Commit Graph

3005 Commits

Author SHA1 Message Date
Mark Mentovai 093ccb0ecd openjp2/j2k: replace sprintf calls with snprintf
This makes it possible to build j2k.c without warnings using the macOS
13 SDK. Calls to sprintf are replaced with snprintf, passing appropriate
buffer sizes.

It doesn’t appear that any of the changed uses of sprintf were actually
unsafe, so no behavior change is expected aside from SDK compatibility.

The macOS 13 SDK deprecates sprintf as it’s difficult to use safely. The
deprecation warning message is visible when building C++, but it is not
normally visible when building plain C code due to a quirk in how
sprintf is declared in the SDK. However, the deprecation message is
visible when building plain C under Address Sanitizer
(-fsanitize=address). This discrepancy was discovered at
https://crbug.com/1381706 and reported to Apple with a copy at
https://openradar.appspot.com/FB11761475.

The macOS 13 SDK is packaged in Xcode 14.1, released on 2022-11-01. This
also affects the iOS 16 SDK and other 2022-era Apple OS SDKs packaged in
Xcode 14.0, released on 2022-09-12.

j2k.c is visible to the Chromium build via PDFium, and this change is
needed to allow Chromium to move forward to the macOS 13 SDK.

This change is limited to src/lib/openjp2. Other uses of sprintf were
found throughout openjpeg.
2022-11-07 09:54:52 -05:00
Even Rouault 2d606701e8
Merge pull request #1448 from rouault/fix_1447
Fix incorrect decoding of image with large number of progression levels
2022-10-19 13:57:31 +02:00
Even Rouault 6ab3ca69fd
Fix incorrect decoding of image with large number of progression levels
Fixes regression introduced per d27ccf01c6

Fixes #1447
2022-10-18 23:03:05 +02:00
Aleks L be95561917
Fix Heap-buffer-overflow READ in opj_jp2_apply_pclr (#1441)
The issue was found while fuzzing opencv:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47342

The read overflow triggered by reading `src[j]` in
```cpp
            for (j = 0; j < max; ++j) {
                dst[j] = src[j];
            }
```
The max is calculated as `new_comps[pcol].w * new_comps[pcol].h`, however the `src = old_comps[cmp].data;` which may have different `w` and `h` dimensions.
2022-08-12 15:48:41 +02:00
Even Rouault 49fea5c45e
Merge pull request #1440 from rouault/rate_alloc_speedup
Significant speed-up rate allocation by rate/distoratio ratio
2022-08-12 11:55:38 +02:00
Aous Naman 4da04cd3e8
Replace the assert in mel_init to an if statement to address an issue with fuzzing. (#1436)
Modified the mel_init code to replace the assert statement with an if statement, returning false when an incorrect sequence of bytes are encountered in the MEL segment.  Similar code should be added to the main MEL decoding subrountine, but the change is more involved; in any case, an incorrect sequence produces incorrect results, but should not be harmful or cause a crash.
2022-08-11 18:29:40 +02:00
Even Rouault c06632c6f6
Cleanup code related to quality layer allocation, and add a few safety checks 2022-08-11 18:12:07 +02:00
Even Rouault 3d9bcd3753
Significant speed-up rate allocation by rate/distoratio ratio
- Avoid doing 128 iterations all the time, and stop when the threshold
  doesn't vary much
- Avoid calling costly opj_t2_encode_packets() repeatdly when bisecting the
  layer ratio if the truncation points haven't changed since the last
  iteration.

When used with the GDAL gdal_translate application to convert a 11977 x
8745 raster with data type UInt16 and 8 channels, the conversion time
to JPEG2000 with 20 quality layers using disto/rate allocation (
-co "IC=C8" -co "JPEG2000_DRIVER=JP2OPENJPEG" -co "PROFILE=NPJE_NUMERICALLY_LOSSLESS"
creation options of the GDAL NITF driver) goes from 5m56 wall clock
(8m20s total, 12 vCPUs) down to 1m16 wall clock (3m45 total).
2022-08-11 18:06:50 +02:00
Even Rouault e9fc08a52a
Micro-optimization: use directly opj_bio_putbit() instead of opj_bio_write() to emit single bit 2022-08-11 16:41:57 +02:00
Even Rouault 59fb7ea736
Merge pull request #1439 from arichardson/relocatable-cmake-config
Make OpenJPEGConfig.cmake relocatable with CMake > 3.0
2022-08-11 14:49:36 +02:00
Alex Richardson c6ceb84c22 Make OpenJPEGConfig.cmake relocatable with CMake > 3.0
Using CMakePackageConfigHelpers, we can generate a relocatable
OpenJPEGConfig.config, using the PATH_VARS feature to make
CMAKE_INSTALL_LIBDIR relative to the installed location.
This change is needed for me when cross-compiling since
CMAKE_INSTALL_FULL_LIBDIR is a path inside the sysroot rather than
an absolute path to the actual includes. Without this change poppler
ends up passing a -I flag that does not exist.

