Commit Graph

1137 Commits

Author SHA1 Message Date
Hugo Lefeuvre 0bc90e4062 jp3d/jpwl convert: fix write stack buffer overflow
Missing buffer length formatter in fscanf call might lead to write
stack buffer overflow.

fixes #1044 (CVE-2017-17480)
2018-11-01 09:05:26 +01:00
Stefan Weil 948332e6ed Fix some potential overflow issues (#1161)
* Fix some potential overflow issues

Put sizeof to the beginning of the multiplication to enforce that
size_t instead of smaller integer types is used for the calculation.

This fixes warnings from LGTM:

    Multiplication result may overflow 'unsigned int'
    before it is converted to 'unsigned long'.

It also allows removing some type casts.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

* Fix code indentation

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-10-31 20:44:30 +01:00
Nikola Forró 943db0f1c2 Fix several memory and resource leaks
Signed-off-by: Nikola Forró <nforro@redhat.com>
2018-10-31 16:16:22 +01:00
Even Rouault cd900d9661
opj_thread_pool_setup(): fix infinite waiting if a thread creation failed 2018-10-18 11:45:45 +02:00
Even Rouault 0e6a5553cf
Merge pull request #1148 from hlef/master
CVE-2018-5785: fix issues with zero bitmasks
2018-09-22 23:54:12 +02:00
Even Rouault 8fc09e50e5
opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125) 2018-09-22 23:47:56 +02:00
Even Rouault aaf48ee6ba
Merge branch 'pr1095' 2018-09-22 23:12:50 +02:00
Karol Babioch cc3824767b
opj_mj2_extract: Check provided output prefix for length
This uses snprintf() with correct buffer length instead of sprintf(), which
prevents a buffer overflow when providing a long output prefix. Furthermore
the program exits with an error when the provided output prefix is too long.

Fixes #1088.
2018-09-22 23:12:39 +02:00
Even Rouault ee827ad3f3
Merge branch 'pr1107' 2018-09-22 23:05:54 +02:00
szukw000 1eb9a57ac1
opj_mj2_extract: Avoid segfault for long filenames 2018-09-22 23:05:38 +02:00
Even Rouault 5d94bcd89c
Merge pull request #1136 from reverson/master
Cast on uint ceildiv
2018-09-22 22:59:36 +02:00
Even Rouault b54c06fb35
Merge pull request #1119 from stweil/ssize_t
Use local type declaration for POSIX standard type only for MS compiler
2018-09-22 22:59:17 +02:00
Even Rouault 17bbb0e23f
Merge pull request #1128 from stweil/typos
Fix some typos in code comments and documentation
2018-09-22 22:55:33 +02:00
Even Rouault c6ee006250
Merge pull request #1141 from szukw000/changes-in-pnmtoimage
Changes in pnmtoimage if image data are missing
2018-09-22 22:47:27 +02:00
Hugo Lefeuvre ca16fe5501 convertbmp: fix issues with zero bitmasks
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
with header size <= 56, all bitmask values keep their initialization
value 0. This may lead to various undefined behavior later e.g. when
doing 1 << (l_comp->prec - 1).

This issue does not affect files with bit count 16 because of a check
added in 16240e2 which sets default values to the color masks if they
are all 0.

This commit adds similar checks for the 32 bit case.

Also, if a BMP file declares compression 3 with header size >= 56 and
intentional 0 bitmasks, the same issue will be triggered in both the
16 and 32 bit count case.

This commit adds checks to bmp_read_info_header() rejecting BMP files
with "intentional" 0 bitmasks. These checks might be removed in the
future when proper handling of zero bitmasks will be available in
openjpeg2.

fixes #1057 (CVE-2018-5785)
2018-09-22 14:51:50 -04:00
Stefan Weil 31a03b390a openjp2/jp2: Fix two format strings
Compiler warnings:

src/lib/openjp2/jp2.c:1008:35: warning:
 too many arguments for format [-Wformat-extra-args]
src/lib/openjp2/j2k.c:1928:73: warning:
 format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘OPJ_OFF_T {aka long int}’ [-Wformat=]

