From a817832c223914eb21d18ef6dc37955921cda0d5 Mon Sep 17 00:00:00 2001 From: szukw000 Date: Thu, 16 Feb 2017 21:41:43 +0100 Subject: [PATCH] This patch supersedes #882 --- src/bin/common/color.c | 24 ++++- src/bin/jp2/convert.c | 45 +++++++-- src/bin/jp2/convertbmp.c | 9 +- src/bin/jp2/converttif.c | 93 ++++++++++++------ src/bin/jp2/opj_decompress.c | 8 +- src/bin/jp2/opj_dump.c | 2 + src/lib/openjp2/j2k.c | 178 +++++++++++++++++++++++++++++++++-- src/lib/openjp2/j2k.h | 7 ++ src/lib/openjp2/jp2.c | 38 +++++++- src/lib/openjp2/jp2.h | 2 + src/lib/openjp2/openjpeg.h | 2 +- src/lib/openjp2/pi.c | 39 +++++++- src/lib/openjp2/t2.c | 4 +- src/lib/openjp2/tcd.c | 19 +++- src/lib/openjp2/tcd.h | 2 + 15 files changed, 406 insertions(+), 66 deletions(-) diff --git a/src/bin/common/color.c b/src/bin/common/color.c index 234c7bdf..72bd08ad 100644 --- a/src/bin/common/color.c +++ b/src/bin/common/color.c @@ -402,6 +402,26 @@ void color_apply_icc_profile(opj_image_t *image) if(out_space == cmsSigRgbData) /* enumCS 16 */ { + unsigned int i, nr_comp = image->numcomps; + + if (nr_comp > 4) { + nr_comp = 4; + } + for (i = 1; i < nr_comp; ++i) { /* AFL test */ + if (image->comps[0].dx != image->comps[i].dx) break; + + if (image->comps[0].dy != image->comps[i].dy) break; + + if (image->comps[0].prec != image->comps[i].prec) break; + + if (image->comps[0].sgnd != image->comps[i].sgnd) break; + + } + if (i != nr_comp) { + cmsCloseProfile(in_prof); + return; + } + if( prec <= 8 ) { in_type = TYPE_RGB_8; @@ -449,8 +469,8 @@ void color_apply_icc_profile(opj_image_t *image) } #ifdef DEBUG_PROFILE - fprintf(stderr,"%s:%d:color_apply_icc_profile\n\tchannels(%d) prec(%d) w(%d) h(%d)" - "\n\tprofile: in(%p) out(%p)\n",__FILE__,__LINE__,image->numcomps,prec, + fprintf(stderr,"color.c:%d:color_apply_icc_profile\n\tchannels(%d) prec(%d) w(%ld) h(%ld)" + "\n\tprofile: in(%p) out(%p)\n",__LINE__,image->numcomps,prec, max_w,max_h, (void*)in_prof,(void*)out_prof); fprintf(stderr,"\trender_intent (%u)\n\t" diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c index deee4f6e..c55c65a8 100644 --- a/src/bin/jp2/convert.c +++ b/src/bin/jp2/convert.c @@ -906,9 +906,10 @@ int imagetotga(opj_image_t * image, const char *outfile) { for (i = 0; i < image->numcomps-1; i++) { if ((image->comps[0].dx != image->comps[i+1].dx) ||(image->comps[0].dy != image->comps[i+1].dy) - ||(image->comps[0].prec != image->comps[i+1].prec)) { + ||(image->comps[0].prec != image->comps[i+1].prec) + ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { fclose(fdest); - fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); + fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.\n"); return 1; } } @@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) int *red, *green, *blue, *alpha; int wr, hr, max; int i; - unsigned int compno, ncomp; + unsigned int compno, ncomp, ui; int adjustR, adjustG, adjustB, adjustA; int fails, two, want_gray, has_alpha, triple; int prec, v; @@ -1777,6 +1778,8 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) && image->comps[1].dy == image->comps[2].dy && image->comps[0].prec == image->comps[1].prec && image->comps[1].prec == image->comps[2].prec + && image->comps[0].sgnd == image->comps[1].sgnd + && image->comps[1].sgnd == image->comps[2].sgnd ))) { fdest = fopen(outfile, "wb"); @@ -1904,6 +1907,8 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) fprintf(stderr, "imagetopnm: memory out\n"); return 1; } + fprintf(stderr, " imagetopnm: creating %d .pgm files.\n",ncomp); + for (compno = 0; compno < ncomp; compno++) { if (ncomp > 1) @@ -2126,7 +2131,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL { FILE *rawFile = NULL; size_t res; - unsigned int compno; + unsigned int compno, numcomps; int w, h, fails; int line, row, curr, mask; int *ptr; @@ -2139,6 +2144,32 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL return 1; } + numcomps = image->numcomps; + + if (numcomps > 4) { + numcomps = 4; + } + + for (compno = 1; compno < numcomps; ++compno) { + if (image->comps[0].dx != image->comps[compno].dx) { + break; + } + if (image->comps[0].dy != image->comps[compno].dy) { + break; + } + if (image->comps[0].prec != image->comps[compno].prec) { + break; + } + if (image->comps[0].sgnd != image->comps[compno].sgnd) { + break; + } + } + if (compno != numcomps) { + fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); + fprintf(stderr,"\tAborting\n"); + return 1; + } + rawFile = fopen(outfile, "wb"); if (!rawFile) { fprintf(stderr, "Failed to open %s for writing !!