First change on changes-for-afl-tests

This commit is contained in:
szukw000 2017-08-02 17:27:08 +02:00
parent 00f45684a8
commit 57e36dbfeb
7 changed files with 39 additions and 136 deletions

View File

@ -42,6 +42,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <ctype.h> #include <ctype.h>
#include <limits.h>
#ifndef OPJ_HAVE_LIBTIFF #ifndef OPJ_HAVE_LIBTIFF
# error OPJ_HAVE_LIBTIFF_NOT_DEFINED # error OPJ_HAVE_LIBTIFF_NOT_DEFINED
@ -697,6 +698,12 @@ int imagetotif(opj_image_t * image, const char *outfile)
TIFFSetField(tif, TIFFTAG_PHOTOMETRIC, tiPhoto); TIFFSetField(tif, TIFFTAG_PHOTOMETRIC, tiPhoto);
TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
if (width > UINT_MAX/numcomps || width * bps > UINT_MAX/numcomps || width * numcomps > UINT_MAX/sizeof(OPJ_INT32)) {
fprintf(stderr, "Buffer overflow\n");
TIFFClose(tif);
return 1;
}
strip_size = TIFFStripSize(tif); strip_size = TIFFStripSize(tif);
rowStride = (width * numcomps * bps + 7U) / 8U; rowStride = (width * numcomps * bps + 7U) / 8U;
if (rowStride != strip_size) { if (rowStride != strip_size) {
@ -709,8 +716,9 @@ int imagetotif(opj_image_t * image, const char *outfile)
TIFFClose(tif); TIFFClose(tif);
return 1; return 1;
} }
buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(
OPJ_INT32))); buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
if (buffer32s == NULL) { if (buffer32s == NULL) {
_TIFFfree(buf); _TIFFfree(buf);
TIFFClose(tif); TIFFClose(tif);
@ -1246,7 +1254,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
OPJ_INT32* buffer32s = NULL; OPJ_INT32* buffer32s = NULL;
OPJ_INT32* planes[4]; OPJ_INT32* planes[4];
tmsize_t rowStride; tmsize_t rowStride;
tif = TIFFOpen(filename, "r"); tif = TIFFOpen(filename, "r");
if (!tif) { if (!tif) {
@ -1445,6 +1453,13 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
opj_image_destroy(image); opj_image_destroy(image);
return NULL; return NULL;
} }
if (tiWidth > UINT_MAX/tiSpp || tiWidth * tiSpp > UINT_MAX/tiBps || tiWidth * tiSpp > UINT_MAX/sizeof(OPJ_INT32)) {
fprintf(stderr, "Buffer overflow\n");
_TIFFfree(buf);
TIFFClose(tif);
opj_image_destroy(image);
return NULL;
}
rowStride = (tmsize_t)((tiWidth * tiSpp * tiBps + 7U) / 8U); rowStride = (tmsize_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(tiWidth * tiSpp * sizeof( buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(tiWidth * tiSpp * sizeof(
OPJ_INT32))); OPJ_INT32)));

View File

@ -577,7 +577,7 @@ int main(int argc, char *argv[])
opj_set_warning_handler(l_codec, warning_callback, 00); opj_set_warning_handler(l_codec, warning_callback, 00);
opj_set_error_handler(l_codec, error_callback, 00); opj_set_error_handler(l_codec, error_callback, 00);
parameters.dump_state = 1; /* AFL test */ parameters.flags |= OPJ_DPARAMETERS_DUMP_FLAG;
/* Setup the decoder decoding parameters using user parameters */ /* Setup the decoder decoding parameters using user parameters */
if (!opj_setup_decoder(l_codec, &parameters)) { if (!opj_setup_decoder(l_codec, &parameters)) {

