Commit Graph

314 Commits

Author SHA1 Message Date
Even Rouault e66125fe26
Merge pull request #1164 from sebras/master
openjp2/j2k: Report error if all wanted components are not decoded.
2019-09-03 17:03:54 +02:00
Young Xiao 3aef207f90 bmp_read_rle4_data(): avoid potential infinite loop 2019-04-15 16:10:18 +08:00
Young Xiao 21399f6b7d convertbmp: detect invalid file dimensions early
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.

This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.

See commit 8ee335227b for details.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
2019-04-15 16:10:18 +08:00
Even Rouault 25b815dc46
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
This reverts commit 05be308446.

This commit doesn't compile due to missing OPJ_UINT64 type
2019-03-29 10:44:35 +01:00
Sebastian Rasmussen b2751967ec openjp2/j2k: Report error if all wanted components are not decoded.
Previously the caller had to check whether each component data had
been decoded. This means duplicating the checking in every user of
openjpeg which is unnecessary. If the caller wantes to decode all
or a set of, or a specific component then openjpeg ought to error
out if it was unable to do so.

Fixes #1158.
2019-02-21 16:48:02 +08:00
Hugo Lefeuvre 8ee335227b convertbmp: detect invalid file dimensions early
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.

This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.

Fixes #1059 (CVE-2018-6616).
2018-12-14 05:10:35 +01:00
Even Rouault e7640f58f1
Merge pull request #1168 from Young-X/fix_dev
Fix multiple potential vulnerabilities and bugs
2018-12-07 21:27:38 +01:00
Young Xiao 05be308446 [JPWL] tgatoimage(): avoid excessive memory allocation attempt,
and fixes unaligned load

Signed-off-by: Young Xiao <YangX92@hotmail.com>
2018-11-28 14:44:06 +08:00
Young_X ce9583d1d7 [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
Even Rouault 2e5ab1d998
color_apply_icc_profile: avoid potential heap buffer overflow
Derived from a patch by Thuan Pham
2018-11-27 23:31:30 +01:00
Young_X 46822d0edd [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 17:08:57 +08:00
Young_X 619e1b086e [JPWL] fix CVE-2018-16375
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 17:08:56 +08:00
Even Rouault 92023cd6c3
Merge pull request #1160 from hlef/master
jp3d/jpwl convert: fix write stack buffer overflow
2018-11-16 09:42:19 +01:00
Hugo Lefeuvre cab352e249 jp2: convert: fix null pointer dereference
Tile components in a JP2 image might have null data pointer by defining a
zero component size (for example using large horizontal or vertical
sampling periods). This null data pointer leads to null image component
data pointer, causing crash when dereferenced without != null check in
imagetopnm.

Add != null check.

This commit addresses #1152 (CVE-2018-18088).
2018-11-07 18:53:18 +01:00
Hugo Lefeuvre 0bc90e4062 jp3d/jpwl convert: fix write stack buffer overflow
Missing buffer length formatter in fscanf call might lead to write
stack buffer overflow.

fixes #1044 (CVE-2017-17480)
2018-11-01 09:05:26 +01:00
Stefan Weil 948332e6ed Fix some potential overflow issues (#1161)
* Fix some potential overflow issues

Put sizeof to the beginning of the multiplication to enforce that
size_t instead of smaller integer types is used for the calculation.

This fixes warnings from LGTM:

    Multiplication result may overflow 'unsigned int'
    before it is converted to 'unsigned long'.

It also allows removing some type casts.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

* Fix code indentation

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-10-31 20:44:30 +01:00
Nikola Forró 943db0f1c2 Fix several memory and resource leaks
Signed-off-by: Nikola Forró <nforro@redhat.com>
2018-10-31 16:16:22 +01:00
Even Rouault 0e6a5553cf
Merge pull request #1148 from hlef/master
CVE-2018-5785: fix issues with zero bitmasks
2018-09-22 23:54:12 +02:00
Even Rouault aaf48ee6ba
Merge branch 'pr1095' 2018-09-22 23:12:50 +02:00
Karol Babioch cc3824767b
opj_mj2_extract: Check provided output prefix for length
This uses snprintf() with correct buffer length instead of sprintf(), which
prevents a buffer overflow when providing a long output prefix. Furthermore
the program exits with an error when the provided output prefix is too long.

Fixes #1088.
2018-09-22 23:12:39 +02:00
Even Rouault ee827ad3f3
Merge branch 'pr1107' 2018-09-22 23:05:54 +02:00
szukw000 1eb9a57ac1
opj_mj2_extract: Avoid segfault for long filenames 2018-09-22 23:05:38 +02:00
Even Rouault 17bbb0e23f
Merge pull request #1128 from stweil/typos
Fix some typos in code comments and documentation
2018-09-22 22:55:33 +02:00
Hugo Lefeuvre ca16fe5501 convertbmp: fix issues with zero bitmasks
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
with header size <= 56, all bitmask values keep their initialization
value 0. This may lead to various undefined behavior later e.g. when
doing 1 << (l_comp->prec - 1).

This issue does not affect files with bit count 16 because of a check
added in 16240e2 which sets default values to the color masks if they
are all 0.

This commit adds similar checks for the 32 bit case.

Also, if a BMP file declares compression 3 with header size >= 56 and
intentional 0 bitmasks, the same issue will be triggered in both the
16 and 32 bit count case.

