Protection of AFL havocs in issues 811,862,863,871,872,879,880

This commit is contained in:
szukw000 2017-01-11 07:16:18 +01:00
parent 7113c4e3bb
commit c97851aa37
12 changed files with 312 additions and 67 deletions

View File

@ -402,6 +402,26 @@ void color_apply_icc_profile(opj_image_t *image)
if(out_space == cmsSigRgbData) /* enumCS 16 */
{
unsigned int i, nr_comp = image->numcomps;
if (nr_comp > 4) {
nr_comp = 4;
}
for (i = 1; i < nr_comp; ++i) { /* AFL test */
if (image->comps[0].dx != image->comps[i].dx) break;
if (image->comps[0].dy != image->comps[i].dy) break;
if (image->comps[0].prec != image->comps[i].prec) break;
if (image->comps[0].sgnd != image->comps[i].sgnd) break;
}
if (i != nr_comp) {
cmsCloseProfile(in_prof);
return;
}
if( prec <= 8 )
{
in_type = TYPE_RGB_8;
@ -442,6 +462,7 @@ void color_apply_icc_profile(opj_image_t *image)
return;
}
if(out_prof == NULL)
{
cmsCloseProfile(in_prof);
@ -449,7 +470,7 @@ void color_apply_icc_profile(opj_image_t *image)
}
#ifdef DEBUG_PROFILE
fprintf(stderr,"%s:%d:color_apply_icc_profile\n\tchannels(%d) prec(%d) w(%d) h(%d)"
fprintf(stderr,"%s:%d:color_apply_icc_profile\n\tchannels(%d) prec(%d) w(%ld) h(%ld)"
"\n\tprofile: in(%p) out(%p)\n",__FILE__,__LINE__,image->numcomps,prec,
max_w,max_h, (void*)in_prof,(void*)out_prof);

View File

@ -906,9 +906,10 @@ int imagetotga(opj_image_t * image, const char *outfile) {
for (i = 0; i < image->numcomps-1; i++) {
if ((image->comps[0].dx != image->comps[i+1].dx)
||(image->comps[0].dy != image->comps[i+1].dy)
||(image->comps[0].prec != image->comps[i+1].prec)) {
||(image->comps[0].prec != image->comps[i+1].prec)
||(image->comps[0].sgnd != image->comps[i+1].sgnd)) {
fclose(fdest);
fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.\n");
return 1;
}
}
@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
int *red, *green, *blue, *alpha;
int wr, hr, max;
int i;
unsigned int compno, ncomp;
unsigned int compno, ncomp, ui;
int adjustR, adjustG, adjustB, adjustA;
int fails, two, want_gray, has_alpha, triple;
int prec, v;
@ -1777,6 +1778,8 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
&& image->comps[1].dy == image->comps[2].dy
&& image->comps[0].prec == image->comps[1].prec
&& image->comps[1].prec == image->comps[2].prec
&& image->comps[1].sgnd == image->comps[2].sgnd
&& image->comps[1].sgnd == image->comps[2].sgnd
)))
{
fdest = fopen(outfile, "wb");
@ -1904,6 +1907,8 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
fprintf(stderr, "imagetopnm: memory out\n");
return 1;
}
fprintf(stderr, " imagetopnm: creating %d .pgm files.\n",ncomp);
for (compno = 0; compno < ncomp; compno++)
{
if (ncomp > 1)
@ -2126,7 +2131,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
{
FILE *rawFile = NULL;
size_t res;
unsigned int compno;
unsigned int compno, numcomps;
int w, h, fails;
int line, row, curr, mask;
int *ptr;
@ -2139,6 +2144,32 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
return 1;
}
numcomps = image->numcomps;
if (numcomps > 4) {
numcomps = 4;
}
for (compno = 1; compno < numcomps; ++compno) {
if (image->comps[0].dx != image->comps[compno].dx) {
break;
}
if (image->comps[0].dy != image->comps[compno].dy) {
break;
}
if (image->comps[0].prec != image->comps[compno].prec) {
break;
}
if (image->comps[0].sgnd != image->comps[compno].sgnd) {
break;
}
}
if (compno != numcomps) {
fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
fprintf(stderr,"\tAborting\n");
return 1;
}
rawFile = fopen(outfile, "wb");
if (!rawFile) {
fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
@ -2146,9 +2177,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
}
fails = 1;
fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
for(compno = 0; compno < image->numcomps; compno++)
for(compno = 0; compno < numcomps; compno++)
{
fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
@ -2238,7 +2269,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
}
else if (image->comps[compno].prec <= 32)
{
fprintf(stderr,"More than 16 bits per component no handled yet\n");
fprintf(stderr,"More than 16 bits per component not handled yet\n");
goto fin;
}
else

View File

@ -807,7 +807,7 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
int adjustR, adjustG, adjustB;
if (image->comps[0].prec < 8) {
fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
return 1;
}
if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
@ -815,7 +815,9 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
&& image->comps[0].dy == image->comps[1].dy
&& image->comps[1].dy == image->comps[2].dy
&& image->comps[0].prec == image->comps[1].prec
&& image->comps[1].prec == image->comps[2].prec) {
&& image->comps[1].prec == image->comps[2].prec
&& image->comps[0].sgnd == image->comps[1].sgnd
&& image->comps[1].sgnd == image->comps[2].sgnd) {
/* -->> -->> -->> -->>
24 bits color
@ -925,6 +927,9 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
fprintf(stderr, "ERROR -> failed to open %s for writing\n", outfile);
return 1;
}
if(image->numcomps > 1){
fprintf(stderr,"imagetobmp: only first component of %d is used.\n",image->numcomps);
}
w = (int)image->comps[0].w;
h = (int)image->comps[0].h;

View File

@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len
int imagetotif(opj_image_t * image, const char *outfile)
{
int width, height;
int bps,adjust, sgnd;
int tiPhoto;
uint32 width, height, bps, tiPhoto;
int adjust, sgnd;
TIFF *tif;
tdata_t buf;
tsize_t strip_size;
tmsize_t strip_size, rowStride;
OPJ_UINT32 i, numcomps;
OPJ_SIZE_T rowStride;
OPJ_INT32* buffer32s = NULL;
OPJ_INT32 const* planes[4];
convert_32s_PXCX cvtPxToCx = NULL;
convert_32sXXx_C1R cvt32sToTif = NULL;
bps = (int)image->comps[0].prec;
bps = (uint32)image->comps[0].prec;
planes[0] = image->comps[0].data;
numcomps = image->numcomps;
@ -590,6 +588,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
} else {
tiPhoto = PHOTOMETRIC_MINISBLACK;
}
for (i = 1U; i < numcomps; ++i) {
if (image->comps[0].dx != image->comps[i].dx) {
break;
@ -610,7 +609,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
fprintf(stderr,"\tAborting\n");
return 1;
}
if(bps > 16) bps = 0;
if(bps == 0)
{
@ -674,13 +673,13 @@ int imagetotif(opj_image_t * image, const char *outfile)
break;
}
sgnd = (int)image->comps[0].sgnd;
adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0;
width = (int)image->comps[0].w;
height = (int)image->comps[0].h;
adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0;
width = (uint32)image->comps[0].w;
height = (uint32)image->comps[0].h;
TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width);
TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height);
TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps);
TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps);
TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps);
TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT);
TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
@ -688,8 +687,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
strip_size = TIFFStripSize(tif);
rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U;
if (rowStride != (OPJ_SIZE_T)strip_size) {
rowStride = (width * numcomps * bps + 7U) / 8U;
if (rowStride != strip_size) {
fprintf(stderr, "Invalid TIFF strip size\n");
TIFFClose(tif);
return 1;
@ -699,7 +698,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
TIFFClose(tif);
return 1;
}
buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32));
buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
if (buffer32s == NULL) {
_TIFFfree(buf);
TIFFClose(tif);
@ -1211,20 +1210,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
TIFF *tif;
tdata_t buf;
tstrip_t strip;
tsize_t strip_size;
tmsize_t strip_size;
int j, currentPlane, numcomps = 0, w, h;
OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN;
opj_image_cmptparm_t cmptparm[4]; /* RGBA */
opj_image_t *image = NULL;
int has_alpha = 0;
unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC;
unsigned int tiWidth, tiHeight;
uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight;
OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz);
convert_XXx32s_C1R cvtTifTo32s = NULL;
convert_32s_CXPX cvtCxToPx = NULL;
OPJ_INT32* buffer32s = NULL;
OPJ_INT32* planes[4];
OPJ_SIZE_T rowStride;
tmsize_t rowStride;
tif = TIFFOpen(filename, "r");
@ -1243,22 +1241,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
w= (int)tiWidth;
h= (int)tiHeight;
if(tiBps > 16U) {
fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps);
fprintf(stderr,"\tAborting\n");
if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n"
"\tAborting.\n", tiSpp);
TIFFClose(tif);
return NULL;
}
if(tiBps > 16U || tiBps == 0) {
fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n"
"\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps);
TIFFClose(tif);
return NULL;
}
if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) {
fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
fprintf(stderr,"tiftoimage: Bad color format %d.\n"
"\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
fprintf(stderr,"\tAborting\n");
TIFFClose(tif);
return NULL;
}
if(tiWidth == 0 || tiHeight == 0) {
fprintf(stderr,"tiftoimage: Bad values for width(%u) "
"and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight);
TIFFClose(tif);
return NULL;
}
w= (int)tiWidth;
h= (int)tiHeight;
switch (tiBps) {
case 1:
case 2:
@ -1312,7 +1323,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES,
&extrasamples, &sampleinfo);
if(extrasamples >= 1)
{
switch(sampleinfo[0])
@ -1333,7 +1344,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
else /* extrasamples == 0 */
if(tiSpp == 4 || tiSpp == 2) has_alpha = 1;
}
/* initialize image components */
memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t));
@ -1346,7 +1357,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
} else {
is_cinema = 0U;
}
if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */
{
numcomps = 3 + has_alpha;
@ -1384,10 +1395,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
image->x0 = (OPJ_UINT32)parameters->image_offset_x0;
image->y0 = (OPJ_UINT32)parameters->image_offset_y0;
image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 :
image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
if(image->x1 <= image->x0) {
fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. "
"image->x0(%d)\n\tAborting.\n",image->x1,image->x0);
TIFFClose(tif);
opj_image_destroy(image);
return NULL;
}
image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 :
image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
if(image->y1 <= image->y0) {
fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. "
"image->y0(%d)\n\tAborting.\n",image->y1,image->y0);
TIFFClose(tif);
opj_image_destroy(image);
return NULL;
}
for(j = 0; j < numcomps; j++)
{
planes[j] = image->comps[j].data;
@ -1395,15 +1420,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1));
strip_size = TIFFStripSize(tif);
buf = _TIFFmalloc(strip_size);
if (buf == NULL) {
TIFFClose(tif);
opj_image_destroy(image);
return NULL;
}
rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U;
buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32));
rowStride = (w * tiSpp * tiBps + 7U) / 8U;
buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32)));
if (buffer32s == NULL) {
_TIFFfree(buf);
TIFFClose(tif);
@ -1421,11 +1446,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++)
{
const OPJ_UINT8 *dat8;
OPJ_SIZE_T ssize;
tmsize_t ssize;
ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size);
ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size);
if(ssize < 1 || ssize > strip_size) {
fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) "
"vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size);
_TIFFfree(buf);
_TIFFfree(buffer32s);
TIFFClose(tif);
opj_image_destroy(image);
return NULL;
}
dat8 = (const OPJ_UINT8*)buf;
while (ssize >= rowStride) {
cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp);
cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w);

View File

@ -1503,7 +1503,7 @@ int main(int argc, char **argv)
failed = 1;
}
else {
fprintf(stdout,"[INFO] Generated Outfile %s\n",parameters.outfile);
fprintf(stdout,"[INFO] Generated Outfile %s (or .pgm files)\n",parameters.outfile);
}
break;
@ -1607,7 +1607,7 @@ fin:
if(dirptr->filename_buf) free(dirptr->filename_buf);
free(dirptr);
}
if (numDecompressedImages) {
if (numDecompressedImages && !failed) {
fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
}
return failed ? EXIT_FAILURE : EXIT_SUCCESS;

View File

@ -2000,6 +2000,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
OPJ_UINT32 l_remaining_size;
OPJ_UINT32 l_nb_tiles;
OPJ_UINT32 l_tmp, l_tx1, l_ty1;
OPJ_UINT32 l_prec0, l_sgnd0;
opj_image_t *l_image = 00;
opj_cp_t *l_cp = 00;
opj_image_comp_t * l_img_comp = 00;
@ -2085,7 +2086,19 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: illegal tile offset\n");
return OPJ_FALSE;
}
{
OPJ_UINT32 siz_w, siz_h, tile_w, tile_h; /* AFL test */
siz_w = l_image->x1 - l_image->x0;
siz_h = l_image->y1 - l_image->y0;
tile_w = l_cp->tdx - l_cp->tx0;
tile_h = l_cp->tdy - l_cp->ty0;
if(tile_w > siz_w || tile_h > siz_h) { /* AFL test */
opj_event_msg(p_manager, EVT_ERROR, "Error with SIZ marker: IMAGE w(%u) h(%u) vs. TILE w(%u) h(%u)\n", siz_w, siz_h, tile_w, tile_h);
return OPJ_FALSE;
}
}
#ifdef USE_JPWL
if (l_cp->correct) {
/* if JPWL is on, we check whether TX errors have damaged
@ -2138,6 +2151,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
l_img_comp = l_image->comps;
l_prec0 = 0; l_sgnd0 = 0;
/* Read the component information */
for (i = 0; i < l_image->numcomps; ++i){
OPJ_UINT32 tmp;
@ -2145,6 +2159,19 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
++p_header_data;
l_img_comp->prec = (tmp & 0x7f) + 1;
l_img_comp->sgnd = tmp >> 7;
if(i == 0) {/* AFL test */
l_prec0 = l_img_comp->prec; l_sgnd0 = l_img_comp->sgnd;
}
else
if(l_cp->bpc_is_255 == 0
&& (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {/* AFL test */
opj_event_msg(p_manager, EVT_ERROR,
"Invalid precision and/or sgnd values for comp[%d]:\n"
" [0] prec(%d) sgnd(%d) [%d] prec(%d) sgnd(%d)\n",i,l_prec0,l_sgnd0,
i,l_img_comp->prec,l_img_comp->sgnd);
return OPJ_FALSE;
}
opj_read_bytes(p_header_data,&tmp,1); /* XRsiz_i */
++p_header_data;
l_img_comp->dx = (OPJ_UINT32)tmp; /* should be between 1 and 255 */
@ -2158,7 +2185,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
i, l_img_comp->dx, l_img_comp->dy);
return OPJ_FALSE;
}
if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
opj_event_msg(p_manager, EVT_ERROR,
"Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
i, l_img_comp->prec);
@ -2197,6 +2224,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
++l_img_comp;
}
if(l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */
return OPJ_FALSE;
}
/* Compute the number of tiles */
l_cp->tw = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(l_image->x1 - l_cp->tx0), (OPJ_INT32)l_cp->tdx);
l_cp->th = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(l_image->y1 - l_cp->ty0), (OPJ_INT32)l_cp->tdy);
@ -2214,6 +2244,9 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
if (p_j2k->m_specific_param.m_decoder.m_discard_tiles) {
p_j2k->m_specific_param.m_decoder.m_start_tile_x = (p_j2k->m_specific_param.m_decoder.m_start_tile_x - l_cp->tx0) / l_cp->tdx;
p_j2k->m_specific_param.m_decoder.m_start_tile_y = (p_j2k->m_specific_param.m_decoder.m_start_tile_y - l_cp->ty0) / l_cp->tdy;
if(l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */
return OPJ_FALSE;
}
p_j2k->m_specific_param.m_decoder.m_end_tile_x = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(p_j2k->m_specific_param.m_decoder.m_end_tile_x - l_cp->tx0), (OPJ_INT32)l_cp->tdx);
p_j2k->m_specific_param.m_decoder.m_end_tile_y = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(p_j2k->m_specific_param.m_decoder.m_end_tile_y - l_cp->ty0), (OPJ_INT32)l_cp->tdy);
}
@ -4791,6 +4824,9 @@ static OPJ_BOOL opj_j2k_update_rates( opj_j2k_t *p_j2k,
l_tile_size = 0;
for (i=0;i<l_image->numcomps;++i) {
if(l_img_comp->dx == 0 || l_img_comp->dy == 0) { /* AFL test */
return OPJ_FALSE;
}
l_tile_size += ( opj_uint_ceildiv(l_cp->tdx,l_img_comp->dx)
*
opj_uint_ceildiv(l_cp->tdy,l_img_comp->dy)
@ -4855,7 +4891,7 @@ static OPJ_BOOL opj_j2k_read_eoc ( opj_j2k_t *p_j2k,
if (l_tcp->m_data) {
if (! opj_tcd_init_decode_tile(l_tcd, i)) {
opj_tcd_destroy(l_tcd);
opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile, memory error\n");
opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile %d\n",i);
return OPJ_FALSE;
}
@ -6454,6 +6490,9 @@ OPJ_BOOL opj_j2k_setup_encoder( opj_j2k_t *p_j2k,
*/
if (parameters->tile_size_on) {
if(cp->tdx == 0 || cp->tdy == 0) { /* AFL test */
return OPJ_FALSE;
}
cp->tw = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(image->x1 - cp->tx0), (OPJ_INT32)cp->tdx);
cp->th = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(image->y1 - cp->ty0), (OPJ_INT32)cp->tdy);
} else {
@ -8130,7 +8169,7 @@ OPJ_BOOL opj_j2k_read_tile_header( opj_j2k_t * p_j2k,
}
/*FIXME ???*/
if (! opj_tcd_init_decode_tile(p_j2k->m_tcd, p_j2k->m_current_tile_number, p_manager)) {
opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile, memory error\n");
opj_event_msg(p_manager, EVT_ERROR, "Cannot decode tile %d\n",p_j2k->m_current_tile_number);
return OPJ_FALSE;
}
@ -8244,6 +8283,7 @@ static OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data,
OPJ_UINT32 l_start_x_dest , l_start_y_dest;
OPJ_UINT32 l_x0_dest, l_y0_dest, l_x1_dest, l_y1_dest;
OPJ_SIZE_T l_start_offset_dest, l_line_offset_dest;
OPJ_UINT32 src_w0 = 0, src_h0 = 0;
opj_image_comp_t * l_img_comp_src = 00;
opj_image_comp_t * l_img_comp_dest = 00;
@ -8304,6 +8344,16 @@ static OPJ_BOOL opj_j2k_update_image_data (opj_tcd_t * p_tcd, OPJ_BYTE * p_data,
l_width_src = (OPJ_UINT32)(l_res->x1 - l_res->x0);
l_height_src = (OPJ_UINT32)(l_res->y1 - l_res->y0);
if(i == 0) {/* AFL test */
src_w0 = l_width_src; src_h0 = l_height_src;
}
else {
if(l_width_src != src_w0 || l_height_src != src_h0) {/* AFL test */
fprintf(stderr,"[ERROR] component[%u] w(%u) h(%u) vs. component[0] w(%u) h(%u)\n",
i,l_width_src,l_height_src,src_w0,src_h0);
return OPJ_FALSE;
}
}
/* Border of the current output component*/
l_x0_dest = opj_uint_ceildivpow2(l_img_comp_dest->x0, l_img_comp_dest->factor);
l_y0_dest = opj_uint_ceildivpow2(l_img_comp_dest->y0, l_img_comp_dest->factor);
@ -8593,6 +8643,9 @@ OPJ_BOOL opj_j2k_set_decode_area( opj_j2k_t *p_j2k,
p_image->x1 = l_image->x1;
}
else {
if(l_cp->tdx == 0) { /* AFL test */
return OPJ_FALSE;
}
p_j2k->m_specific_param.m_decoder.m_end_tile_x = (OPJ_UINT32)opj_int_ceildiv(p_end_x - (OPJ_INT32)l_cp->tx0, (OPJ_INT32)l_cp->tdx);
p_image->x1 = (OPJ_UINT32)p_end_x;
}
@ -8612,6 +8665,9 @@ OPJ_BOOL opj_j2k_set_decode_area( opj_j2k_t *p_j2k,
p_image->y1 = l_image->y1;
}
else{
if(l_cp->tdy == 0) { /* AFL test */
return OPJ_FALSE;
}
p_j2k->m_specific_param.m_decoder.m_end_tile_y = (OPJ_UINT32)opj_int_ceildiv(p_end_y - (OPJ_INT32)l_cp->ty0, (OPJ_INT32)l_cp->tdy);
p_image->y1 = (OPJ_UINT32)p_end_y;
}
@ -8623,7 +8679,9 @@ OPJ_BOOL opj_j2k_set_decode_area( opj_j2k_t *p_j2k,
for (it_comp=0; it_comp < p_image->numcomps; ++it_comp)
{
OPJ_INT32 l_h,l_w;
if(l_img_comp->dx == 0 || l_img_comp->dy == 0) { /* AFL test */
return OPJ_FALSE;
}
l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, (OPJ_INT32)l_img_comp->dx);
l_img_comp->y0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->y0, (OPJ_INT32)l_img_comp->dy);
l_comp_x1 = opj_int_ceildiv((OPJ_INT32)p_image->x1, (OPJ_INT32)l_img_comp->dx);
@ -9779,10 +9837,10 @@ static OPJ_BOOL opj_j2k_decode_tiles ( opj_j2k_t *p_j2k,
opj_event_mgr_t * p_manager)
{
OPJ_BOOL l_go_on = OPJ_TRUE;
OPJ_UINT32 l_current_tile_no;
OPJ_UINT32 l_current_tile_no = 0;
OPJ_UINT32 l_data_size,l_max_data_size;
OPJ_INT32 l_tile_x0,l_tile_y0,l_tile_x1,l_tile_y1;
OPJ_UINT32 l_nb_comps;
OPJ_UINT32 l_nb_comps = 0;
OPJ_BYTE * l_current_data;
OPJ_UINT32 nr_tiles = 0;
@ -9791,9 +9849,10 @@ static OPJ_BOOL opj_j2k_decode_tiles ( opj_j2k_t *p_j2k,
opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to decode tiles\n");
return OPJ_FALSE;
}
l_max_data_size = 1000;
l_max_data_size = 1000; l_data_size = 0;
for (;;) {
l_tile_x0 = l_tile_y0 = l_tile_x1 = l_tile_y1 = 0;
if (! opj_j2k_read_tile_header( p_j2k,
&l_current_tile_no,
&l_data_size,
@ -10030,6 +10089,9 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
for (compno = 0; compno < p_image->numcomps; compno++) {
p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
if(p_image->comps[compno].data == NULL){/* AFL test */
return OPJ_FALSE;
}
#if 0
char fn[256];
sprintf( fn, "/tmp/%d.raw", compno );
@ -10086,6 +10148,9 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k,
{
OPJ_INT32 l_comp_x1, l_comp_y1;
if(l_img_comp->dx == 0 || l_img_comp->dy == 0) { /* AFL test */
return OPJ_FALSE;
}
l_img_comp->factor = p_j2k->m_private_image->comps[compno].factor;
l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, (OPJ_INT32)l_img_comp->dx);
@ -10131,6 +10196,9 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k,
p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
if(p_image->comps[compno].data == NULL){/* AFL test */
return OPJ_FALSE;
}
p_j2k->m_output_image->comps[compno].data = NULL;
}
@ -10379,9 +10447,10 @@ static void opj_get_tile_dimensions(opj_image_t * l_image,
if (*l_size_comp == 3) {
*l_size_comp = 4;
}
/* AFL test missing */
*l_width = (OPJ_UINT32)(l_tilec->x1 - l_tilec->x0);
*l_height = (OPJ_UINT32)(l_tilec->y1 - l_tilec->y0);
*l_offset_x = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)l_image->x0, (OPJ_INT32)l_img_comp->dx);
*l_offset_y = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)l_image->y0, (OPJ_INT32)l_img_comp->dy);
*l_image_width = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)l_image->x1 - (OPJ_INT32)l_image->x0, (OPJ_INT32)l_img_comp->dx);

View File

@ -456,6 +456,8 @@ typedef struct opj_cp
OPJ_BITFIELD ppm : 1;
/** tells if the parameter is a coding or decoding one */
OPJ_BITFIELD m_is_decoder : 1;
/** if 1 then components vary in bit_depth, sign; else all are the same */
OPJ_BITFIELD bpc_is_255 : 1; /* for AFL test */
/* <<UniPG */
} opj_cp_t;
@ -595,6 +597,9 @@ typedef struct opj_j2k
/** Thread pool */
opj_thread_pool_t* m_tp;
OPJ_UINT32 ihdr_w; /* for AFL test */
OPJ_UINT32 ihdr_h; /* for AFL test */
}
opj_j2k_t;

View File

@ -570,7 +570,7 @@ static OPJ_BOOL opj_jp2_read_ihdr( opj_jp2_t *jp2,
p_image_header_data += 2;
if ((jp2->numcomps - 1U) >= 16384U) { /* unsigned underflow is well defined: 1U <= jp2->numcomps <= 16384U */
opj_event_msg(p_manager, EVT_ERROR, "Invalid number of components (ihdr)\n");
opj_event_msg(p_manager, EVT_ERROR, "Invalid number of components (ihdr): %u\n", jp2->numcomps);
return OPJ_FALSE;
}
@ -597,6 +597,11 @@ static OPJ_BOOL opj_jp2_read_ihdr( opj_jp2_t *jp2,
opj_read_bytes(p_image_header_data,&(jp2->IPR),1); /* IPR */
++ p_image_header_data;
jp2->j2k->m_cp.bpc_is_255 = (jp2->bpc == 255); /* For AFL test */
jp2->j2k->ihdr_w = jp2->w; /* For AFL test */
jp2->j2k->ihdr_h = jp2->h; /* For AFL test */
jp2->has_ihdr = 1; /* For AFL test */
return OPJ_TRUE;
}
@ -912,7 +917,10 @@ static OPJ_BOOL opj_jp2_check_color(opj_image_t *image, opj_jp2_color_t *color,
/* verify that no component is targeted more than once */
for (i = 0; i < nr_channels; i++) {
OPJ_UINT16 pcol = cmap[i].pcol;
assert(cmap[i].mtyp == 0 || cmap[i].mtyp == 1);
if(cmap[i].mtyp != 0 && cmap[i].mtyp != 1) {/* AFL test */
opj_event_msg(p_manager, EVT_ERROR, "Invalid cmap[%d].mtyp ==> %d\n",i,cmap[i].mtyp);
is_sane = OPJ_FALSE;
}
if (pcol >= nr_channels) {
opj_event_msg(p_manager, EVT_ERROR, "Invalid component/palette index for direct mapping %d.\n", pcol);
is_sane = OPJ_FALSE;
@ -1484,8 +1492,8 @@ static OPJ_BOOL opj_jp2_read_colr( opj_jp2_t *jp2,
{
/* ISO/IEC 15444-1:2004 (E), Table I.9 Legal METH values:
conforming JP2 reader shall ignore the entire Colour Specification box.*/
opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular value (%d), "
"so we will ignore the entire Colour Specification box. \n", jp2->meth);
opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular value (%d),\n"
" so we will ignore the entire Colour Specification box. \n", jp2->meth);
}
return OPJ_TRUE;
}
@ -1495,6 +1503,8 @@ OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2,
opj_image_t* p_image,
opj_event_mgr_t * p_manager)
{
OPJ_UINT32 ihdr_w, ihdr_h, img_w, img_h;
if (!p_image)
return OPJ_FALSE;
@ -1503,6 +1513,14 @@ OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2,
opj_event_msg(p_manager, EVT_ERROR, "Failed to decode the codestream in the JP2 file\n");
return OPJ_FALSE;
}
/* AFL test: */
ihdr_w = jp2->w; ihdr_h = jp2->h;
img_w = p_image->x1 - p_image->x0; img_h = p_image->y1 - p_image->y0;
if(img_w > ihdr_w || img_h > ihdr_h) {
opj_event_msg(p_manager, EVT_ERROR, "IHDR w(%u) h(%u) vs. IMAGE w(%u) h(%u)\n",ihdr_w,ihdr_h,img_w,img_h);
return OPJ_FALSE;
}
if (!jp2->ignore_pclr_cmap_cdef){
if (!opj_jp2_check_color(p_image, &(jp2->color), p_manager)) {
@ -2563,6 +2581,7 @@ static OPJ_BOOL opj_jp2_read_jp2h( opj_jp2_t *jp2,
}
jp2->jp2_state |= JP2_STATE_HEADER;
jp2->has_jp2h = 1;
return OPJ_TRUE;
}
@ -2667,7 +2686,16 @@ OPJ_BOOL opj_jp2_read_header( opj_stream_private_t *p_stream,
if (! opj_jp2_exec (jp2,jp2->m_procedure_list,p_stream,p_manager)) {
return OPJ_FALSE;
}
/* AFL test: */
if(jp2->has_jp2h == 0) {
opj_event_msg(p_manager, EVT_ERROR, "JP2H box missing. Required.\n");
return OPJ_FALSE;
}
/* AFL test: */
if(jp2->has_ihdr == 0) {
opj_event_msg(p_manager, EVT_ERROR, "IHDR box_missing. Required.\n");
return OPJ_FALSE;
}
return opj_j2k_read_header( p_stream,
jp2->j2k,
p_image,

View File

@ -195,6 +195,8 @@ typedef struct opj_jp2
opj_jp2_color_t color;
OPJ_BOOL ignore_pclr_cmap_cdef;
OPJ_BYTE has_jp2h; /* for AFL test */
OPJ_BYTE has_ihdr; /* for AFL test */
}
opj_jp2_t;

View File

@ -354,16 +354,24 @@ if (!pi->tp_on){
}
res = &comp->resolutions[pi->resno];
levelno = comp->numresolutions - 1 - pi->resno;
if(levelno > 31) continue; /* AFL test */
if((comp->dx << levelno) == 0) continue; /* AFL test */
if((comp->dy << levelno) == 0) continue; /* AFL test */
trx0 = opj_int_ceildiv(pi->tx0, (OPJ_INT32)(comp->dx << levelno));
try0 = opj_int_ceildiv(pi->ty0, (OPJ_INT32)(comp->dy << levelno));
trx1 = opj_int_ceildiv(pi->tx1, (OPJ_INT32)(comp->dx << levelno));
try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno));
rpx = res->pdx + levelno;
rpy = res->pdy + levelno;
if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
if(rpx > 31 || rpy > 31) continue; /* AFL test. FIXME: 38, the Norm prec ? */
if((comp->dy << rpy) == 0) continue; /* AFL test */
if((comp->dx << rpx) == 0) continue; /* AFL test */
if (!(((pi->y % (comp->dy << rpy)) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
continue;
}
if (!((pi->x % (OPJ_INT32)(comp->dx << rpx) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){
if (!(((pi->x % (comp->dx << rpx)) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){
continue;
}
@ -435,12 +443,20 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_iterator_t * pi) {
OPJ_INT32 prci, prcj;
res = &comp->resolutions[pi->resno];
levelno = comp->numresolutions - 1 - pi->resno;
if(levelno > 31) continue; /* AFL test */
if((comp->dx << levelno) == 0) continue; /* AFL test */
if((comp->dy << levelno) == 0) continue; /* AFL test */
trx0 = opj_int_ceildiv(pi->tx0, (OPJ_INT32)(comp->dx << levelno));
try0 = opj_int_ceildiv(pi->ty0, (OPJ_INT32)(comp->dy << levelno));
trx1 = opj_int_ceildiv(pi->tx1, (OPJ_INT32)(comp->dx << levelno));
try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno));
rpx = res->pdx + levelno;
rpy = res->pdy + levelno;
if(rpx > 31 || rpy > 31) continue; /* AFL test. FIXME: 38, the Norm prec ? */
if((comp->dy << rpy) == 0) continue; /* AFL test */
if((comp->dx << rpx) == 0) continue; /* AFL test */
if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
continue;
}
@ -514,12 +530,20 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_iterator_t * pi) {
OPJ_INT32 prci, prcj;
res = &comp->resolutions[pi->resno];
levelno = comp->numresolutions - 1 - pi->resno;
if(levelno > 31) continue; /* AFL test */
if((comp->dx << levelno) == 0) continue; /* AFL test */
if((comp->dy << levelno) == 0) continue; /* AFL test */
trx0 = opj_int_ceildiv(pi->tx0, (OPJ_INT32)(comp->dx << levelno));
try0 = opj_int_ceildiv(pi->ty0, (OPJ_INT32)(comp->dy << levelno));
trx1 = opj_int_ceildiv(pi->tx1, (OPJ_INT32)(comp->dx << levelno));
try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno));
rpx = res->pdx + levelno;
rpy = res->pdy + levelno;
if(rpx > 31 || rpy > 31) continue; /* AFL test */
if((comp->dx << rpx) == 0) continue; /* AFL test */
if((comp->dy << rpy) == 0) continue; /* AFL test */
if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
continue;
}
@ -612,6 +636,9 @@ static void opj_get_encoding_parameters( const opj_image_t *p_image,
OPJ_UINT32 l_product;
OPJ_INT32 l_tcx0, l_tcy0, l_tcx1, l_tcy1;
if(l_img_comp->dx == 0) continue; /* AFL test */
if(l_img_comp->dy == 0) continue; /* AFL test */
l_tcx0 = opj_int_ceildiv(*p_tx0, (OPJ_INT32)l_img_comp->dx);
l_tcy0 = opj_int_ceildiv(*p_ty0, (OPJ_INT32)l_img_comp->dy);
l_tcx1 = opj_int_ceildiv(*p_tx1, (OPJ_INT32)l_img_comp->dx);
@ -629,6 +656,9 @@ static void opj_get_encoding_parameters( const opj_image_t *p_image,
l_pdx = l_tccp->prcw[resno];
l_pdy = l_tccp->prch[resno];
if((l_pdx + l_tccp->numresolutions - 1 - resno) > 31) continue; /* AFL test */
if((l_pdy + l_tccp->numresolutions - 1 - resno) > 31) continue; /* AFL test */
l_dx = l_img_comp->dx * (1u << (l_pdx + l_tccp->numresolutions - 1 - resno));
l_dy = l_img_comp->dy * (1u << (l_pdy + l_tccp->numresolutions - 1 - resno));
@ -639,6 +669,9 @@ static void opj_get_encoding_parameters( const opj_image_t *p_image,
/* various calculations of extents */
l_level_no = l_tccp->numresolutions - 1 - resno;
if(l_level_no > 31) continue; /* AFL test */
if(l_pdx > 31 || l_pdy > 31) continue; /* AFL test */
l_rx0 = opj_int_ceildivpow2(l_tcx0, (OPJ_INT32)l_level_no);
l_ry0 = opj_int_ceildivpow2(l_tcy0, (OPJ_INT32)l_level_no);
l_rx1 = opj_int_ceildivpow2(l_tcx1, (OPJ_INT32)l_level_no);
@ -735,6 +768,8 @@ static void opj_get_all_encoding_parameters( const opj_image_t *p_image,
OPJ_INT32 l_tcx0, l_tcy0, l_tcx1, l_tcy1;
OPJ_UINT32 l_pdx, l_pdy , l_pw , l_ph;
if(l_img_comp->dx == 0 || l_img_comp->dy == 0) continue; /* AFL test */
lResolutionPtr = p_resolutions[compno];
l_tcx0 = opj_int_ceildiv(*p_tx0, (OPJ_INT32)l_img_comp->dx);

View File

@ -1162,7 +1162,7 @@ static OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2,
do {
/* Check possible overflow (on l_current_data only, assumes input args already checked) then size */
if ((((OPJ_SIZE_T)l_current_data + (OPJ_SIZE_T)l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
opj_event_msg(p_manager, EVT_ERROR, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
opj_event_msg(p_manager, EVT_ERROR, "1165:read: segment too long (%u) with max (%u) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
return OPJ_FALSE;
}
@ -1188,7 +1188,7 @@ static OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2,
#endif /* USE_JPWL */
/* Check possible overflow on size */
if ((l_cblk->data_current_size + l_seg->newlen) < l_cblk->data_current_size) {
opj_event_msg(p_manager, EVT_ERROR, "read: segment too long (%d) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
opj_event_msg(p_manager, EVT_ERROR, "1191:read: segment too long (%u) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
l_seg->newlen, l_cblk->data_current_size, 0xFFFFFFFF - l_seg->newlen, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
return OPJ_FALSE;
}

View File

@ -724,6 +724,10 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no,
for (compno = 0; compno < l_tile->numcomps; ++compno) {
/*fprintf(stderr, "compno = %d/%d\n", compno, l_tile->numcomps);*/
l_image_comp->resno_decoded = 0;
if(l_image_comp->dx == 0 || l_image_comp->dy == 0){ /* AFL test */
return OPJ_FALSE;
}
/* border of each l_tile component (global) */
l_tilec->x0 = opj_int_ceildiv(l_tile->x0, (OPJ_INT32)l_image_comp->dx);
l_tilec->y0 = opj_int_ceildiv(l_tile->y0, (OPJ_INT32)l_image_comp->dy);
@ -1366,6 +1370,7 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_tcd_t *p_tcd,
opj_tcd_resolution_t * l_res;
OPJ_UINT32 l_size_comp, l_remaining;
OPJ_UINT32 l_stride, l_width,l_height;
OPJ_UINT32 l_w0 = 0, l_h0 = 0;
l_data_size = opj_tcd_get_decoded_tile_size(p_tcd);
if (l_data_size > p_dest_length) {
@ -1383,6 +1388,16 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_tcd_t *p_tcd,
l_height = (OPJ_UINT32)(l_res->y1 - l_res->y0);
l_stride = (OPJ_UINT32)(l_tilec->x1 - l_tilec->x0) - l_width;
if(i == 0) { /* AFL test */
l_w0 = l_width; l_h0 = l_height;
}
else
if(l_w0 != l_width || l_h0 != l_height) { /* AFL test */
fprintf(stderr,"[ERROR] component[%u] w(%u) h(%u) vs. component[0] w(%u) h(%u)\n",
i,l_width,l_height,l_w0,l_h0);
return OPJ_FALSE;
}
if (l_remaining) {
++l_size_comp;
}