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-09-05 21:52:43 +02:00
Stefan Weil 3d6ffaf3f3 Fix some typos in code comments and documentation
All typos were found by Codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-09-05 20:01:10 +02:00
szukw000 98363e244e Changes in pnmtoimage if image data are missing 2018-08-31 16:24:41 +02:00
Robert Everson 0fa7ebe254 Cast on uint ceildiv 2018-08-27 15:28:53 -07:00
Even Rouault 0c913b0aba
Avoid assertion when running opj_j2k_merge_ppt() several time due to e6674f7ed66abdb32a0be5944f618722b6a7b5d5 revert. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785 2018-06-20 15:12:47 +02:00
Even Rouault 832dfd1866
Revert "Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz" (fixes #1120)
This reverts commit 9906fbf737.
which broke decoding of images where TNsot == 0
2018-06-20 14:54:20 +02:00
Stefan Weil 4aaf52ec8d Use local type declaration for POSIX standard type only for MS compiler
ssize_t is a POSIX type which is declared in POSIX include files.
Mingw-w64 provides it also for Windows.

Use the local declaration only with MS compilers.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-06-18 14:48:08 +02:00
Even Rouault fd205f457b
opj_compress: try to make help message of -c switch clearer (fixes #1117) 2018-06-16 16:17:58 +02:00
Even Rouault 2c7eb4fed9 opj_compress: fix help message regarding default precinct size 2018-03-12 14:24:20 +01:00
Even Rouault e98d0a20f0
Merge pull request #1094 from kbabioch/fix/missing-format-string-parameter
mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
2018-03-04 23:16:04 +01:00
Even Rouault 31a347a9a0
Merge pull request #1096 from kbabioch/fix/opj_mj2_extract-help
opj_mj2_extract: Rename output_location to output_prefix
2018-03-04 23:13:45 +01:00
Karol Babioch e351c22ee8 jp3d: Replace sprintf() by snprintf() in volumetobin()
This replaces the unsafe sprintf() invocation by the safer snprintf()
one, with the correct buffer size to prevent buffer overflows.

This fixes #1085.
2018-03-03 10:11:39 +01:00
Karol Babioch db6841a099 opj_mj2_extract: Rename output_location to output_prefix
This renames the argument in the help output, as the latter better describes
the the purpose of this argument.
2018-03-02 15:19:21 +01:00
Karol Babioch d4d78272eb mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
This adds the appropriate variables to the invocation of fprintf(). They were
specified in the format string, but were missing in the actual call. This
fixes #1074 and #1075.
2018-03-02 14:03:08 +01:00
Stefan Weil b49fa93aa7 openjp3d: Convert ISO-8859 to UTF-8
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-02-25 18:27:01 +01:00
Stefan Weil 244f52483d jp3d: Convert ISO-8859 to UTF-8
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-02-25 18:25:51 +01:00
Even Rouault 90b1bffa7e
Merge pull request #1080 from setharnold/patch-1
fix unchecked integer multiplication overflow
2018-02-25 18:21:23 +01:00
Even Rouault 06f7d41243 bench_dwt: fix wrong index in iteration (issue found by Fethi Migaou) 2018-02-18 14:38:16 +01:00
setharnold 24d08ff94a
fix unchecked integer multiplication overflow
Hello, this fixes an unchecked integer multiplication overflow. Thanks.
2018-02-14 17:46:38 -08:00
Even Rouault da5e897232 Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions. Credit to Google Autofuzz project for providing test case 2018-02-11 13:31:04 +01:00
Campbell Barton 6941bc67cf
Note that seek uses SEEK_SET behavior. 2018-01-18 15:16:03 +11:00
Even Rouault 07d526e4cb opj_t2_encode_packet(): disable setting empty packet header bit to 1 when there is an empty packet
This effectively reverts commit 2609fb8077
since it has been reported that
such packets cause decoding issues with cinema J2K hardware
decoders: https://groups.google.com/forum/#!topic/openjpeg/M7M_fLX_Bco
2018-01-08 09:38:44 +01:00
Stefan Weil 4841292b5d Fix resource leak (CID 179466)
Coverity report:

CID 179466 (#1 of 1): Resource leak (RESOURCE_LEAK)
93. leaked_storage: Variable name going out of scope leaks the storage it points to.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-12-15 16:49:33 +01:00
Even Rouault 98cfdd3134 opj_j2k_read_cod: remove check for 'No more than one COD marker per tile' (fixes #1043)
This check was added per daed8cc919
to fix https://github.com/uclouvain/openjpeg/issues/476 , but it does not seem
to be necessary with latest master (issue476.jp2 doesn't cause memory issues),
and breaks reading legit files.
2017-11-30 14:48:34 +01:00
Even Rouault 936910cf7a Fix typo in comments 2017-11-30 14:26:17 +01:00
Andrew Murray 157a3d8408 Changed cmake version test to allow for cmake 2.8.11.x 2017-11-14 21:45:09 +11:00
Gregory Fiumara 10d22ec26d Add missing fclose() statement in error condition. 2017-10-20 15:31:45 -04:00
Even Rouault be6ea90e13 opj_j2k_set_threads(): add sanity check to error out if called after opj_read_header() 2017-10-12 01:16:23 +02:00
Even Rouault b8bf9bf789 Improve doc of opj_codec_set_threads() 2017-10-12 01:05:04 +02:00
Even Rouault 66297f07a4 Unix build: fix regression of 2.3.0 where a shared-only or static-only build lacks the installation target for the library (#1019, fixes regression introduced by 3dfc6ca2bc) 2017-10-09 11:40:43 +02:00
Even Rouault e8b6b54d1f opj_decompress -h: document -threads ALL_CPUS 2017-10-06 19:25:07 +02:00
Antonin Descampe d45ccb048b Merge pull request #1022 from rouault/partial_component_decoding
Add capability to decode only a subset of all components of an image.
2017-09-26 18:30:20 -03:00
Stefan Weil f92d30f9e7 Add missing newline at end of file
This fixes warnings from the clang compiler:

/openjpeg/src/lib/openjp2/sparse_array.h:141:32: warning:
 no newline at end of file [-Wnewline-eof]

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-09-21 17:37:07 +02:00
Even Rouault 4c8aba2add Add assertion 2017-09-21 14:37:01 +02:00
Even Rouault 113e0976e2 Comment dead code (Coverity CID 94681) 2017-09-21 14:14:32 +02:00
Even Rouault 39082fc665 Workaround Coverity CID 113061 2017-09-21 14:13:16 +02:00
Even Rouault 7711307d86 Workaround Coverity CID 169392 2017-09-21 14:10:49 +02:00
Even Rouault 19e157871f opj_j2k_get_default_thread_count(): validate value of OPJ_NUM_THREADS to fix Coverity 179465 and 179463 2017-09-21 14:06:03 +02:00
Even Rouault 68e596dada Fix copy&paste error (Coverity CID 169394) 2017-09-21 13:54:14 +02:00
Even Rouault 16b701659d opj_decompress: add a warning when -d and -t are used together (#693) 2017-09-20 01:06:02 +02:00
Even Rouault b8c4b450c4 Use a #define J2K_MAX_POCS 32 to avoid hard-coded constant (#349) 2017-09-20 00:55:22 +02:00
Even Rouault 9cba05762d Avoid index-out-of-bounds access when invoking opj_compress with -n 11 or higher. But not a proper fix itself (refs #493) 2017-09-20 00:43:54 +02:00
Even Rouault 8df07d5866 Avoid relying on operator precedence (raised by cppcheck) 2017-09-19 18:35:52 +02:00
Even Rouault c22ea12219 Workaroudn cppcheck (correct) warning about same code in then and else branches 2017-09-19 18:35:31 +02:00
Even Rouault c84e594cff Fix badly named variable in function prototype (raised by cppcheck) 2017-09-19 18:35:07 +02:00
Even Rouault 82ab7effe3 Remove redundant test (raised by cppcheck) 2017-09-19 18:34:49 +02:00
Even Rouault ce8edf9bff Replace C++ style comments by C ones 2017-09-19 18:25:55 +02:00
Even Rouault d415723fd9 Replace C++ style comments by C ones 2017-09-19 18:22:07 +02:00
Even Rouault e17bbde906 opj_set_decoded_components(): add a provision for a apply_color_transforms parameter in case we support it in the future 2017-09-19 17:48:07 +02:00
Even Rouault 7e2b6bebff Add capability to decode only a subset of all components of an image.
This adds a opj_set_decoded_components(opj_codec_t *p_codec,
OPJ_UINT32 numcomps, const OPJ_UINT32* comps_indices) function,
and equivalent "opj_decompress -c compno[,compno]*" option.

When specified, neither the MCT transform nor JP2 channel transformations
will be applied.

Tests added for various combinations of whole image vs tiled-based decoding,
full or reduced resolution, use of decode area or not.
2017-09-19 17:06:19 +02:00
Even Rouault ce199f42e7 src/bin/jp3d/convert.c: add missing fclose() in error code path (#1018) 2017-09-19 12:48:12 +02:00
Even Rouault fdef69b43c Fix warnings and errors when compiling with a c++ compiler (#1021) 2017-09-19 12:46:20 +02:00
Even Rouault 18f6696372 Fix compilation with AppleClang 8.1.0.8020042 (#1020) 2017-09-19 12:13:34 +02:00
Even Rouault 3dfc6ca2bc Build: make sure that -DBUILD_SHARED_LIBS:bool=off is honoured to build only the static lib (#1019) 2017-09-17 12:17:49 +02:00
Even Rouault 28094e1ebf opj_tcd_mct_decode(): avoid heap buffer overflow when components have not the same number of resolutions. Also fixes an issue with subtile decoding. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3331. Credit to OSS Fuzz 2017-09-08 10:56:49 +02:00
Even Rouault 33167ddc13 opj_j2k_update_image_data(): restrict optimized path 2017-09-08 09:53:52 +02:00
Even Rouault b73ce715d2 Use opj_image_data_free() where appropriate (adapted from dab9db0723, #1014) 2017-09-08 09:16:51 +02:00
Even Rouault 5abd86b14b Properly fix cc893a4ebf to avoid heap-buffer-overflow when numcomps < 3 2017-09-07 18:01:33 +02:00
Even Rouault 51a1dcaa6e Avoid malloc poisoning issue when including <pthread.h> of uclibc (#1013) 2017-09-07 17:52:59 +02:00
Even Rouault cc893a4ebf opj_tcd_mct_decode(): fix checks to verify MCT can be done safely. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3305 (master only) 2017-09-07 15:32:54 +02:00
Even Rouault c67e1cd73f Fix invalid access out of bounds, and bad behaviour, when calling repeatdly opj_get_decoded_tile() on an image with a color palette 2017-09-06 17:33:38 +02:00
Even Rouault 297f202104 Fix 2.2.0 regression when reading codestream with reperated calls to opj_get_decoded_tile() where tile parts of a same tile are not consecutive
This check was introduced per #939, but relied on the incorrect assumption
we decode all the tile parts of all tiles.
2017-09-06 16:49:28 +02:00
Even Rouault 003759a482 Fix null pointer dereference on partial tile decoding when they are empty. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3297 (master only) 2017-09-06 15:59:19 +02:00
Even Rouault 968e36bbd9 Merge pull request #1010 from rouault/subtile_decoding_stage3
Subtile decoding: memory use reduction and perf improvements
2017-09-05 22:18:58 +02:00
Even Rouault 579b8937ea Replace uses of size_t by OPJ_SIZE_T 2017-09-04 17:35:52 +02:00
Even Rouault 3a382d3123 opj_getopt.c: avoid crash on invalid input (#301) 2017-09-03 00:30:36 +02:00
Even Rouault e5ab1682a1 Improve error message when specifying a too big cp_reduce parameter (#474) 2017-09-02 09:10:53 +02:00
Even Rouault c1e0fba0c4 opj_v4dwt_decode_step1_sse(): rework a bit to improve code generation 2017-09-01 22:23:29 +02:00
Even Rouault 676d4c807f opj_j2k_update_image_data(): avoid allocating image buffer if we can just reuse the tile buffer one 2017-09-01 22:23:29 +02:00
Even Rouault 4c7effa6bc opj_t1_clbl_decode_processor(): use SSE2 in subtile decoding code path, for irreversible 2017-09-01 22:23:29 +02:00
Even Rouault 2c365fe0ec Replace error message 'Not enough memory for tile data' by 'Size of tile data exceeds system limits' (refs https://github.com/uclouvain/openjpeg/pull/730#issuecomment-326654188) 2017-09-01 22:23:29 +02:00
Even Rouault 559d16e8f4 opj_t1_decode_cblk(): move some code to codeblock processor for (theoretical) better multi-threading in subtile decoding 2017-09-01 22:23:29 +02:00
Even Rouault 7017e67a01 sparse_array: optimizations for lossy case 2017-09-01 22:23:29 +02:00