View File

@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
return OPJ_FALSE; return OPJ_FALSE;
} }
if (!p_j2k->dump_state) { if (!p_j2k->dump_state) {
OPJ_UINT32 siz_w, siz_h; /* AFL test */ OPJ_UINT32 siz_w, siz_h;
siz_w = l_image->x1 - l_image->x0; siz_w = l_image->x1 - l_image->x0;
siz_h = l_image->y1 - l_image->y0; siz_h = l_image->y1 - l_image->y0;
@ -2236,11 +2236,11 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
l_img_comp->sgnd = tmp >> 7; l_img_comp->sgnd = tmp >> 7;
if (p_j2k->dump_state == 0) { if (p_j2k->dump_state == 0) {
if (i == 0) { /* AFL test */ if (i == 0) {
l_prec0 = l_img_comp->prec; l_prec0 = l_img_comp->prec;
l_sgnd0 = l_img_comp->sgnd; l_sgnd0 = l_img_comp->sgnd;
} else if (l_cp->bpc_is_255 == 0 } else if (l_cp->bpc_is_255 == 0
&& (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {/* AFL test */ && (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {
opj_event_msg(p_manager, EVT_ERROR, opj_event_msg(p_manager, EVT_ERROR,
"Invalid precision and/or sgnd values for comp[%d]:\n" "Invalid precision and/or sgnd values for comp[%d]:\n"
" [0] prec(%d) sgnd(%d) [%d] prec(%d) sgnd(%d)\n", i, l_prec0, l_sgnd0, " [0] prec(%d) sgnd(%d) [%d] prec(%d) sgnd(%d)\n", i, l_prec0, l_sgnd0,
@ -2305,120 +2305,8 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
l_cp->m_specific_param.m_dec.m_reduce; /* reducing factor per component */ l_cp->m_specific_param.m_dec.m_reduce; /* reducing factor per component */
++l_img_comp; ++l_img_comp;
} }
if (!p_j2k->dump_state) {
switch (p_j2k->enumcs) { /* AFL tests */
int ok, sycc;
case 12: /* CMYK */ if (l_cp->tdx == 0 || l_cp->tdy == 0) {
if (l_image->numcomps == 4 /* cnf. color.c, line 879 */
&& l_image->comps[0].dx == l_image->comps[1].dx
&& l_image->comps[0].dx == l_image->comps[2].dx
&& l_image->comps[0].dx == l_image->comps[3].dx
&& l_image->comps[0].dy == l_image->comps[1].dy
&& l_image->comps[0].dy == l_image->comps[2].dy
&& l_image->comps[0].dy == l_image->comps[3].dy) {
break;
}
opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 12(i.e. CMYK)\n");
return OPJ_FALSE;
case 16: /* sRGB */
if (l_image->numcomps < 3) {
break; /* GRAY, GRAYA */
}
if (l_image->numcomps == 3 /* RGB */
&& l_image->comps[0].dx == l_image->comps[1].dx
&& l_image->comps[0].dx == l_image->comps[2].dx
&& l_image->comps[0].dy == l_image->comps[1].dy
&& l_image->comps[0].dy == l_image->comps[2].dy
&& l_image->comps[0].prec == l_image->comps[1].prec
&& l_image->comps[0].prec == l_image->comps[2].prec
&& l_image->comps[0].sgnd == l_image->comps[1].sgnd
&& l_image->comps[0].sgnd == l_image->comps[2].sgnd) {
break;
}
if (l_image->numcomps == 4 /* RGBA */
&& l_image->comps[0].dx == l_image->comps[3].dx
&& l_image->comps[0].dy == l_image->comps[3].dy
&& l_image->comps[0].prec == l_image->comps[3].prec
&& l_image->comps[0].sgnd == l_image->comps[3].sgnd) {
break;
}
opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 16(i.e. sRGB)\n");