\n", outfile); @@ -2146,9 +2177,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL } fails = 1; - fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); + fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); - for(compno = 0; compno < image->numcomps; compno++) + for(compno = 0; compno < numcomps; compno++) { fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); @@ -2238,7 +2269,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL } else if (image->comps[compno].prec <= 32) { - fprintf(stderr,"More than 16 bits per component no handled yet\n"); + fprintf(stderr,"More than 16 bits per component not handled yet\n"); goto fin; } else diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c index ae83077c..42fba6cd 100644 --- a/src/bin/jp2/convertbmp.c +++ b/src/bin/jp2/convertbmp.c @@ -807,7 +807,7 @@ int imagetobmp(opj_image_t * image, const char *outfile) { int adjustR, adjustG, adjustB; if (image->comps[0].prec < 8) { - fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); + fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); return 1; } if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx @@ -815,7 +815,9 @@ int imagetobmp(opj_image_t * image, const char *outfile) { && image->comps[0].dy == image->comps[1].dy && image->comps[1].dy == image->comps[2].dy && image->comps[0].prec == image->comps[1].prec - && image->comps[1].prec == image->comps[2].prec) { + && image->comps[1].prec == image->comps[2].prec + && image->comps[0].sgnd == image->comps[1].sgnd + && image->comps[1].sgnd == image->comps[2].sgnd) { /* -->> -->> -->> -->> 24 bits color @@ -925,6 +927,9 @@ int imagetobmp(opj_image_t * image, const char *outfile) { fprintf(stderr, "ERROR -> failed to open %s for writing\n", outfile); return 1; } + if(image->numcomps > 1){ + fprintf(stderr,"imagetobmp: only first component of %d is used.\n",image->numcomps); + } w = (int)image->comps[0].w; h = (int)image->comps[0].h; diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c index 143d3be6..53e3b5b6 100644 --- a/src/bin/jp2/converttif.c +++ b/src/bin/jp2/converttif.c @@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len int imagetotif(opj_image_t * image, const char *outfile) { - int width, height; - int bps,adjust, sgnd; - int tiPhoto; + uint32 width, height, bps, tiPhoto; + int adjust, sgnd; TIFF *tif; tdata_t buf; - tsize_t strip_size; + tmsize_t strip_size, rowStride; OPJ_UINT32 i, numcomps; - OPJ_SIZE_T rowStride; OPJ_INT32* buffer32s = NULL; OPJ_INT32 const* planes[4]; convert_32s_PXCX cvtPxToCx = NULL; convert_32sXXx_C1R cvt32sToTif = NULL; - bps = (int)image->comps[0].prec; + bps = (uint32)image->comps[0].prec; planes[0] = image->comps[0].data; numcomps = image->numcomps; @@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile) break; } sgnd = (int)image->comps[0].sgnd; - adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0; - width = (int)image->comps[0].w; - height = (int)image->comps[0].h; + adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0; + width = (uint32)image->comps[0].w; + height = (uint32)image->comps[0].h; TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width); TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height); - TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps); + TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps); TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps); TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT); TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); @@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile) TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); strip_size = TIFFStripSize(tif); - rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U; - if (rowStride != (OPJ_SIZE_T)strip_size) { + rowStride = (width * numcomps * bps + 7U) / 8U; + if (rowStride != strip_size) { fprintf(stderr, "Invalid TIFF strip size\n"); TIFFClose(tif); return 1; @@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile) TIFFClose(tif); return 1; } - buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32)); + buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); if (buffer32s == NULL) { _TIFFfree(buf); TIFFClose(tif); @@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) TIFF *tif; tdata_t buf; tstrip_t strip; - tsize_t strip_size; + tmsize_t strip_size; int j, currentPlane, numcomps = 0, w, h; OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN; opj_image_cmptparm_t cmptparm[4]; /* RGBA */ opj_image_t *image = NULL; int has_alpha = 0; - unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC; - unsigned int tiWidth, tiHeight; + uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight; OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz); convert_XXx32s_C1R cvtTifTo32s = NULL; convert_32s_CXPX cvtCxToPx = NULL; OPJ_INT32* buffer32s = NULL; OPJ_INT32* planes[4]; - OPJ_SIZE_T rowStride; + tmsize_t rowStride; tif = TIFFOpen(filename, "r"); @@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp); TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto); TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC); - w= (int)tiWidth; - h= (int)tiHeight; - - if(tiBps > 16U) { - fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps); - fprintf(stderr,"\tAborting\n"); + + if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */ + fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n" + "\tAborting.