This commit adds checks to bmp_read_info_header() rejecting BMP files
with "intentional" 0 bitmasks. These checks might be removed in the
future when proper handling of zero bitmasks will be available in
openjpeg2.

fixes #1057 (CVE-2018-5785)
2018-09-22 14:51:50 -04:00
Stefan Weil 3d6ffaf3f3 Fix some typos in code comments and documentation
All typos were found by Codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-09-05 20:01:10 +02:00
szukw000 98363e244e Changes in pnmtoimage if image data are missing 2018-08-31 16:24:41 +02:00
Even Rouault fd205f457b
opj_compress: try to make help message of -c switch clearer (fixes #1117) 2018-06-16 16:17:58 +02:00
Even Rouault 2c7eb4fed9 opj_compress: fix help message regarding default precinct size 2018-03-12 14:24:20 +01:00
Even Rouault e98d0a20f0
Merge pull request #1094 from kbabioch/fix/missing-format-string-parameter
mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
2018-03-04 23:16:04 +01:00
Even Rouault 31a347a9a0
Merge pull request #1096 from kbabioch/fix/opj_mj2_extract-help
opj_mj2_extract: Rename output_location to output_prefix
2018-03-04 23:13:45 +01:00
Karol Babioch e351c22ee8 jp3d: Replace sprintf() by snprintf() in volumetobin()
This replaces the unsafe sprintf() invocation by the safer snprintf()
one, with the correct buffer size to prevent buffer overflows.

This fixes #1085.
2018-03-03 10:11:39 +01:00
Karol Babioch db6841a099 opj_mj2_extract: Rename output_location to output_prefix
This renames the argument in the help output, as the latter better describes
the the purpose of this argument.
2018-03-02 15:19:21 +01:00
Karol Babioch d4d78272eb mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
This adds the appropriate variables to the invocation of fprintf(). They were
specified in the format string, but were missing in the actual call. This
fixes #1074 and #1075.
2018-03-02 14:03:08 +01:00
Stefan Weil 244f52483d jp3d: Convert ISO-8859 to UTF-8
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-02-25 18:25:51 +01:00
Stefan Weil 4841292b5d Fix resource leak (CID 179466)
Coverity report:

CID 179466 (#1 of 1): Resource leak (RESOURCE_LEAK)
93. leaked_storage: Variable name going out of scope leaks the storage it points to.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-12-15 16:49:33 +01:00
Andrew Murray 157a3d8408 Changed cmake version test to allow for cmake 2.8.11.x 2017-11-14 21:45:09 +11:00
Gregory Fiumara 10d22ec26d Add missing fclose() statement in error condition. 2017-10-20 15:31:45 -04:00
Even Rouault e8b6b54d1f opj_decompress -h: document -threads ALL_CPUS 2017-10-06 19:25:07 +02:00
Antonin Descampe d45ccb048b Merge pull request #1022 from rouault/partial_component_decoding
Add capability to decode only a subset of all components of an image.
2017-09-26 18:30:20 -03:00
Even Rouault 16b701659d opj_decompress: add a warning when -d and -t are used together (#693) 2017-09-20 01:06:02 +02:00
Even Rouault e17bbde906 opj_set_decoded_components(): add a provision for a apply_color_transforms parameter in case we support it in the future 2017-09-19 17:48:07 +02:00
Even Rouault 7e2b6bebff Add capability to decode only a subset of all components of an image.
This adds a opj_set_decoded_components(opj_codec_t *p_codec,
OPJ_UINT32 numcomps, const OPJ_UINT32* comps_indices) function,
and equivalent "opj_decompress -c compno[,compno]*" option.

When specified, neither the MCT transform nor JP2 channel transformations
will be applied.

Tests added for various combinations of whole image vs tiled-based decoding,
full or reduced resolution, use of decode area or not.
2017-09-19 17:06:19 +02:00
Even Rouault ce199f42e7 src/bin/jp3d/convert.c: add missing fclose() in error code path (#1018) 2017-09-19 12:48:12 +02:00
Even Rouault 968e36bbd9 Merge pull request #1010 from rouault/subtile_decoding_stage3
Subtile decoding: memory use reduction and perf improvements
2017-09-05 22:18:58 +02:00
Even Rouault 3a382d3123 opj_getopt.c: avoid crash on invalid input (#301) 2017-09-03 00:30:36 +02:00
Even Rouault 09929bb615 opj_compress help: revert 3257261776 and indicate 1 again as being the value to get lossless for -r. In opj_j2k_setup_encoder(), make sure that ll rates[] <= 1.0 are set to 0. Document 0 as being lossless for -q / tcp_distoratio (#1009) 2017-09-01 19:16:35 +02:00
Even Rouault 3257261776 opj_compress help: indicate 0 value, instead of 1, for -r parameter to get lossless encoding (#1009) 2017-09-01 17:33:23 +02:00
Even Rouault aa7198146b opj_compress: reorder checks related to code block dimensions, to avoid potential int overflow 2017-09-01 10:26:53 +02:00
Even Rouault 8f92fc9791 Make opj_set_decode_area() and opj_decode() take into account opj_set_decoded_resolution_factor() (#1006, affect API use)
* Better document usage of opj_set_decode_area(), ie expecting coordinates
  in full resolution/reference grid even if requesting at a lower resolution
  factor
* Make sure that image->comps[].factor is set by opj_set_decode_area() and
  opj_decode() from the value specified in opj_set_decoded_resolution_factor()
* opj_decompress: add 2 environmenet variables to test alternate ways of
  using the API, namely USE_OPJ_SET_DECODED_RESOLUTION_FACTOR=YES to use
  opj_set_decoded_resolution_factor() instead of parameters.cp_reduce, and
  SKIP_OPJ_SET_DECODE_AREA=YES to not call opj_set_decode_area() if -d is
  not specified.
2017-08-28 14:57:49 +02:00
Even Rouault 5146abc02e imagetopgx(): improve performance in 8 bit case (relates to broken.jpc test case) 2017-08-24 14:09:31 +02:00