Commit Graph

619 Commits

Author SHA1 Message Date
Even Rouault 3fbe713690 opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow (#854, CVE-2016-5152)
Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
2017-07-29 18:38:16 +02:00
Even Rouault db9ef99f6d opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487. Credit to OSS Fuzz 2017-07-29 16:34:35 +02:00
Even Rouault f6551f822f opj_t1_clbl_decode_processor(): avoid undefined behaviour if roishift >= 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2506. Credit to OSS Fuzz 2017-07-29 16:29:11 +02:00
Even Rouault 9906fbf737 Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz 2017-07-29 16:22:36 +02:00
Even Rouault 71b4f5b124 opj_pi_next_pcrl(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2787. Credit to OSS Fuzz 2017-07-29 15:52:11 +02:00
Even Rouault d6654d906c opj_int_ceildiv(): fix int32 overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2494. Credit to OSS Fuzz 2017-07-28 22:15:47 +02:00
Even Rouault 361c4506fd opj_tcd_dc_level_shift_decode(): avoid int overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2516. Credit to OSS Fuzz 2017-07-28 22:06:26 +02:00
Even Rouault 7bdbe490cb Fix null pointer dereference in opj_jp2_apply_pclr(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2558. Credit to OSS Fuzz 2017-07-28 21:55:22 +02:00
Even Rouault 16aeb9282f Fix null pointer dereference in opj_j2k_add_mct() (#895)
Fixes openjeg-crashes-2017-07-27/issue879-poc1.j2k of #895
2017-07-28 21:39:30 +02:00
Even Rouault c5bf5ef4d6 Avoid use-after-free when a MCT marker is found after a MCC one (#895)
Fixes openjeg-crashes-2017-07-27/issue880-poc2.j2k of #895
2017-07-28 21:29:55 +02:00
Even Rouault e03e947466 Avoid undefined shift behaviour if bit depth == 32 (#895)
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:003798,op:ext_AO,pos:128.jp2
2017-07-27 22:29:17 +02:00
Even Rouault 820fcfe8bb opj_j2k_update_image_data / opj_tcd_update_tile_data: fix unaligned load/store (#895)
When components don't have the same width, unaligned load/store are possible.

Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:001342,op:flip4,pos:162.jp2 of #895
2017-07-27 19:35:35 +02:00
Even Rouault 6c4e5bacb9 opj_pi_next_rpcl / opj_pi_next_pcrl / opj_pi_next_cprl: avoid int overflow (#895)
Fixes int overflow on openjeg-crashes-2017-07-27/id:000000,sig:08,src:000879,op:flip2,pos:128.jp2
2017-07-27 19:22:14 +02:00
Even Rouault 178194c093 opj_jp2_check_color(): replace assertion regarding mtyp by runtime check (#672, #895)
Fixes test case openjeg-crashes-2017-07-27/id:000000,sig:06,src:000001,op:flip1,pos:808.jp2
of #895
2017-07-27 18:52:35 +02:00
Even Rouault d6fa300997 Avoids undefined shift behaviour in m_dc_level_shift computation
Fixes warning found on clusterfuzz-testcase-minimized-5146316340461568
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2495

Credit to OSS Fuzz
2017-07-27 18:10:03 +02:00
Even Rouault a88cbb6a0b Fix various undefined shift behaviour in pi.c
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2496
Credit to OSS Fuzz
2017-07-26 22:53:59 +02:00
Even Rouault 6c5fe9407b Avoid potential undefined shift behaviour in opj_bio_read() from opj_t2_read_packet_header()
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2485
Credit to OSS Fuzz
2017-07-26 22:22:44 +02:00
Even Rouault 94c4b7300c T1 decoder: check code stream errors when predictable termination is enabled and emit a warning when errors are found 2017-07-26 21:43:32 +02:00
Even Rouault 5e795d90a1 Spelling fixes (patch by ka7, #890, rebased on top of master) 2017-07-26 21:06:38 +02:00
Even Rouault 8d2e69e37d Fix assertion / memory leak in opj_j2k_merge_ppt() on corrupted images (#939)
Fixes issue on id:000020,sig:06,src:001958,op:flip4,pos:149 that has two
SOT markers for the same tile with the same tile part number, causing
opj_j2k_merge_ppt() to be called several times.
2017-07-26 19:49:38 +02:00
Even Rouault 5c5319984b Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl, opj_pi_next_cprl (#938)
Fixes crash on id_000004,sig_06,src_000679,op_arith8,pos_49,val_-17
2017-07-26 18:05:56 +02:00
Even Rouault 80818c39f5 Avoid index out of bounds access to pi->include[] (#938)
Fix id:000098,sig:11,src:005411,op:havoc,rep:2 test case
2017-07-26 12:50:51 +02:00
Even Rouault d27ccf01c6 Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl and opj_pi_next_cprl (#938)
Fixes issues with id:000026,sig:08,src:002419,op:int32,pos:60,val:+32 and
id:000019,sig:08,src:001098,op:flip1,pos:49
2017-07-26 11:32:41 +02:00
Jeroen 90ced71601 install static libraries 2017-07-13 11:34:15 +02:00
Even Rouault 60f8ddf577 Comment fix 2017-07-06 12:11:37 +02:00
Even Rouault a38c4496b6 Remove unused m_DA_x0, m_DA_y0, m_DA_x1, m_DA_y1 members from opj_j2k_dec structure 2017-07-05 21:33:42 +02:00
Even Rouault c308de39ed opj_j2k_read_header_procedure(): validate marker size to avoid excessive memory allocation attempt 2017-07-03 14:33:57 +02:00
Even Rouault 5736b1a368 Merge pull request #954 from jeroen/static
build both shared and static library
2017-07-03 12:03:29 +02:00
Even Rouault 8fa405ee15 IDWT 5x3: fix bug in AVX2 implementation (#953, #957) 2017-06-30 00:03:05 +02:00
Even Rouault 533fa2fdee Merge pull request #957 from rouault/idwt_53_improvements
IDWT 5x3 single-pass lifting and SSE2/AVX2 implementation
2017-06-26 12:45:34 +02:00
Even Rouault 93aca84731 Fix mingw related warnings 2017-06-21 12:54:40 +02:00
Even Rouault cdd3e83bae Fix clang warning about extraneous parentheses 2017-06-21 12:49:01 +02:00
Even Rouault fd0dc535ad IDWT 5x3: generalize SSE2 version for AVX2
Thanks to our macros that abstract SSE use, the functions can use
AVX2 when available (at compile time)