\n", tiSpp); + TIFFClose(tif); + return NULL; + } + if(tiBps > 16U || tiBps == 0) { + fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n" + "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps); TIFFClose(tif); return NULL; } if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) { - fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); + fprintf(stderr,"tiftoimage: Bad color format %d.\n" + "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); fprintf(stderr,"\tAborting\n"); TIFFClose(tif); return NULL; } - + if(tiWidth == 0 || tiHeight == 0) { + fprintf(stderr,"tiftoimage: Bad values for width(%u) " + "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight); + TIFFClose(tif); + return NULL; + } + w= (int)tiWidth; + h= (int)tiHeight; + switch (tiBps) { case 1: case 2: @@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES, &extrasamples, &sampleinfo); - + if(extrasamples >= 1) { switch(sampleinfo[0]) @@ -1385,8 +1395,22 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) image->y0 = (OPJ_UINT32)parameters->image_offset_y0; image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 : image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; + if(image->x1 <= image->x0) { + fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. " + "image->x0(%d)\n\tAborting.\n",image->x1,image->x0); + TIFFClose(tif); + opj_image_destroy(image); + return NULL; + } image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 : image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; + if(image->y1 <= image->y0) { + fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. " + "image->y0(%d)\n\tAborting.\n",image->y1,image->y0); + TIFFClose(tif); + opj_image_destroy(image); + return NULL; + } for(j = 0; j < numcomps; j++) { @@ -1402,8 +1426,8 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) opj_image_destroy(image); return NULL; } - rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U; - buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32)); + rowStride = (w * tiSpp * tiBps + 7U) / 8U; + buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32))); if (buffer32s == NULL) { _TIFFfree(buf); TIFFClose(tif); @@ -1421,9 +1445,18 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) { const OPJ_UINT8 *dat8; - OPJ_SIZE_T ssize; + tmsize_t ssize; - ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size); + ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size); + if(ssize < 1 || ssize > strip_size) { + fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) " + "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size); + _TIFFfree(buf); + _TIFFfree(buffer32s); + TIFFClose(tif); + opj_image_destroy(image); + return NULL; + } dat8 = (const OPJ_UINT8*)buf; while (ssize >= rowStride) { diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c index 83160c3d..b9ab5593 100644 --- a/src/bin/jp2/opj_decompress.c +++ b/src/bin/jp2/opj_decompress.c @@ -715,8 +715,8 @@ int parse_cmdline_decoder(int argc, char **argv, opj_decompress_parameters *para break; /* ----------------------------------------------------- */ - - case 't': /* Input tile index */ + case 't': + case 'X': /* Input tile index */ { sscanf(opj_optarg, "%u", ¶meters->tile_index); parameters->nb_tile_to_decode = 1; @@ -1503,7 +1503,7 @@ int main(int argc, char **argv) failed = 1; } else { - fprintf(stdout,"[INFO] Generated Outfile %s\n",parameters.outfile); + fprintf(stdout,"[INFO] Generated Outfile %s (or .pgm files)\n",parameters.outfile); } break; @@ -1607,7 +1607,7 @@ fin: if(dirptr->filename_buf) free(dirptr->filename_buf); free(dirptr); } - if (numDecompressedImages) { + if (numDecompressedImages && !failed) { fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages)); } return failed ? EXIT_FAILURE : EXIT_SUCCESS; diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c index d62eea14..66c9b545 100644 --- a/src/bin/jp2/opj_dump.c +++ b/src/bin/jp2/opj_dump.c @@ -551,6 +551,8 @@ int main(int argc, char *argv[]) opj_set_warning_handler(l_codec, warning_callback,00); opj_set_error_handler(l_codec, error_callback,00); + parameters.dump_state = 1; /* AFL test */ + /* Setup the decoder decoding parameters using user parameters */ if ( !opj_setup_decoder(l_codec, ¶meters) ){ fprintf(stderr, "ERROR -> opj_dump: failed to setup the decoder\n"); diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index 66802bb9..025ae331 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -2000,6 +2000,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, OPJ_UINT32 l_remaining_size; OPJ_UINT32 l_nb_tiles; OPJ_UINT32 l_tmp, l_tx1, l_ty1; + OPJ_UINT32 l_prec0, l_sgnd0; opj_image_t *l_image = 00; opj_cp_t *l_cp = 00; opj_image_comp_t * l_img_comp = 00; @@ -2085,7 +2086,20 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: illegal tile offset\n"); return OPJ_FALSE; } - + if( !p_j2k->dump_state) { + OPJ_UINT32 siz_w, siz_h, tile_w, tile_h; /* AFL test */ + + siz_w = l_image->x1 - l_image->x0; + siz_h = l_image->y1 - l_image->y0; + tile_w = l_cp->tdx - l_cp->tx0; + tile_h = l_cp->tdy - l_cp->ty0; + + if(p_j2k->ihdr_w > 0 && p_j2k->ihdr_h > 0 + && (p_j2k->ihdr_w != siz_w || p_j2k->ihdr_h != siz_h)) { + opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: IHDR w(%u) h(%u) vs. SIZ w(%u) h(%u)\n", p_j2k->ihdr_w, p_j2k->ihdr_h, siz_w, siz_h); + return OPJ_FALSE; + } + } #ifdef USE_JPWL if (l_cp->correct) { /* if JPWL is on, we check whether TX errors have damaged @@ -2138,6 +2152,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, l_img_comp = l_image->comps; + l_prec0 = 0; l_sgnd0 = 0; /* Read the component information */ for (i = 0; i < l_image->numcomps; ++i){ OPJ_UINT32 tmp; @@ -2145,6 +2160,21 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, ++p_header_data; l_img_comp->prec = (tmp & 0x7f) + 1; l_img_comp->sgnd = tmp >> 7; + + if(p_j2k->dump_state == 0) { + if(i == 0) {/* AFL test */ + l_prec0 = l_img_comp->prec; l_sgnd0 = l_img_comp->sgnd; + } + else + if(l_cp->bpc_is_255 == 0 + && (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {/* AFL test */ + opj_event_msg(p_manager, EVT_ERROR, + "Invalid precision and/or sgnd values for comp[%d]:\n" + " [0] prec(%d) sgnd(%d) [%d] prec(%d) sgnd(%d)\n",i,l_prec0,l_sgnd0, + i,l_img_comp->prec,l_img_comp->sgnd); + return OPJ_FALSE; + } + } opj_read_bytes(p_header_data,&tmp,1); /* XRsiz_i */ ++p_header_data; l_img_comp->dx = (OPJ_UINT32)tmp; /* should be between 1 and 255 */ @@ -2158,7 +2188,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, i, l_img_comp->dx, l_img_comp->dy); return OPJ_FALSE; } - if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + if( l_img_comp->prec == 0 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ opj_event_msg(p_manager, EVT_ERROR, "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", i, l_img_comp->prec); @@ -2196,7 +2226,104 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, l_img_comp->factor = l_cp->m_specific_param.m_dec.m_reduce; /* reducing factor per component */ ++l_img_comp; } + if(!p_j2k->dump_state) { + switch(p_j2k->enumcs) { /* AFL tests */ + int ok, sycc; + case 12: /* CMYK */ + if(l_image->numcomps == 4 /* cnf. color.c, line 879 */ + && l_image->comps[0].dx == l_image->comps[1].dx + && l_image->comps[0].dx == l_image->comps[2].dx + && l_image->comps[0].dx == l_image->comps[3].dx + && l_image->comps[0].dy == l_image->comps[1].dy + && l_image->comps[0].dy == l_image->comps[2].dy + && l_image->comps[0].dy == l_image->comps[3].dy) + break; + opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 12(i.e. CMYK)\n"); + return OPJ_FALSE; + + case 16: /* sRGB */ + if(l_image->numcomps < 3) break; /* GRAY, GRAYA */ + + if(l_image->numcomps > 2 /* RGB, RGBA */ + && l_image->comps[0].dx == l_image->comps[1].dx + && l_image->comps[0].dx == l_image->comps[2].dx + && l_image->comps[0].dy == l_image->comps[1].dy + && l_image->comps[0].dy == l_image->comps[2].dy + && l_image->comps[0].prec == l_image->comps[1].prec + && l_image->comps[0].prec== l_image->comps[2].prec + && l_image->comps[0].sgnd == l_image->comps[1].sgnd + && l_image->comps[0].sgnd== l_image->comps[2].sgnd) + break; + opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 16(i.e. sRGB)\n"); + return OPJ_FALSE; + + case 18: /* sYCC */ + sycc = 0; + ok = (l_image->numcomps > 2); /* cnf. color.c, line 319 */ + + if(ok) { + sycc = /* sycc420 */ + ( (l_image->comps[0].dx == 1) + && (l_image->comps[1].dx == 2) + && (l_image->comps[2].dx == 2) + && (l_image->comps[0].dy == 1) + && (l_image->comps[1].dy == 2) + && (l_image->comps[2].dy == 2)) + || /* sycc422 */ + ( (l_image->comps[0].dx == 1) + && (l_image->comps[1].dx == 2) + && (l_image->comps[2].dx == 2) + && (l_image->comps[0].dy == 1) + && (l_image->comps[1].dy == 1) + && (l_image->comps[2].dy == 1)) + || /* sycc444 */ + ( (l_image->comps[0].dx == 1) + && (l_image->comps[1].dx == 1) + && (l_image->comps[2].dx == 1) + && (l_image->comps[0].dy == 1) + && (l_image->comps[1].dy == 1) + && (l_image->comps[2].dy == 1)); + } + if(ok && sycc) break; + + opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 18(i.e. sYCC)\n"); + return OPJ_FALSE; + + case 24: /* e-sYCC */ + if(l_image->numcomps > 2 /* cnf. color.c, line 938 */ + && l_image->comps[0].dx == l_image->comps[1].dx + && l_image->comps[0].dx == l_image->comps[2].dx + && l_image->comps[0].dy == l_image->comps[1].dy + && l_image->comps[0].dy == l_image->comps[2].dy) + break; + + opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 24(i.e. e-sYCC)\n"); + return OPJ_FALSE; + + case 14: /* CIELAB */ + if(l_image->numcomps != 3) { + opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 14(i.e. CIElab)\n"); + return OPJ_FALSE; + } + break; + + case 17: /* GRAY */ + if(l_image->comps[0].dx == 1 + && l_image->comps[0].dy == 1) + break; + opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs %u\n",p_j2k->enumcs); + return OPJ_FALSE; + + default: + break; + + }/* switch() */ + } /* p_j2k->dump */ + + if(l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */ + return OPJ_FALSE; + } /* Compute the number of tiles */ l_cp->tw = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(l_image->x1 - l_cp->tx0), (OPJ_INT32)l_cp->tdx); l_cp->th = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(l_image->y1 - l_cp->ty0), (OPJ_INT32)l_cp->tdy); @@ -2214,6 +2341,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, if (p_j2k->m_specific_param.m_decoder.m_discard_tiles) { p_j2k->m_specific_param.m_decoder.m_start_tile_x = (p_j2k->m_specific_param.m_decoder.m_start_tile_x - l_cp->tx0) / l_cp->tdx; p_j2k->m_specific_param.m_decoder.m_start_tile_y = (p_j2k->m_specific_param.m_decoder.m_start_tile_y - l_cp->ty0) / l_cp->tdy; + if(l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */ + return OPJ_FALSE; + } p_j2k->m_specific_param.m_decoder.m_end_tile_x = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(p_j2k->m_specific_param.m_decoder.m_end_tile_x - l_cp->tx0), (OPJ_INT32)l_cp->tdx); p_j2k->m_specific_param.m_decoder.m_end_tile_y = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(p_j2k->m_specific_param.m_decoder.m_end_tile_y - l_cp->ty0), (OPJ_INT32)l_cp->tdy); } @@ -4791,6 +4921,9 @@ static OPJ_BOOL opj_j2k_update_rates( opj_j2k_t *p_j2k, l_tile_size = 0; for (i=0;inumcomps;++i) { + if(l_img_comp->dx == 0 || l_img_comp->dy == 0) { /* AFL test */ + return OPJ_FALSE; + } l_tile_size += ( opj_uint_ceildiv(l_cp->tdx,l_img_comp->dx) * opj_uint_ceildiv(l_cp->tdy,l_img_comp->dy) @@ -4855,7 +4988,7 @@ static OPJ_BOOL opj_j2k_read_eoc ( opj_j2k_t *p_j2k, if (l_tcp->m_data) { if (! opj_tcd_init_decode_tile(l_tcd, i)) { opj_tcd_destroy(l_tcd); - opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile, memory error\n"); + opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile %d\n",i); return OPJ_FALSE; } @@ -5939,6 +6072,7 @@ void opj_j2k_setup_decoder(opj_j2k_t *j2k, opj_dparameters_t *parameters) if(j2k && parameters) { j2k->m_cp.m_specific_param.m_dec.m_layer = parameters->cp_layer; j2k->m_cp.m_specific_param.m_dec.m_reduce = parameters->cp_reduce; + j2k->dump_state = parameters->dump_state; #ifdef USE_JPWL j2k->m_cp.correct = parameters->jpwl_correct; @@ -6454,6 +6588,9 @@ OPJ_BOOL opj_j2k_setup_encoder( opj_j2k_t *p_j2k, */ if (parameters->tile_size_on) { + if(cp->tdx == 0 || cp->tdy == 0) { /* AFL test */ + return OPJ_FALSE; + } cp->tw = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(image->x1 - cp->tx0), (OPJ_INT32)cp->tdx); cp->th = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(image->y1 - cp->ty0), (OPJ_INT32)cp->tdy); } else { @@ -8130,7 +8267,7 @@ OPJ_BOOL opj_j2k_read_tile_header( opj_j2k_t * p_j2k, } /*FIXME ???*/ if (! opj_tcd_init_decode_tile(p_j2k->m_tcd, p_j2k->m_current_tile_number, p_manager)) { - opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile, memory error\n"); + opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile %d\n",p_j2k->m_current_tile_number); return OPJ_FALSE; } @@ -8189,6 +8326,8 @@ OPJ_BOOL opj_j2k_decode_tile ( opj_j2k_t * p_j2k, return OPJ_FALSE; } + p_j2k->m_tcd->enumcs = p_j2k->enumcs; + if (! opj_tcd_update_tile_data(p_j2k->m_tcd,p_data,p_data_size)) { return OPJ_FALSE; } @@ -8244,6 +8383,8 @@ static OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data, OPJ_UINT32 l_start_x_dest , l_start_y_dest; OPJ_UINT32 l_x0_dest, l_y0_dest, l_x1_dest, l_y1_dest; OPJ_SIZE_T l_start_offset_dest, l_line_offset_dest; + OPJ_UINT32 src_w0 = 0, src_h0 = 0; + OPJ_UINT32 l_ycc; opj_image_comp_t * l_img_comp_src = 00; opj_image_comp_t * l_img_comp_dest = 00; @@ -8259,6 +8400,7 @@ static OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data, l_img_comp_src = l_image_src->comps; l_img_comp_dest = p_output_image->comps; + l_ycc = (p_tcd->enumcs == 18); for (i=0; inumcomps; i++) { @@ -8593,6 +8735,9 @@ OPJ_BOOL opj_j2k_set_decode_area( opj_j2k_t *p_j2k, p_image->x1 = l_image->x1; } else { + if(l_cp->tdx == 0) { /* AFL test */ + return OPJ_FALSE; + } p_j2k->m_specific_param.m_decoder.m_end_tile_x = (OPJ_UINT32)opj_int_ceildiv(p_end_x - (OPJ_INT32)l_cp->tx0, (OPJ_INT32)l_cp->tdx); p_image->x1 = (OPJ_UINT32)p_end_x; } @@ -8612,6 +8757,9 @@ OPJ_BOOL opj_j2k_set_decode_area( opj_j2k_t *p_j2k, p_image->y1 = l_image->y1; } else{ + if(l_cp->tdy == 0) { /* AFL test */ + return OPJ_FALSE; + } p_j2k->m_specific_param.m_decoder.m_end_tile_y = (OPJ_UINT32)opj_int_ceildiv(p_end_y - (OPJ_INT32)l_cp->ty0, (OPJ_INT32)l_cp->tdy); p_image->y1 = (OPJ_UINT32)p_end_y; } @@ -8623,7 +8771,9 @@ OPJ_BOOL opj_j2k_set_decode_area( opj_j2k_t *p_j2k, for (it_comp=0; it_comp < p_image->numcomps; ++it_comp) { OPJ_INT32 l_h,l_w; - + if(l_img_comp->dx == 0 || l_img_comp->dy == 0) { /* AFL test */ + return OPJ_FALSE; + } l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, (OPJ_INT32)l_img_comp->dx); l_img_comp->y0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->y0, (OPJ_INT32)l_img_comp->dy); l_comp_x1 = opj_int_ceildiv((OPJ_INT32)p_image->x1, (OPJ_INT32)l_img_comp->dx); @@ -9779,10 +9929,10 @@ static OPJ_BOOL opj_j2k_decode_tiles ( opj_j2k_t *p_j2k, opj_event_mgr_t * p_manager) { OPJ_BOOL l_go_on = OPJ_TRUE; - OPJ_UINT32 l_current_tile_no; + OPJ_UINT32 l_current_tile_no = 0; OPJ_UINT32 l_data_size,l_max_data_size; OPJ_INT32 l_tile_x0,l_tile_y0,l_tile_x1,l_tile_y1; - OPJ_UINT32 l_nb_comps; + OPJ_UINT32 l_nb_comps = 0; OPJ_BYTE * l_current_data; OPJ_UINT32 nr_tiles = 0; @@ -9791,9 +9941,10 @@ static OPJ_BOOL opj_j2k_decode_tiles ( opj_j2k_t *p_j2k, opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to decode tiles\n"); return OPJ_FALSE; } - l_max_data_size = 1000; + l_max_data_size = 1000; l_data_size = 0; for (;;) { + l_tile_x0 = l_tile_y0 = l_tile_x1 = l_tile_y1 = 0; if (! opj_j2k_read_tile_header( p_j2k, &l_current_tile_no, &l_data_size, @@ -10030,6 +10181,9 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, for (compno = 0; compno < p_image->numcomps; compno++) { p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + if(p_image->comps[compno].data == NULL){/* AFL test */ + return OPJ_FALSE; + } #if 0 char fn[256]; sprintf( fn, "/tmp/%d.raw", compno ); @@ -10086,6 +10240,9 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, { OPJ_INT32 l_comp_x1, l_comp_y1; + if(l_img_comp->dx == 0 || l_img_comp->dy == 0) { /* AFL test */ + return OPJ_FALSE; + } l_img_comp->factor = p_j2k->m_private_image->comps[compno].factor; l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, (OPJ_INT32)l_img_comp->dx); @@ -10131,6 +10288,9 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + if(p_image->comps[compno].data == NULL){/* AFL test */ + return OPJ_FALSE; + } p_j2k->m_output_image->comps[compno].data = NULL; } @@ -10379,7 +10539,7 @@ static void opj_get_tile_dimensions(opj_image_t * l_image, if (*l_size_comp == 3) { *l_size_comp = 4; } - +/* AFL test missing */ *l_width = (OPJ_UINT32)(l_tilec->x1 - l_tilec->x0); *l_height = (OPJ_UINT32)(l_tilec->y1 - l_tilec->y0); *l_offset_x = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)l_image->x0, (OPJ_INT32)l_img_comp->dx); diff --git a/src/lib/openjp2/j2k.h b/src/lib/openjp2/j2k.h index 7e68b3af..a40834db 100644 --- a/src/lib/openjp2/j2k.h +++ b/src/lib/openjp2/j2k.h @@ -456,6 +456,8 @@ typedef struct opj_cp OPJ_BITFIELD ppm : 1; /** tells if the parameter is a coding or decoding one */ OPJ_BITFIELD m_is_decoder : 1; + /** if 1 then components vary in bit_depth, sign; else all are the same */ + OPJ_BITFIELD bpc_is_255 : 1; /* for AFL test */ /* <numcomps - 1U) >= 16384U) { /* unsigned underflow is well defined: 1U <= jp2->numcomps <= 16384U */ - opj_event_msg(p_manager, EVT_ERROR, "Invalid number of components (ihdr)\n"); + opj_event_msg(p_manager, EVT_ERROR, "Invalid number of components (ihdr): %u\n", jp2->numcomps); return OPJ_FALSE; } @@ -597,6 +597,11 @@ static OPJ_BOOL opj_jp2_read_ihdr( opj_jp2_t *jp2, opj_read_bytes(p_image_header_data,&(jp2->IPR),1); /* IPR */ ++ p_image_header_data; + jp2->j2k->m_cp.bpc_is_255 = (jp2->bpc == 255); /* For AFL test */ + jp2->j2k->ihdr_w = jp2->w; /* For AFL test */ + jp2->j2k->ihdr_h = jp2->h; /* For AFL test */ + jp2->has_ihdr = 1; /* For AFL test */ + return OPJ_TRUE; } @@ -912,7 +917,10 @@ static OPJ_BOOL opj_jp2_check_color(opj_image_t *image, opj_jp2_color_t *color, /* verify that no component is targeted more than once */ for (i = 0; i < nr_channels; i++) { OPJ_UINT16 pcol = cmap[i].pcol; - assert(cmap[i].mtyp == 0 || cmap[i].mtyp == 1); + if(cmap[i].mtyp != 0 && cmap[i].mtyp != 1) {/* AFL test */ + opj_event_msg(p_manager, EVT_ERROR, "Invalid cmap[%d].mtyp ==> %d\n",i,cmap[i].mtyp); + is_sane = OPJ_FALSE; + } if (pcol >= nr_channels) { opj_event_msg(p_manager, EVT_ERROR, "Invalid component/palette index for direct mapping %d.\n", pcol); is_sane = OPJ_FALSE; @@ -1484,8 +1492,11 @@ static OPJ_BOOL opj_jp2_read_colr( opj_jp2_t *jp2, { /* ISO/IEC 15444-1:2004 (E), Table I.9 Legal METH values: conforming JP2 reader shall ignore the entire Colour Specification box.*/ - opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular value (%d), " - "so we will ignore the entire Colour Specification box. \n", jp2->meth); + opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular value (%d),\n" + " so we will ignore the entire Colour Specification box. \n", jp2->meth); + } + if(jp2->color.jp2_has_colr) { + jp2->j2k->enumcs = jp2->enumcs; } return OPJ_TRUE; } @@ -1495,6 +1506,8 @@ OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2, opj_image_t* p_image, opj_event_mgr_t * p_manager) { + OPJ_UINT32 ihdr_w, ihdr_h, img_w, img_h; + if (!p_image) return OPJ_FALSE; @@ -1503,6 +1516,13 @@ OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2, opj_event_msg(p_manager, EVT_ERROR, "Failed to decode the codestream in the JP2 file\n"); return OPJ_FALSE; } + ihdr_w = jp2->w; ihdr_h = jp2->h; + img_w = p_image->x1 - p_image->x0; img_h = p_image->y1 - p_image->y0; + + if(img_w > ihdr_w || img_h > ihdr_h) { /* AFL test */ + opj_event_msg(p_manager, EVT_ERROR, "IHDR w(%u) h(%u) vs. IMAGE w(%u) h(%u)\n",ihdr_w,ihdr_h,img_w,img_h); + return OPJ_FALSE; + } if (!jp2->ignore_pclr_cmap_cdef){ if (!opj_jp2_check_color(p_image, &(jp2->color), p_manager)) { @@ -2563,6 +2583,7 @@ static OPJ_BOOL opj_jp2_read_jp2h( opj_jp2_t *jp2, } jp2->jp2_state |= JP2_STATE_HEADER; + jp2->has_jp2h = 1; return OPJ_TRUE; } @@ -2667,7 +2688,14 @@ OPJ_BOOL opj_jp2_read_header( opj_stream_private_t *p_stream, if (! opj_jp2_exec (jp2,jp2->m_procedure_list,p_stream,p_manager)) { return OPJ_FALSE; } - + if(jp2->has_jp2h == 0) { /* AFL test */ + opj_event_msg(p_manager, EVT_ERROR, "JP2H box missing. Required.\n"); + return OPJ_FALSE; + } + if(jp2->has_ihdr == 0) { /* AFL test */ + opj_event_msg(p_manager, EVT_ERROR, "IHDR box_missing. Required.\n"); + return OPJ_FALSE; + } return opj_j2k_read_header( p_stream, jp2->j2k, p_image, diff --git a/src/lib/openjp2/jp2.h b/src/lib/openjp2/jp2.h index b54d0bfd..a812be8e 100644 --- a/src/lib/openjp2/jp2.h +++ b/src/lib/openjp2/jp2.h @@ -195,6 +195,8 @@ typedef struct opj_jp2 opj_jp2_color_t color; OPJ_BOOL ignore_pclr_cmap_cdef; + OPJ_BYTE has_jp2h; /* for AFL test */ + OPJ_BYTE has_ihdr; /* for AFL test */ } opj_jp2_t; diff --git a/src/lib/openjp2/openjpeg.h b/src/lib/openjp2/openjpeg.h index 7912c236..09a488a9 100644 --- a/src/lib/openjp2/openjpeg.h +++ b/src/lib/openjp2/openjpeg.h @@ -564,7 +564,7 @@ typedef struct opj_dparameters { /* <tp_on){ } res = &comp->resolutions[pi->resno]; levelno = comp->numresolutions - 1 - pi->resno; + + if(levelno > 31) continue; /* AFL test */ + if((comp->dx << levelno) == 0) continue; /* AFL test */ + if((comp->dy << levelno) == 0) continue; /* AFL test */ + trx0 = opj_int_ceildiv(pi->tx0, (OPJ_INT32)(comp->dx << levelno)); try0 = opj_int_ceildiv(pi->ty0, (OPJ_INT32)(comp->dy << levelno)); trx1 = opj_int_ceildiv(pi->tx1, (OPJ_INT32)(comp->dx << levelno)); try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno)); rpx = res->pdx + levelno; rpy = res->pdy + levelno; - if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){ + if(rpx > 31 || rpy > 31) continue; /* AFL test. FIXME: 38, the Norm prec ? */ + if((comp->dy << rpy) == 0) continue; /* AFL test */ + if((comp->dx << rpx) == 0) continue; /* AFL test */ + if (!(((pi->y % (comp->dy << rpy)) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){ continue; } - if (!((pi->x % (OPJ_INT32)(comp->dx << rpx) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){ + if (!(((pi->x % (comp->dx << rpx)) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){ continue; } @@ -435,12 +443,20 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_iterator_t * pi) { OPJ_INT32 prci, prcj; res = &comp->resolutions[pi->resno]; levelno = comp->numresolutions - 1 - pi->resno; + + if(levelno > 31) continue; /* AFL test */ + if((comp->dx << levelno) == 0) continue; /* AFL test */ + if((comp->dy << levelno) == 0) continue; /* AFL test */ + trx0 = opj_int_ceildiv(pi->tx0, (OPJ_INT32)(comp->dx << levelno)); try0 = opj_int_ceildiv(pi->ty0, (OPJ_INT32)(comp->dy << levelno)); trx1 = opj_int_ceildiv(pi->tx1, (OPJ_INT32)(comp->dx << levelno)); try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno)); rpx = res->pdx + levelno; rpy = res->pdy + levelno; + if(rpx > 31 || rpy > 31) continue; /* AFL test. FIXME: 38, the Norm prec ? */ + if((comp->dy << rpy) == 0) continue; /* AFL test */ + if((comp->dx << rpx) == 0) continue; /* AFL test */ if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){ continue; } @@ -514,12 +530,20 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_iterator_t * pi) { OPJ_INT32 prci, prcj; res = &comp->resolutions[pi->resno]; levelno = comp->numresolutions - 1 - pi->resno; + if(levelno > 31) continue; /* AFL test */ + if((comp->dx << levelno) == 0) continue; /* AFL test */ + if((comp->dy << levelno) == 0) continue; /* AFL test */ + trx0 = opj_int_ceildiv(pi->tx0, (OPJ_INT32)(comp->dx << levelno)); try0 = opj_int_ceildiv(pi->ty0, (OPJ_INT32)(comp->dy << levelno)); trx1 = opj_int_ceildiv(pi->tx1, (OPJ_INT32)(comp->dx << levelno)); try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno)); rpx = res->pdx + levelno; rpy = res->pdy + levelno; + if(rpx > 31 || rpy > 31) continue; /* AFL test */ + if((comp->dx << rpx) == 0) continue; /* AFL test */ + if((comp->dy << rpy) == 0) continue; /* AFL test */ + if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){ continue; } @@ -612,6 +636,9 @@ static void opj_get_encoding_parameters( const opj_image_t *p_image, OPJ_UINT32 l_product; OPJ_INT32 l_tcx0, l_tcy0, l_tcx1, l_tcy1; + if(l_img_comp->dx == 0) continue; /* AFL test */ + if(l_img_comp->dy == 0) continue; /* AFL test */ + l_tcx0 = opj_int_ceildiv(*p_tx0, (OPJ_INT32)l_img_comp->dx); l_tcy0 = opj_int_ceildiv(*p_ty0, (OPJ_INT32)l_img_comp->dy); l_tcx1 = opj_int_ceildiv(*p_tx1, (OPJ_INT32)l_img_comp->dx); @@ -629,6 +656,9 @@ static void opj_get_encoding_parameters( const opj_image_t *p_image, l_pdx = l_tccp->prcw[resno]; l_pdy = l_tccp->prch[resno]; + if((l_pdx + l_tccp->numresolutions - 1 - resno) > 31) continue; /* AFL test */ + if((l_pdy + l_tccp->numresolutions - 1 - resno) > 31) continue; /* AFL test */ + l_dx = l_img_comp->dx * (1u << (l_pdx + l_tccp->numresolutions - 1 - resno)); l_dy = l_img_comp->dy * (1u << (l_pdy + l_tccp->numresolutions - 1 - resno)); @@ -639,6 +669,9 @@ static void opj_get_encoding_parameters( const opj_image_t *p_image, /* various calculations of extents */ l_level_no = l_tccp->numresolutions - 1 - resno; + if(l_level_no > 31) continue; /* AFL test */ + if(l_pdx > 31 || l_pdy > 31) continue; /* AFL test */ + l_rx0 = opj_int_ceildivpow2(l_tcx0, (OPJ_INT32)l_level_no); l_ry0 = opj_int_ceildivpow2(l_tcy0, (OPJ_INT32)l_level_no); l_rx1 = opj_int_ceildivpow2(l_tcx1, (OPJ_INT32)l_level_no); @@ -735,6 +768,8 @@ static void opj_get_all_encoding_parameters( const opj_image_t *p_image, OPJ_INT32 l_tcx0, l_tcy0, l_tcx1, l_tcy1; OPJ_UINT32 l_pdx, l_pdy , l_pw , l_ph; + if(l_img_comp->dx == 0 || l_img_comp->dy == 0) continue; /* AFL test */ + lResolutionPtr = p_resolutions[compno]; l_tcx0 = opj_int_ceildiv(*p_tx0, (OPJ_INT32)l_img_comp->dx); diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c index 5a8d440c..5e6e5452 100644 --- a/src/lib/openjp2/t2.c +++ b/src/lib/openjp2/t2.c @@ -1162,7 +1162,7 @@ static OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, do { /* Check possible overflow (on l_current_data only, assumes input args already checked) then size */ if ((((OPJ_SIZE_T)l_current_data + (OPJ_SIZE_T)l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) { - opj_event_msg(p_manager, EVT_ERROR, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", + opj_event_msg(p_manager, EVT_ERROR, "read: segment too long (%u) with max (%u) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); return OPJ_FALSE; } @@ -1188,7 +1188,7 @@ static OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, #endif /* USE_JPWL */ /* Check possible overflow on size */ if ((l_cblk->data_current_size + l_seg->newlen) < l_cblk->data_current_size) { - opj_event_msg(p_manager, EVT_ERROR, "read: segment too long (%d) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", + opj_event_msg(p_manager, EVT_ERROR, "read: segment too long (%u) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", l_seg->newlen, l_cblk->data_current_size, 0xFFFFFFFF - l_seg->newlen, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); return OPJ_FALSE; } diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c index 36f40843..128e6a5f 100644 --- a/src/lib/openjp2/tcd.c +++ b/src/lib/openjp2/tcd.c @@ -724,6 +724,10 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no, for (compno = 0; compno < l_tile->numcomps; ++compno) { /*fprintf(stderr, "compno = %d/%d\n", compno, l_tile->numcomps);*/ l_image_comp->resno_decoded = 0; + + if(l_image_comp->dx == 0 || l_image_comp->dy == 0){ /* AFL test */ + return OPJ_FALSE; + } /* border of each l_tile component (global) */ l_tilec->x0 = opj_int_ceildiv(l_tile->x0, (OPJ_INT32)l_image_comp->dx); l_tilec->y0 = opj_int_ceildiv(l_tile->y0, (OPJ_INT32)l_image_comp->dy); @@ -1366,6 +1370,7 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_tcd_t *p_tcd, opj_tcd_resolution_t * l_res; OPJ_UINT32 l_size_comp, l_remaining; OPJ_UINT32 l_stride, l_width,l_height; + OPJ_UINT32 l_w0 = 0, l_h0 = 0, l_size_comp0 = 0, l_ycc; l_data_size = opj_tcd_get_decoded_tile_size(p_tcd); if (l_data_size > p_dest_length) { @@ -1374,7 +1379,7 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_tcd_t *p_tcd, l_tilec = p_tcd->tcd_image->tiles->comps; l_img_comp = p_tcd->image->comps; - + l_ycc = (p_tcd->enumcs == 18); for (i=0;iimage->numcomps;++i) { l_size_comp = l_img_comp->prec >> 3; /*(/ 8)*/ l_remaining = l_img_comp->prec & 7; /* (%8) */ @@ -1382,7 +1387,9 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_tcd_t *p_tcd, l_width = (OPJ_UINT32)(l_res->x1 - l_res->x0); l_height = (OPJ_UINT32)(l_res->y1 - l_res->y0); l_stride = (OPJ_UINT32)(l_tilec->x1 - l_tilec->x0) - l_width; - + if(l_res->x0 >= l_res->x1 || l_res->y0 >= l_res->y1) { /* AFL test */ + fprintf(stdout,"[WARNING] component[%u] width %d or height %d <= 0\n",i,l_width,l_height); + } if (l_remaining) { ++l_size_comp; } @@ -1391,6 +1398,14 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_tcd_t *p_tcd, l_size_comp = 4; } + if(i == 0) { /* AFL test */ + l_size_comp0 = l_size_comp; + } + else + if(l_ycc == 0 && (l_size_comp != l_size_comp0)) { /* AFL test */ + fprintf(stdout,"[ERROR] component[%u] size_comp(%u) vs. component[0] size_comp(%u)\n",i,l_size_comp,l_size_comp0); + return OPJ_FALSE; + } switch (l_size_comp) { case 1: diff --git a/src/lib/openjp2/tcd.h b/src/lib/openjp2/tcd.h index 76eff005..3c787ecd 100644 --- a/src/lib/openjp2/tcd.h +++ b/src/lib/openjp2/tcd.h @@ -222,6 +222,8 @@ typedef struct opj_tcd OPJ_BITFIELD m_is_decoder : 1; /** Thread pool */ opj_thread_pool_t* thread_pool; + /** AFL test */ + OPJ_UINT32 enumcs; } opj_tcd_t; /** @name Exported functions */