This includes fallback code for CMake 2.8, which adds a bit of complexity,
since I'm not sure if raising the minimum to 3.0 (now over 8 years old)
is acceptable.
2022-08-11 12:13:18 +00:00
Thomas Bracht Laumann Jespersen c7bccf0515
CMake: switch to GNUInstallDirs (#1424)
* Add GNUInstallDirs for standard installation directories

Distributions are given standard variables for already existing hooks.
Multiarch libdirs is taken care of automagically.
Raises minimum cmake version by a little.

* Handle CMAKE_INSTALL_xxx being absolute paths for .pc file generation

In some cases the CMAKE_INSTAL_{BIN,MAN,DOC,LIB,INCLUDE}DIR variables
may turn out to be absolute paths in which case prepending ${prefix} in
the pkg-config .pc files will result in incorrect values.

For .pc file generation, figure out if these variables are absolute and
omit the prefix in the configured file when so.

See: ab25e4b7ed
2022-08-07 16:42:01 +02:00
Even Rouault e3f07dcc07
Merge pull request #1433 from rouault/fix_1432
opj_t1_encode_cblk(): avoid undefined behaviour on fuzzed input (fixes #1432)
2022-06-30 12:57:39 +02:00
Even Rouault dd1a2d6480
opj_t1_encode_cblk(): avoid undefined behaviour on fuzzed input (fixes #1432) 2022-06-29 11:47:58 +02:00
Even Rouault ca74961656
Merge pull request #1431 from rouault/fix_1430
Build: fix linking of executables on some systems where TIFF/LCMS2 static libraries are not in system directories (fixes #1430)
2022-06-27 23:21:58 +02:00
Even Rouault 338246278a
Build: fix linking of executables on some systems where TIFF/LCMS2 static libraries are not in system directories (fixes #1430)
Note that the fix might be partial only for static-only builds (cf
comments)

Ammends PR #866 and #867
2022-06-27 12:03:45 +02:00
Yuan 0535bfc3b7
HT_DEC: Fix opj_t1_allocate_buffers malloc size error (#1426) (fixes #1413) 2022-05-31 11:55:12 +02:00
Even Rouault 5292728740
Merge pull request #1423 from Neumann-A/patch-1
Fix windows arm builds
2022-05-16 23:35:22 +02:00
Even Rouault 86ae7d80bf
Merge pull request #1421 from Biswa96/pkgconf-static
pkgconfig: Define OPJ_STATIC for static linking with pkgconf
2022-05-16 23:25:54 +02:00
Alexander Neumann 098bb874db
Fix windows arm builds 2022-05-16 23:10:26 +02:00
Biswapriyo Nath 17d1bc7f1a pkgconfig: Define OPJ_STATIC for static linking with pkgconf
allows for the usage of $(pkgconf --static --cflags libopenjp2) to produce
the proper CFLAGS for static linking. Relies on pkgconf rather than pkg-config
2022-05-15 18:11:50 +05:30
Even Rouault 46b42b616d
HOWTO-RELEASE: update 2022-05-13 20:17:50 +02:00
Even Rouault e29604cfca
abi_check.sh: comment OPJ_PREVIOUS_VERSION 2022-05-13 20:17:42 +02:00
Even Rouault 77e391cfe6
update tools/abi-tracker/openjpeg.json 2022-05-13 19:13:11 +02:00
Even Rouault 7065d2cd3f
abi_check.sh: Update version number for automatic abi check 2022-05-13 19:02:54 +02:00
Even Rouault a5891555eb
Prepare for 2.5.0 release 2022-05-13 18:54:29 +02:00
Navidem cf90ff0c57
Separate fuzz targets to increase coverage (#1416) 2022-05-13 18:18:47 +02:00
Even Rouault a13f979348
Merge pull request #1386 from DavidKorczynski/cifuzz
CI: Add CIFuzz action
2022-05-13 17:58:38 +02:00
Even Rouault 76c6a25726
opj_compress.c: usage formatting fix 2022-05-08 19:45:53 +02:00
Even Rouault 576f72112e
Merge pull request #1418 from LongerVision/master
Java Support 1.8 now...
2022-05-07 11:52:20 +02:00
Even Rouault 30e7c88bdf
Merge pull request #1419 from rouault/fix_ci
tools/travis-ci/install.sh: git clone with https:// to fix 'The unaut…
2022-05-07 11:52:09 +02:00
Even Rouault ef36cd015e
Rename knownfailures-Ubuntu20.04-gcc9.3.0-x86_64-Release-3rdP.txt to knownfailures-Ubuntu20.04-gcc9.4.0-x86_64-Release-3rdP.txt 2022-05-07 11:14:52 +02:00
Even Rouault f7b5310e66
.github/workflows/build.yml: force use of windows-2019 VM 2022-05-07 11:05:04 +02:00
Even Rouault af4fd8d317
tools/travis-ci/install.sh: git clone with https:// to fix 'The unauthenticated git protocol on port 9418 is no longer supported.' 2022-05-07 10:55:00 +02:00
Even Rouault 7b474e6d81
Merge pull request #1410 from rouault/fix_1404
CMakeLists.txt: do not set INSTALL_NAME_DIR for MacOS builds for CMake >= 3.0 (fixes #1404)
2022-05-07 10:23:26 +02:00
Pei Jia 3ac495c7fc JAVA_SOURCE_VERSION from 1.6 to 1.8 2022-05-06 18:27:27 -07:00
Even Rouault e33944ea9e
CMakeLists.txt: do not set INSTALL_NAME_DIR for MacOS builds for CMake >= 3.0 (fixes #1404) 2022-02-13 10:42:47 +01:00
Even Rouault 6a29f5a9e3
opj_j2k_decode_tile(): avoid 'Stream too short' error in non-strict mode 2022-02-10 15:50:07 +01:00
Even Rouault 3837ff1b1a
Merge pull request #1408 from rouault/fix_ossfuzz_44544
Avoid integer overflows in DWT. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44544
2022-02-10 15:13:49 +01:00
Even Rouault 1462e9403f
Avoid integer overflows in DWT. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44544 2022-02-10 14:30:13 +01:00
Robert Gabriel Jakabosky 883c31dbe0
Add support for partial bitstream decoding (#1407) (fixes #715)
Add a -allow-partial option to opj_decompress utility and a opj_decoder_set_strict_mode() option to the API

Co-authored-by: Chris Hafey <chafey@gmail.com>
2022-02-10 14:27:17 +01:00
Even Rouault 99d555c0f1
Add .github/ISSUE_TEMPLATE.md 2022-01-26 21:52:40 +01:00
Even Rouault a5c95cfe26
Merge pull request #1403 from rouault/configure_guard_bits
opj_encoder_set_extra_options(): add a GUARD_BITS=value option
2022-01-24 12:00:46 +01:00
Even Rouault 1de5fc6c51
opj_encoder_set_extra_options(): add a GUARD_BITS=value option
and add a -GuardBits option to opj_compress.

The recently-released SMPTE DCP Bv2.1 Application Profile (link below)
says that the number of guard bits in the QCD marker shall be 1 for 2K
content and 2 for 4K content. This change allows the number of guard bits
to be configured, so that users of openjpeg have the control they need to meet the specification.

https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9161348

This is an alternative implementation of https://github.com/uclouvain/openjpeg/pull/1388
that keeps ABI unchanged.
2022-01-23 17:54:44 +01:00
Eric Harvey 241e9e8efe
Fix potential overflow related issues spotted by LGTM code analysis (#1402) 2022-01-18 21:55:10 +01:00
Even Rouault d87fd9279a
Merge pull request #1401 from rouault/fix_1399
opj_j2k_setup_encoder(): validate number of tiles to avoid illegal values and potential overflow (fixes #1399)
2022-01-18 17:22:44 +01:00
Even Rouault 70f5e0a0df
opj_j2k_setup_encoder(): validate number of tiles to avoid illegal values and potential overflow (fixes #1399) 2022-01-18 15:44:18 +01:00
Eric Harvey a1eec9c49e
Fix unsigned vs OPJ_INT32 mismatches (#1398) 2022-01-16 18:54:00 +01:00
Eharve14 6e4588f379
Added check for integer overflow in get_num_images (#1397)
As discussed in pull request 1396, added a check for integer overflow.
Change list:
Defined num_images as unsigned int
Moved the if statement to check for an empty directory to the beginning of the read directory section
Added a check to see if num images would roll back to zero when incrementing.
2022-01-15 15:33:03 +01:00
Eharve14 1daaa0b909
Avoid overflow in multiplications in utilities related to big number of files in a directory (CVE-2021-29338) (#1396) 2022-01-13 21:05:52 +01:00