Merge pull request #654 from mayeut/master

Fix undefined size jp2 box handling
This commit is contained in:
Matthieu Darbois 2015-11-07 14:35:45 +01:00
commit 51cbcd5748
4 changed files with 26 additions and 16 deletions

View File

@ -482,12 +482,16 @@ static OPJ_BOOL opj_jp2_read_boxhdr(opj_jp2_box_t *box,
opj_read_bytes(l_data_header+4,&(box->type), 4); opj_read_bytes(l_data_header+4,&(box->type), 4);
if(box->length == 0)/* last box */ if(box->length == 0)/* last box */
{ {
const OPJ_OFF_T bleft = opj_stream_get_number_byte_left(cio); const OPJ_OFF_T bleft = opj_stream_get_number_byte_left(cio);
box->length = (OPJ_UINT32)bleft; if (bleft > (OPJ_OFF_T)(0xFFFFFFFFU - 8U)) {
assert( (OPJ_OFF_T)box->length == bleft ); opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box sizes higher than 2^32\n");
return OPJ_TRUE; return OPJ_FALSE;
} }
box->length = (OPJ_UINT32)bleft + 8U;
assert( (OPJ_OFF_T)box->length == bleft + 8 );
return OPJ_TRUE;
}
/* do we have a "special very large box ?" */ /* do we have a "special very large box ?" */
/* read then the XLBox */ /* read then the XLBox */
@ -2112,7 +2116,7 @@ static OPJ_BOOL opj_jp2_read_header_procedure( opj_jp2_t *jp2,
if (box.type == JP2_JP2C) { if (box.type == JP2_JP2C) {
if (jp2->jp2_state & JP2_STATE_HEADER) { if (jp2->jp2_state & JP2_STATE_HEADER) {
jp2->jp2_state |= JP2_STATE_CODESTREAM; jp2->jp2_state |= JP2_STATE_CODESTREAM;
opj_free(l_current_data); opj_free(l_current_data);
return OPJ_TRUE; return OPJ_TRUE;
} }
else { else {
@ -2127,7 +2131,7 @@ static OPJ_BOOL opj_jp2_read_header_procedure( opj_jp2_t *jp2,
return OPJ_FALSE; return OPJ_FALSE;
} }
/* testcase 1851.pdf.SIGSEGV.ce9.948 */ /* testcase 1851.pdf.SIGSEGV.ce9.948 */
else if (box.length < l_nb_bytes_read) { else if (box.length < l_nb_bytes_read) {
opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d (%x)\n", box.length, box.type); opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d (%x)\n", box.length, box.type);
opj_free(l_current_data); opj_free(l_current_data);
return OPJ_FALSE; return OPJ_FALSE;
@ -2184,16 +2188,16 @@ static OPJ_BOOL opj_jp2_read_header_procedure( opj_jp2_t *jp2,
} }
} }
else { else {
if (!(jp2->jp2_state & JP2_STATE_SIGNATURE)) { if (!(jp2->jp2_state & JP2_STATE_SIGNATURE)) {
opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: first box must be JPEG 2000 signature box\n"); opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: first box must be JPEG 2000 signature box\n");
opj_free(l_current_data); opj_free(l_current_data);
return OPJ_FALSE; return OPJ_FALSE;
} }
if (!(jp2->jp2_state & JP2_STATE_FILE_TYPE)) { if (!(jp2->jp2_state & JP2_STATE_FILE_TYPE)) {
opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: second box must be file type box\n"); opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: second box must be file type box\n");
opj_free(l_current_data); opj_free(l_current_data);
return OPJ_FALSE; return OPJ_FALSE;
} }
jp2->jp2_state |= JP2_STATE_UNKNOWN; jp2->jp2_state |= JP2_STATE_UNKNOWN;
if (opj_stream_skip(stream,l_current_data_size,p_manager) != l_current_data_size) { if (opj_stream_skip(stream,l_current_data_size,p_manager) != l_current_data_size) {
opj_event_msg(p_manager, EVT_ERROR, "Problem with skipping JPEG2000 box, stream error\n"); opj_event_msg(p_manager, EVT_ERROR, "Problem with skipping JPEG2000 box, stream error\n");

View File

@ -269,3 +269,4 @@ e163102afcc857cf001337178241f518 issue559-eci-090-CIELab.jp2_2.pgx
b004b2e08b0dfb217c131b353cf157eb issue559-eci-091-CIELab.jp2_0.pgx b004b2e08b0dfb217c131b353cf157eb issue559-eci-091-CIELab.jp2_0.pgx
2400da6b8ed6b1747b9913af544580f9 issue559-eci-091-CIELab.jp2_1.pgx 2400da6b8ed6b1747b9913af544580f9 issue559-eci-091-CIELab.jp2_1.pgx
cf73dda887967928dbcf5cc87ab204cc issue559-eci-091-CIELab.jp2_2.pgx cf73dda887967928dbcf5cc87ab204cc issue559-eci-091-CIELab.jp2_2.pgx
3bf91c974abc17e520c6a5efa883a58a issue653-zero-unknownbox.jp2.png

View File

@ -505,3 +505,6 @@ opj_decompress -i @INPUT_NR_PATH@/issue236-ESYCC-CDEF.jp2 -o @TEMP_PATH@/issue23
# issue 326 + PR 559: CIELab colorspace # issue 326 + PR 559: CIELab colorspace
opj_decompress -i @INPUT_NR_PATH@/issue559-eci-090-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-090-CIELab.jp2.pgx opj_decompress -i @INPUT_NR_PATH@/issue559-eci-090-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-090-CIELab.jp2.pgx
opj_decompress -i @INPUT_NR_PATH@/issue559-eci-091-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-091-CIELab.jp2.pgx opj_decompress -i @INPUT_NR_PATH@/issue559-eci-091-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-091-CIELab.jp2.pgx
# issue 653 Last box of undefined size byg
opj_decompress -i @INPUT_NR_PATH@/issue653-zero-unknownbox.jp2 -o @TEMP_PATH@/issue653-zero-unknownbox.jp2.png -p 8S

View File

@ -70,6 +70,8 @@ if [ "${TRAVIS_OS_NAME:-}" == "" ]; then
TRAVIS_OS_NAME=windows TRAVIS_OS_NAME=windows
elif uname -s | grep -i MINGW &> /dev/null; then elif uname -s | grep -i MINGW &> /dev/null; then
TRAVIS_OS_NAME=windows TRAVIS_OS_NAME=windows
elif [ "${APPVEYOR:-}" == "True" ]; then
TRAVIS_OS_NAME=windows
else else
echo "Failed to guess OS"; exit 1 echo "Failed to guess OS"; exit 1
fi fi