width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
See commit 8ee335227b for details.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
Previously the caller had to check whether each component data had
been decoded. This means duplicating the checking in every user of
openjpeg which is unnecessary. If the caller wantes to decode all
or a set of, or a specific component then openjpeg ought to error
out if it was unable to do so.
Fixes#1158.
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
Fixes#1059 (CVE-2018-6616).
Tile components in a JP2 image might have null data pointer by defining a
zero component size (for example using large horizontal or vertical
sampling periods). This null data pointer leads to null image component
data pointer, causing crash when dereferenced without != null check in
imagetopnm.
Add != null check.
This commit addresses #1152 (CVE-2018-18088).
* Fix some potential overflow issues
Put sizeof to the beginning of the multiplication to enforce that
size_t instead of smaller integer types is used for the calculation.
This fixes warnings from LGTM:
Multiplication result may overflow 'unsigned int'
before it is converted to 'unsigned long'.
It also allows removing some type casts.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Fix code indentation
Signed-off-by: Stefan Weil <sw@weilnetz.de>
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
with header size <= 56, all bitmask values keep their initialization
value 0. This may lead to various undefined behavior later e.g. when
doing 1 << (l_comp->prec - 1).
This issue does not affect files with bit count 16 because of a check
added in 16240e2 which sets default values to the color masks if they
are all 0.
This commit adds similar checks for the 32 bit case.
Also, if a BMP file declares compression 3 with header size >= 56 and
intentional 0 bitmasks, the same issue will be triggered in both the
16 and 32 bit count case.
This commit adds checks to bmp_read_info_header() rejecting BMP files
with "intentional" 0 bitmasks. These checks might be removed in the
future when proper handling of zero bitmasks will be available in
openjpeg2.
fixes#1057 (CVE-2018-5785)
Coverity report:
CID 179466 (#1 of 1): Resource leak (RESOURCE_LEAK)
93. leaked_storage: Variable name going out of scope leaks the storage it points to.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
This adds a opj_set_decoded_components(opj_codec_t *p_codec,
OPJ_UINT32 numcomps, const OPJ_UINT32* comps_indices) function,
and equivalent "opj_decompress -c compno[,compno]*" option.
When specified, neither the MCT transform nor JP2 channel transformations
will be applied.
Tests added for various combinations of whole image vs tiled-based decoding,
full or reduced resolution, use of decode area or not.
* Better document usage of opj_set_decode_area(), ie expecting coordinates
in full resolution/reference grid even if requesting at a lower resolution
factor
* Make sure that image->comps[].factor is set by opj_set_decode_area() and
opj_decode() from the value specified in opj_set_decoded_resolution_factor()
* opj_decompress: add 2 environmenet variables to test alternate ways of
using the API, namely USE_OPJ_SET_DECODED_RESOLUTION_FACTOR=YES to use
opj_set_decoded_resolution_factor() instead of parameters.cp_reduce, and
SKIP_OPJ_SET_DECODE_AREA=YES to not call opj_set_decode_area() if -d is
not specified.
The number of components is given only by TIFFTAG_SAMPLESPERPIXEL / tiSpp.
Querying TIFFTAG_EXTRASAMPLES only give information about which channel is
the alpha channel, but we mostly ignore it for now, so remove that part of the
code.
42x Images with an odd x0/y0 lead to subsampled component starting at the
2nd column/line.
That is offset = comp->dx * comp->x0 - image->x0 = 1
Fix#726
The png format is also supported, so add it to the message.
Remove also the unneeded blank character before \n.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Fix this and other similar compiler warnings:
src/bin/jp2/convert.c: In function ‘tga_readheader’:
src/bin/jp2/convert.c:595:5: warning:
dereferencing type-punned pointer will break strict-aliasing rules
[-Wstrict-aliasing]
cmap_len = get_ushort(*(unsigned short*)(&tga[5]));
Signed-off-by: Stefan Weil <sw@weilnetz.de>
The static code analyzer cppcheck warns about unsigned integers
which use "%d" in the format string.
It also warns about an unneeded assignment.
Fix both issues.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
g++ complains about invalid conversions like these ones:
error: invalid conversion from ‘const char*’ to ‘char*’ [-fpermissive]
error: invalid conversion from ‘void*’ to ‘opj_precision* {aka opj_prec*}’ [-fpermissive]
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Even Rouault
Young Xiao
Sebastian Rasmussen
Hugo Lefeuvre
Even Rouault
Stefan Weil
Nikola Forró
szukw000
Andrew Murray
Antonin Descampe
Antonin Descampe
Russell McOrmond
Mathieu Malaterre
Matthieu Darbois
trylab
Julien Malik
julienmalik
ak-dxdy