This brings an extra 23% speed improvement on bench_dwt in 64bit builds
with AVX2 compared to SSE2.
2017-06-21 12:12:58 +02:00
Even Rouault f6e3475cc9 dwt.c: small cleanup 2017-06-21 01:07:56 +02:00
Even Rouault f06cfadef8 Enable __SSE__ / __SSE2__ with Visual Studio 2017-06-20 18:24:21 +02:00
Even Rouault fa55b52d19 Improve performance of inverse DWT 5x3 (#953)
* Use single-pass lifting inverse wavelet transform.
* For vertical pass, use SSE2 when available so as to process 8 columns
  in parallel. This is the most beneficial improvement, since the
  vertical pass involves a lot of cache trashing.

With the bench_dwt utility with default arguments (16383x16383 image),
time goes from 4.064 s to 1.212 s.
2017-06-20 18:01:34 +02:00
Even Rouault 919ed5f8b8 Add bench_dwt program (compiled only if BUILD_BENCH_DWT=ON) 2017-06-20 17:56:19 +02:00
Even Rouault 8df2521a60 Remove OPJ_NOSANITIZE in opj_bio_read() and opj_bio_write() (#761)
Commit 29313eb5 introduced those flags to avoid issues with
-fsanitize=unsigned-integer-overflow
However it is better just to rewrite the loop to avoid such condition
to occur.
2017-06-17 19:15:00 +02:00
Even Rouault 32b20b93e0 Fix astyle issue 2017-06-17 16:37:56 +02:00
Even Rouault cc07aec6c7 Fix warnings with recent GCC versions 2017-06-17 14:09:31 +02:00
Jeroen Ooms a0839cca24 only build both static and dynamic on non-windows 2017-06-16 13:58:25 +02:00
Jeroen Ooms 1329b3240a build both shared and static library 2017-06-16 13:27:19 +02:00
Even Rouault 9cbc9903c3 Merge branch 't1_flag_optimizations' 2017-06-13 12:09:52 +02:00
Even Rouault 2609fb8077 Packet header writing: set empty packet header bit to 0 when appropriate (small optimization) 2017-06-12 18:38:11 +02:00
Even Rouault 73d1510d47 Encoder: fix packet writing of empty sub-bands (#891, #892)
There are situations where, given a tile size, at a resolution level,
there are sub-bands with x0==x1 or y0==y1, that consequently don't have any
valid codeblocks, but the other sub-bands may be non-empty.
Given that we recycle the memory from one tile to another one, those
ghost codeblocks might be non-0 and thus candidate for packet inclusion.
2017-06-12 18:37:50 +02:00
Even Rouault 81c5311758 T1: fix BYPASS/LAZY, TERMALL/RESTART and PTERM/ERTERM encoding modes. (#674)
There were a number of defects regarding when and how the termination of
passes had to done and the computation of their rate.
2017-06-09 10:49:03 +02:00
Even Rouault 9a9b06911e opj_t1_dec_sigpass_raw/opj_t1_dec_refpass_raw: harmonize style with mqc methods 2017-06-02 19:22:15 +02:00
Even Rouault 532243f1fd MQC/RAW decoder: use an artificial 0xFF 0xFF terminating marker.
This saves comparing the current pointer with the end of buffer pointer.
This results at least in tiny speed improvement for raw decoding, and
smaller code size for MQC as well.

This kills the remains of the raw.h/.c files that were only used for
decoding. Encoding using the mqc structure already.
2017-06-02 18:24:07 +02:00
Even Rouault 9b39fc4bcc Fix documentation of opj_t1_decode_cblks() 2017-06-02 18:23:49 +02:00
Even Rouault dde6cbabc0 Simplify VSC handling: instead of masking out bits when reading the 4th row.
Do not set them when updating flags of the 1st row
2017-06-02 18:23:38 +02:00