return OPJ_FALSE;
case 18: /* sYCC */
sycc = 0;
ok = (l_image->numcomps > 2); /* cnf. color.c, line 319 */
if (ok) {
sycc = /* sycc420 */
((l_image->comps[0].dx == 1)
&& (l_image->comps[1].dx == 2)
&& (l_image->comps[2].dx == 2)
&& (l_image->comps[0].dy == 1)
&& (l_image->comps[1].dy == 2)
&& (l_image->comps[2].dy == 2))
|| /* sycc422 */
((l_image->comps[0].dx == 1)
&& (l_image->comps[1].dx == 2)
&& (l_image->comps[2].dx == 2)
&& (l_image->comps[0].dy == 1)
&& (l_image->comps[1].dy == 1)
&& (l_image->comps[2].dy == 1))
|| /* sycc444 */
((l_image->comps[0].dx == 1)
&& (l_image->comps[1].dx == 1)
&& (l_image->comps[2].dx == 1)
&& (l_image->comps[0].dy == 1)
&& (l_image->comps[1].dy == 1)
&& (l_image->comps[2].dy == 1));
}
if (ok && sycc) {
break;
}
opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 18(i.e. sYCC)\n");
return OPJ_FALSE;
case 24: /* e-sYCC */
if (l_image->numcomps > 2 /* cnf. color.c, line 938 */
&& l_image->comps[0].dx == l_image->comps[1].dx
&& l_image->comps[0].dx == l_image->comps[2].dx
&& l_image->comps[0].dy == l_image->comps[1].dy
&& l_image->comps[0].dy == l_image->comps[2].dy) {
break;
}
opj_event_msg(p_manager, EVT_ERROR,
"wrong values for enumcs 24(i.e. e-sYCC)\n");
return OPJ_FALSE;
case 14: /* CIELAB */
if (l_image->numcomps != 3) {
opj_event_msg(p_manager, EVT_ERROR,
"wrong values for enumcs 14(i.e. CIElab)\n");
return OPJ_FALSE;
}
break;
case 17: /* GRAY */
if (l_image->comps[0].dx == 1
&& l_image->comps[0].dy == 1) {
break;
}
opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs %u\n",
p_j2k->enumcs);
return OPJ_FALSE;
default:
break;
}/* switch() */
} /* p_j2k->dump */
if (l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */
return OPJ_FALSE; return OPJ_FALSE;
} }
@ -6460,7 +6348,7 @@ void opj_j2k_setup_decoder(opj_j2k_t *j2k, opj_dparameters_t *parameters)
j2k->m_cp.m_specific_param.m_dec.m_layer = parameters->cp_layer; j2k->m_cp.m_specific_param.m_dec.m_layer = parameters->cp_layer;
j2k->m_cp.m_specific_param.m_dec.m_reduce = parameters->cp_reduce; j2k->m_cp.m_specific_param.m_dec.m_reduce = parameters->cp_reduce;
j2k->dump_state = parameters->dump_state; j2k->dump_state = (parameters->flags & OPJ_DPARAMETERS_DUMP_FLAG);
#ifdef USE_JPWL #ifdef USE_JPWL
j2k->m_cp.correct = parameters->jpwl_correct; j2k->m_cp.correct = parameters->jpwl_correct;
j2k->m_cp.exp_comps = parameters->jpwl_exp_comps; j2k->m_cp.exp_comps = parameters->jpwl_exp_comps;
@ -8851,7 +8739,7 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k,
opj_event_msg(p_manager, EVT_ERROR, "Failed to decode.\n"); opj_event_msg(p_manager, EVT_ERROR, "Failed to decode.\n");
return OPJ_FALSE; return OPJ_FALSE;
} }
p_j2k->m_tcd->enumcs = p_j2k->enumcs; /* AFL test */ p_j2k->m_tcd->enumcs = p_j2k->enumcs;
if (! opj_tcd_update_tile_data(p_j2k->m_tcd, p_data, p_data_size)) { if (! opj_tcd_update_tile_data(p_j2k->m_tcd, p_data, p_data_size)) {
return OPJ_FALSE; return OPJ_FALSE;

View File

@ -446,7 +446,7 @@ typedef struct opj_cp {
OPJ_BITFIELD ppm : 1; OPJ_BITFIELD ppm : 1;
/** tells if the parameter is a coding or decoding one */ /** tells if the parameter is a coding or decoding one */
OPJ_BITFIELD m_is_decoder : 1; OPJ_BITFIELD m_is_decoder : 1;
OPJ_BITFIELD bpc_is_255 : 1; /* for AFL test */ OPJ_BITFIELD bpc_is_255 : 1;
/* <<UniPG */ /* <<UniPG */
} opj_cp_t; } opj_cp_t;
@ -576,10 +576,10 @@ typedef struct opj_j2k {
/** Thread pool */ /** Thread pool */
opj_thread_pool_t* m_tp; opj_thread_pool_t* m_tp;
OPJ_UINT32 ihdr_w; /* for AFL test */ OPJ_UINT32 ihdr_w;
OPJ_UINT32 ihdr_h; /* for AFL test */ OPJ_UINT32 ihdr_h;
OPJ_UINT32 enumcs; /* for AFL test */ OPJ_UINT32 enumcs;
unsigned int dump_state; /* for AFL test */ unsigned int dump_state;
} }
opj_j2k_t; opj_j2k_t;

View File

@ -619,10 +619,10 @@ static OPJ_BOOL opj_jp2_read_ihdr(opj_jp2_t *jp2,
opj_read_bytes(p_image_header_data, &(jp2->IPR), 1); /* IPR */ opj_read_bytes(p_image_header_data, &(jp2->IPR), 1); /* IPR */
++ p_image_header_data; ++ p_image_header_data;
jp2->j2k->m_cp.bpc_is_255 = (jp2->bpc == 255); /* For AFL test */ jp2->j2k->m_cp.bpc_is_255 = (jp2->bpc == 255);
jp2->j2k->ihdr_w = jp2->w; /* For AFL test */ jp2->j2k->ihdr_w = jp2->w;
jp2->j2k->ihdr_h = jp2->h; /* For AFL test */ jp2->j2k->ihdr_h = jp2->h;
jp2->has_ihdr = 1; /* For AFL test */ jp2->has_ihdr = 1;
return OPJ_TRUE; return OPJ_TRUE;
} }
@ -2847,11 +2847,11 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
if (! opj_jp2_exec(jp2, jp2->m_procedure_list, p_stream, p_manager)) { if (! opj_jp2_exec(jp2, jp2->m_procedure_list, p_stream, p_manager)) {
return OPJ_FALSE; return OPJ_FALSE;
} }
if (jp2->has_jp2h == 0) { /* AFL test */ if (jp2->has_jp2h == 0) {
opj_event_msg(p_manager, EVT_ERROR, "JP2H box missing. Required.\n"); opj_event_msg(p_manager, EVT_ERROR, "JP2H box missing. Required.\n");
return OPJ_FALSE; return OPJ_FALSE;
} }
if (jp2->has_ihdr == 0) { /* AFL test */ if (jp2->has_ihdr == 0) {
opj_event_msg(p_manager, EVT_ERROR, "IHDR box_missing. Required.\n"); opj_event_msg(p_manager, EVT_ERROR, "IHDR box_missing. Required.\n");
return OPJ_FALSE; return OPJ_FALSE;
} }

View File

@ -187,8 +187,8 @@ typedef struct opj_jp2 {
opj_jp2_color_t color; opj_jp2_color_t color;
OPJ_BOOL ignore_pclr_cmap_cdef; OPJ_BOOL ignore_pclr_cmap_cdef;
OPJ_BYTE has_jp2h; /* for AFL test */ OPJ_BYTE has_jp2h;
OPJ_BYTE has_ihdr; /* for AFL test */ OPJ_BYTE has_ihdr;
} }
opj_jp2_t; opj_jp2_t;

View File

@ -501,6 +501,7 @@ typedef struct opj_cparameters {
} opj_cparameters_t; } opj_cparameters_t;
#define OPJ_DPARAMETERS_IGNORE_PCLR_CMAP_CDEF_FLAG 0x0001 #define OPJ_DPARAMETERS_IGNORE_PCLR_CMAP_CDEF_FLAG 0x0001
#define OPJ_DPARAMETERS_DUMP_FLAG 0x0002
/** /**
* Decompression parameters * Decompression parameters
@ -564,7 +565,6 @@ typedef struct opj_dparameters {
/* <<UniPG */ /* <<UniPG */
unsigned int flags; unsigned int flags;
unsigned int dump_state; /* AFL test */
} opj_dparameters_t; } opj_dparameters_t;