Even Rouault b428b8c7e7 opj_tcd_rateallocate(): make sure to use all passes for a lossless layer (#1009)
And save a useless loop, which should be a tiny faster.
2017-09-01 20:02:09 +02:00
Even Rouault 7aa071aa27 opj_j2k_setup_encoder(): emit warnings if tcp_rates are not decreasing or tcp_distoratio are not increasing (#1009) 2017-09-01 19:49:01 +02:00
Even Rouault a538815c77 opj_j2k_setup_encoder(): avoid potential int overflow in computations related to max_cs_size 2017-09-01 19:27:56 +02:00
Even Rouault 09929bb615 opj_compress help: revert 3257261776 and indicate 1 again as being the value to get lossless for -r. In opj_j2k_setup_encoder(), make sure that ll rates[] <= 1.0 are set to 0. Document 0 as being lossless for -q / tcp_distoratio (#1009) 2017-09-01 19:16:35 +02:00
Even Rouault 3257261776 opj_compress help: indicate 0 value, instead of 1, for -r parameter to get lossless encoding (#1009) 2017-09-01 17:33:23 +02:00
Even Rouault 8a17be8945 opj_v4dwt_decode_step2_sse(): loop unroll 2017-09-01 16:31:08 +02:00
Even Rouault 83b5a168ec opj_dwt_decode_partial_97(): simplify/more efficient use of sparse arrays in vertical pass 2017-09-01 16:31:06 +02:00
Even Rouault ae19001ba4 opj_tcd_dc_level_shift_decode(): optimize lossy case 2017-09-01 16:31:04 +02:00
Even Rouault 470f3ed416 opj_dwt_decode_partial_1_parallel(): add SSE2 optimization 2017-09-01 16:31:02 +02:00
Even Rouault 873004c615 Sub-tile decoding: speed up vertical pass in IDWT5x3 by processing 4 cols at a time 2017-09-01 16:31:00 +02:00
Even Rouault ccac773556 Tiny perf improvement in T1 stage for subtile decoding 2017-09-01 16:30:58 +02:00
Even Rouault 82a43d8035 Optimize opj_dwt_decode_partial_1() when cas == 0 2017-09-01 16:30:54 +02:00
Even Rouault 1644665a91 opj_j2k_update_image_data(): avoid zero-ing the buffer if not needed 2017-09-01 16:30:52 +02:00
Even Rouault b2cc8f7f81 Optimize reading/write into sparse array 2017-09-01 16:30:50 +02:00
Even Rouault 0ae3cba340 Allow several repeated calls to opj_set_decode_area() and opj_decode() for single-tiled images
* Only works for single-tiled images --> will error out cleanly, as currently
  in other cases
* Save re-reading the codestream for the tile, and re-use code-blocks of the
  previous decoding pass.
* Future improvements might involve improving opj_decompress, and the image writing logic,
  to use this strategy.
2017-09-01 16:30:48 +02:00
Even Rouault 5d07d463fd opj_j2k_decode_tiles(): apply whole single tile image decoding optimization to reading at reduced resolution as well 2017-09-01 16:30:45 +02:00
Even Rouault 98b9310361 Various changes to allow tile buffers of more than 4giga pixels
Untested though, since that means a tile buffer of at least 16 GB. So
there might be places where uint32 overflow on multiplication still occur...
2017-09-01 16:30:44 +02:00
Even Rouault 008a12d4fc TCD: allow tile buffer to be greater than 4GB on 64 bit hosts (but number of pixels must remain under 4 billion) 2017-09-01 16:30:41 +02:00
Even Rouault d1299d9670 Fix compiler warning in release mode 2017-09-01 16:30:39 +02:00
Even Rouault d5153ba404 Remove limitation that prevents from opening images bigger than 4 billion pixels
However the intermediate buffer for decoding must still be smaller than 4
billion pixels, so this is useful for decoding at a lower resolution level,
or subtile decoding.
2017-09-01 16:30:37 +02:00
Even Rouault c37e360a51 opj_tcd_init_tile(): fix typo on overflow detection condition (introduced in previous commit) 2017-09-01 16:30:35 +02:00
Even Rouault eee5104a88 opj_dwt_decode_partial_tile(): avoid undefined behaviour in lifting operation by properly initializing working buffer 2017-09-01 16:30:32 +02:00
Even Rouault f9e9942330 Sub-tile decoding: only allocate tile component buffer of the needed dimension
Instead of being the full tile size.

* Use a sparse array mechanism to store code-blocks and intermediate stages of
  IDWT.
* IDWT, DC level shift and MCT stages are done just on that smaller array.
* Improve copy of tile component array to final image, by saving an intermediate
  buffer.
* For full-tile decoding at reduced resolution, only allocate the tile buffer to
  the reduced size, instead of the full-resolution size.
2017-09-01 16:30:29 +02:00
Even Rouault aa7198146b opj_compress: reorder checks related to code block dimensions, to avoid potential int overflow 2017-09-01 10:26:53 +02:00
Even Rouault 0a25dceca7 opj_j2k_setup_encoder(): validate code block width/height 2017-09-01 10:26:53 +02:00
Even Rouault 84bbb4a874 opj_t1_allocate_buffers(): remove useless overflow checks 2017-09-01 10:26:53 +02:00
Even Rouault 6ce49bf5ae Fix undefined shift behaviour in opj_dwt_is_whole_tile_decoding(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3255. Credit to OSS Fuzz 2017-09-01 10:26:18 +02:00
Even Rouault 04b70908a7 Use IDWT whole tile decoding if the area of interest equals to the image bounds, taking into account the reduced resolution factor 2017-08-29 11:40:53 +02:00
Even Rouault a55c024fc6 Subtile decoding: fix overflows in subband coordinate computation that cause later buffer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3115. Credit to OSS Fuzz. master only 2017-08-28 17:18:33 +02:00
Even Rouault 8f92fc9791 Make opj_set_decode_area() and opj_decode() take into account opj_set_decoded_resolution_factor() (#1006, affect API use)
* Better document usage of opj_set_decode_area(), ie expecting coordinates
  in full resolution/reference grid even if requesting at a lower resolution
  factor
* Make sure that image->comps[].factor is set by opj_set_decode_area() and
  opj_decode() from the value specified in opj_set_decoded_resolution_factor()
* opj_decompress: add 2 environmenet variables to test alternate ways of
  using the API, namely USE_OPJ_SET_DECODED_RESOLUTION_FACTOR=YES to use
  opj_set_decoded_resolution_factor() instead of parameters.cp_reduce, and
  SKIP_OPJ_SET_DECODE_AREA=YES to not call opj_set_decode_area() if -d is
  not specified.
2017-08-28 14:57:49 +02:00
Even Rouault 5146abc02e imagetopgx(): improve performance in 8 bit case (relates to broken.jpc test case) 2017-08-24 14:09:31 +02:00
Even Rouault bc71bd1219 opj_dwt_decode_partial_97(): perf improvement: limit copy of coefficients at end of horizontal pass to actual range of interest 2017-08-23 18:58:32 +02:00
Even Rouault c97666f72b j2k.c: fix comment, and remove FIXME 2017-08-21 19:02:04 +02:00
Even Rouault 24d069e3ff Add comment 2017-08-21 17:19:13 +02:00
Even Rouault e9bbc6d3dd Merge pull request #1001 from rouault/subtile_decoding_stage2
Subtile decoding: only apply IDWT on areas that participate to the window of interest
2017-08-21 13:02:07 +02:00
Even Rouault 17a7ac42d5 Add comments for filter_width values 2017-08-21 12:25:38 +02:00
Even Rouault f87c5ef7eb Subtile decoding: only do 9x7 IDWT computations on relevant areas of tile-component buffer. 2017-08-20 22:02:41 +02:00
Even Rouault 3eed024eb4 pgxtoimage(): avoid excessive memory allocation attempt (#999) 2017-08-19 15:45:54 +02:00
Even Rouault 5d40325056 Subtile decoding: only do 5x3 IDWT computations on relevant areas of tile-component buffer.
This lowers 'bin/opj_decompress -i ../MAPA.jp2 -o out.tif -d 0,0,256,256'
down to 0.860s
2017-08-18 15:08:51 +02:00
Even Rouault e528531922 pgxtoimage(): fix write stack buffer overflow (#997) 2017-08-18 13:39:20 +02:00
Even Rouault 5597522cac bmp_read_rle8_data(): avoid potential infinite loop (#996) 2017-08-18 10:16:38 +02:00
Even Rouault 5d12806091 opj_j2k_update_rates(): grow tile size buffer for some situations 2017-08-17 19:18:48 +02:00
Even Rouault 4b0bfbfabc Zero-initialize tile buffer regions of skipped code-blocks, so as to make Valgrind happy 2017-08-17 19:05:54 +02:00
Even Rouault fe338a057c Sub-tile decoding: only decode precincts and codeblocks that intersect the window specified in opj_set_decode_area() 2017-08-17 19:05:54 +02:00
Even Rouault 17ea17f487 Fix -Wconversion warning 2017-08-17 19:05:29 +02:00
Even Rouault fd8448ed44 bench_dwt.c: fix signedness related warnings 2017-08-17 17:04:48 +02:00
Even Rouault da046b73a8 convert.c: fix recently introduced -Wsign-conversion warnings 2017-08-17 17:02:40 +02:00
Even Rouault 9f7d79fd30 opj_getopt_long(): avoid infinite loop on invalid or missing value for an option (#736) 2017-08-17 14:52:10 +02:00
Even Rouault 2cd30c2b06 tgatoimage(): avoid excessive memory allocation attempt, and fixes unaligned load (#995) 2017-08-17 11:47:40 +02:00
Even Rouault 09e83407fa Avoid asserting on assert(i == pcol) in opj_jp2_apply_pclr() by adding new check in opj_jp2_check_color(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3068. Credit to OSS Fuzz 2017-08-17 11:05:53 +02:00
Even Rouault 8e6c371e66 opj_t1_encode_cblk(): avoid uint32 overflow when numbps = 0 (which is well defined behaviour, and is properly handled here, but better avoid it to detect real issues) 2017-08-16 18:29:59 +02:00
Even Rouault 1e387de742 Fix build issue of JPWL by adding opj_image_data_alloc() and opj_image_data_free() to src/lib/openmj2 (#994) 2017-08-16 17:39:20 +02:00
Even Rouault c535531f03 opj_t2_encode_packet(): fix potential write heap buffer overflow (#992) 2017-08-16 17:20:29 +02:00
Even Rouault dcac91b8c7 opj_j2k_write_sot(): fix potential write heap buffer overflow (#991) 2017-08-16 17:09:10 +02:00
Even Rouault af76000771 tiftoimage(): fix read heap buffer overflow (#988)
The number of components is given only by TIFFTAG_SAMPLESPERPIXEL / tiSpp.
Querying TIFFTAG_EXTRASAMPLES only give information about which channel is
the alpha channel, but we mostly ignore it for now, so remove that part of the
code.
2017-08-16 13:36:52 +02:00
Even Rouault ab4de904e7 imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987) 2017-08-16 13:11:36 +02:00
Even Rouault 9624b2fa47 opj_t2_encode_packet(): only emit an error about insufficiently large output buffer in FINAL_PASS mode. Fixes (master-only) regression added in 0b4fef6d19 2017-08-16 12:52:33 +02:00
Even Rouault 4241ae6fbb Fix assertion in debug mode / heap-based buffer overflow in opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) 2017-08-15 11:55:58 +02:00
Even Rouault 52d5690a6f Merge pull request #984 from stweil/const
Use more const qualifiers
2017-08-14 17:28:26 +02:00
Even Rouault baf0c1ad45 bmp_read_info_header(): reject bmp files with biBitCount == 0 (#983) 2017-08-14 17:26:58 +02:00
Even Rouault afb308b9cc Encoder: grow buffer size in opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in opj_mqc_flush (#982) 2017-08-14 17:20:37 +02:00
Stefan Weil bc59410f25 Use const qualifier for mqc_states
This allows more compiler optimizations.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-08-14 14:41:27 +02:00
Stefan Weil 10e6ce2c2c Use const qualifier for j2k_prog_order_list
This allows more compiler optimizations.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-08-14 14:41:27 +02:00
szukw000 9f750884f9 Changes in converttif.c for PPC64 2017-08-11 00:06:23 +02:00
Even Rouault a35b489134 Fix argument order in error message of previous commit 2017-08-10 16:58:36 +02:00
Even Rouault 0b4fef6d19 Propagate event manager down to opj_t2_encode_packet() and use it to emit an error message when the output buffer is too small 2017-08-10 16:49:47 +02:00
Even Rouault a316f36dfc Fix crash on encoding if using opj_set_default_encoder_parameters() without defining tcp_numlayers 2017-08-10 14:43:16 +02:00
Even Rouault 26fe8f6043 Improve doc of opj_tccp_info_t::cblkw and cblkh 2017-08-10 11:45:49 +02:00
Even Rouault 4b16e8d27a Remove useless opj_tcd_t::enumcs field added per #975 2017-08-09 17:37:05 +02:00
Even Rouault 5e200452db Doc: fix error in previous commit 2017-08-09 15:04:29 +02:00
Even Rouault 9203e8ec51 tcd.h: doc fixes and improvements 2017-08-09 14:50:59 +02:00
Even Rouault 11b1ffb373 Document qmfbid values 2017-08-09 14:13:58 +02:00
Even Rouault ac375ac9f5 Partial revert BPC related check of #975 (#979)
PR #975 introduced a check that rejects images that have different bit depth/sign
per compoment in SIZ marker if the JP2 IHDR box has BPC != 255
This didn't work properly if decoding a .j2k file since the new bit added in
opj_cp_t wasn't initialized to the right value.
For clarity, tThis new bit has also been renamed to allow_different_bit_depth_sign

