 2147483648.0f. that can not be represented as an int,
|
||||||
|
// so the assignment to int is undefined behaviour
|
||||||
if (temp_size > INT_MAX) {
|
if (temp_size > INT_MAX) {
|
||||||
parameters->max_cs_size = INT_MAX;
|
parameters->max_cs_size = INT_MAX;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -2324,6 +2324,7 @@ static OPJ_BOOL opj_tcd_dc_level_shift_decode(opj_tcd_t *p_tcd)
|
||||||
l_max);
|
l_max);
|
||||||
++l_current_ptr;
|
++l_current_ptr;
|
||||||
}
|
}
|
||||||
|
assert(l_current_ptr!=NULL && "pointer arithmetic on null pointer is undefined behaviour");
|
||||||
l_current_ptr += l_stride;
|
l_current_ptr += l_stride;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -2342,6 +2343,7 @@ static OPJ_BOOL opj_tcd_dc_level_shift_decode(opj_tcd_t *p_tcd)
|
||||||
}
|
}
|
||||||
++l_current_ptr;
|
++l_current_ptr;
|
||||||
}
|
}
|
||||||
|
assert(l_current_ptr!=NULL && "pointer arithmetic on null pointer is undefined behaviour");
|
||||||
l_current_ptr += l_stride;
|
l_current_ptr += l_stride;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
build-*/
|
|
@ -0,0 +1,56 @@
|
||||||
|
#/bin/sh
|
||||||
|
#
|
||||||
|
# this creates builds which can be used to fuzz with afl
|
||||||
|
#
|
||||||
|
# by Paul Dreik 20220825
|
||||||
|
|
||||||
|
set -eux
|
||||||
|
|
||||||
|
here=$(dirname $0)
|
||||||
|
gitroot=$(git -C $here rev-parse --show-toplevel)
|
||||||
|
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# afl clang
|
||||||
|
export AFL_USE_ASAN=1
|
||||||
|
export AFL_USE_UBSAN=1
|
||||||
|
|
||||||
|
target=$here/build-afl-clang
|
||||||
|
|
||||||
|
cmake \
|
||||||
|
-DCMAKE_C_COMPILER=afl-clang-fast \
|
||||||
|
-S $gitroot -B $target
|
||||||
|
|
||||||
|
cmake --build $target -j $(nproc)
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# afl clang, with asserts disabled
|
||||||
|
|
||||||
|
target=$here/build-afl-clang-ndebug
|
||||||
|
|
||||||
|
cmake \
|
||||||
|
-DCMAKE_C_COMPILER=afl-clang-fast \
|
||||||
|
-DCMAKE_C_FLAGS="-g -DNDEBUG" \
|
||||||
|
-S $gitroot -B $target
|
||||||
|
|
||||||
|
cmake --build $target -j $(nproc)
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# sanitizer build with asserts disabled
|
||||||
|
target=$here/build-clang-release-replay
|
||||||
|
cmake \
|
||||||
|
-DCMAKE_C_COMPILER=clang-14 \
|
||||||
|
-DCMAKE_C_FLAGS="-g -fsanitize=address,undefined -O3 -DNDEBUG" \
|
||||||
|
-S $gitroot -B $target
|
||||||
|
|
||||||
|
cmake --build $target -j $(nproc)
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# sanitizer build with asserts enabled
|
||||||
|
target=$here/build-clang-debug-replay
|
||||||
|
cmake \
|
||||||
|
-DCMAKE_C_COMPILER=clang-14 \
|
||||||
|
-DCMAKE_C_FLAGS="-g -fsanitize=address,undefined -O3" \
|
||||||
|
-S $gitroot -B $target
|
||||||
|
|
||||||
|
cmake --build $target -j $(nproc)
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue