From dfcb75167cdab111b2c43672b2a124bbd5407448 Mon Sep 17 00:00:00 2001 From: hw Date: Thu, 22 Mar 2018 14:56:33 +0100 Subject: [PATCH] Fixes after code review by rouault. --- src/lib/openjp2/jp2.c | 45 ++++++++++++++++++++++++++++++++------ src/lib/openjp2/openjpeg.c | 6 ----- src/lib/openjp2/openjpeg.h | 12 +--------- 3 files changed, 39 insertions(+), 24 deletions(-) diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c index 48fa5dca..51498431 100644 --- a/src/lib/openjp2/jp2.c +++ b/src/lib/openjp2/jp2.c @@ -2675,10 +2675,20 @@ static OPJ_BOOL opj_jp2_read_asoc( opj_jp2_t *jp2, assert(p_header_data != 00); assert(p_manager != 00); + if (p_header_size < 8) { + opj_event_msg(p_manager, EVT_ERROR, "Cannot handle ASOC box of less than 8 bytes\n"); + return OPJ_FALSE; + } + opj_read_bytes(p_header_data,&asoc_size,4); p_header_data += 4; p_header_size -= 4; + if (p_header_size < asoc_size) { + opj_event_msg(p_manager, EVT_ERROR, "ASOC super box is smaller than containing sub box\n"); + return OPJ_FALSE; + } + opj_read_bytes(p_header_data,&label_tag,4); p_header_data += 4; p_header_size -= 4; @@ -2691,24 +2701,33 @@ static OPJ_BOOL opj_jp2_read_asoc( opj_jp2_t *jp2, } if ( jp2->numasoc == 0 ) { + /* Create a first asoc */ jp2->numasoc = 1; jp2->asoc = opj_malloc(sizeof(opj_jp2_asoc_t)); } else { + /* Add an asoc to existing ones */ (jp2->numasoc)++; jp2->asoc = opj_realloc(jp2->asoc, jp2->numasoc * sizeof(opj_jp2_asoc_t)); } + asoc = &(jp2->asoc[jp2->numasoc-1]); asoc->level = jp2->numasoc-1; /* TODO: This is not correct if a parent asoc contains multiple child asocs! */ - asoc->label_length = asoc_size; + asoc->label_length = asoc_size+1; asoc->label = opj_malloc(asoc_size); memcpy(asoc->label, p_header_data, asoc_size); + asoc->label[asoc->label_length-1] = '\0'; /* NULL terminated label string */ asoc->xml_buf = 00; asoc->xml_len = 0; p_header_data += asoc_size; p_header_size -= asoc_size; + if (p_header_size < 4) { + opj_event_msg(p_manager, EVT_ERROR, "Cannot handle ASOC sub box of less than 4 bytes\n"); + return OPJ_FALSE; + } + opj_read_bytes(p_header_data,&asoc_tag,4); p_header_data += 4; p_header_size -= 4; @@ -2723,18 +2742,20 @@ static OPJ_BOOL opj_jp2_read_asoc( opj_jp2_t *jp2, break; case JP2_XML: { - asoc->xml_len = p_header_size; + asoc->xml_len = p_header_size+1; asoc->xml_buf = opj_malloc(p_header_size); memcpy( asoc->xml_buf, p_header_data, p_header_size ); + asoc->xml_buf[asoc->xml_len-1] = '\0'; } break; default: { /* Copy the unknown data for external handling. NOTE: This is not tested, but does the same as if an XML tag was found.*/ - asoc->xml_len = p_header_size; + asoc->xml_len = p_header_size+1; asoc->xml_buf = opj_malloc(p_header_size); memcpy( asoc->xml_buf, p_header_data, p_header_size ); + asoc->xml_buf[asoc->xml_len-1] = '\0'; } } @@ -3375,10 +3396,20 @@ OPJ_BOOL jp2_copy_asoc_data( opj_jp2_t* p_jp2, opj_codestream_info_v2_t* p_info to_asoc->level = asoc->level; to_asoc->label_length = asoc->label_length; to_asoc->xml_len = asoc->xml_len; - to_asoc->label = opj_malloc( to_asoc->label_length ); - memcpy(to_asoc->label, asoc->label, to_asoc->label_length); - to_asoc->xml_buf = opj_malloc( to_asoc->xml_len); - memcpy(to_asoc->xml_buf, asoc->xml_buf, to_asoc->xml_len); + if (asoc->label_length && asoc->label) { + to_asoc->label = opj_malloc( to_asoc->label_length ); + memcpy(to_asoc->label, asoc->label, to_asoc->label_length); + } + else { + to_asoc->label = 00; + } + if (asoc->xml_len && asoc->xml_buf) { + to_asoc->xml_buf = opj_malloc( to_asoc->xml_len); + memcpy(to_asoc->xml_buf, asoc->xml_buf, to_asoc->xml_len); + } + else { + to_asoc->xml_buf = 00; + } } return OPJ_TRUE; diff --git a/src/lib/openjp2/openjpeg.c b/src/lib/openjp2/openjpeg.c index 2c35ec4d..5c890f05 100644 --- a/src/lib/openjp2/openjpeg.c +++ b/src/lib/openjp2/openjpeg.c @@ -1093,12 +1093,6 @@ opj_stream_t* OPJ_CALLCONV opj_stream_create_file_stream( return l_stream; } - -OPJ_OFF_T opj_stream_skip_api(opj_stream_t * p_stream, OPJ_OFF_T p_size) -{ - opj_stream_private_t* l_stream = (opj_stream_private_t*) p_stream; - return l_stream->m_opj_skip(l_stream, p_size, NULL); -} void* OPJ_CALLCONV opj_image_data_alloc(OPJ_SIZE_T size) { diff --git a/src/lib/openjp2/openjpeg.h b/src/lib/openjp2/openjpeg.h index 2c15d28b..a903ec09 100644 --- a/src/lib/openjp2/openjpeg.h +++ b/src/lib/openjp2/openjpeg.h @@ -1205,17 +1205,7 @@ OPJ_API void OPJ_CALLCONV opj_stream_set_skip_function(opj_stream_t* p_stream, * @param p_function the function to use a skip function. */ OPJ_API void OPJ_CALLCONV opj_stream_set_seek_function(opj_stream_t* p_stream, - opj_stream_seek_fn p_function); - - /** - * Skips a number of bytes from the stream. - * @param p_stream the stream to skip data from. - * @param p_size the number of bytes to skip. - * @param p_event_mgr the user event manager to be notified of special events. - * @return the number of bytes skipped, or -1 if an error occurred. - */ -OPJ_API OPJ_OFF_T OPJ_CALLCONV opj_stream_skip_api(opj_stream_t * p_stream, OPJ_OFF_T p_size); - + opj_stream_seek_fn p_function); /** * Sets the given data to be used as a user data for the stream.