But looking closer at the code, it seems we were already tolerant to inconsistencies.
For example we parsed a JP2 BPCC box even if BPC != 255 (just a warning is emitted)
So failing hard in opj_j2k_read_siz() wouldn't be very inconsistent, and that
alone cannot protect against other issues, so just emit a warning if BPC != 255
and the SIZ marker contains different bit depth/sign per component.

Note: we could also check that the content of JP2 BPCC box is consistant with the one
of the SIZ marker.
2017-08-09 11:34:08 +02:00
Even Rouault c38bdbef4f opj_decompress: document -quiet option, and remove spurious newline output 2017-08-09 10:03:59 +02:00
Even Rouault 0eceb4494c src/bin/jpwl/convert.c pgxtoimage(): add missing fclose() (#977) 2017-08-09 09:50:39 +02:00
Even Rouault 5a560ebf51 imagetobmp: avoid shift by -1 (relates to #811) 2017-08-09 09:42:30 +02:00
Antonin Descampe 0c07950cb3 Fix remaining warning
format specifier mismatch in #975
2017-08-08 18:05:37 -07:00
Antonin Descampe 0394f8d0f1 Merge pull request #975 from szukw000/changes-for-afl-tests
Catch images broken by AFL
2017-08-08 16:51:54 -07:00
Even Rouault 92114694a4 Slight improvement in management of code block chunks
Instead of having the chunk array at the segment level, we can move it down to
the codeblock itself since segments are filled in sequential order.
Limit the number of memory allocation, and decrease slightly the memory usage.

On MAPA_005.jp2

n4: 1871312549 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
 n1: 1610689344 0x4E781E7: opj_aligned_malloc (opj_malloc.c:61)
  n1: 1610689344 0x4E71D1B: opj_alloc_tile_component_data (tcd.c:676)
   n1: 1610689344 0x4E726CF: opj_tcd_init_decode_tile (tcd.c:816)
    n1: 1610689344 0x4E4BE39: opj_j2k_read_tile_header (j2k.c:8617)
     n1: 1610689344 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348)
      n1: 1610689344 0x4E4E3CE: opj_j2k_decode (j2k.c:7846)
       n1: 1610689344 0x4E53002: opj_jp2_decode (jp2.c:1564)
        n0: 1610689344 0x40374E: main (opj_decompress.c:1459)
 n1: 219232541 0x4E4BC50: opj_j2k_read_tile_header (j2k.c:4683)
  n1: 219232541 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348)
   n1: 219232541 0x4E4E3CE: opj_j2k_decode (j2k.c:7846)
    n1: 219232541 0x4E53002: opj_jp2_decode (jp2.c:1564)
     n0: 219232541 0x40374E: main (opj_decompress.c:1459)
 n1: 23893200 0x4E72735: opj_tcd_init_decode_tile (tcd.c:1225)
  n1: 23893200 0x4E4BE39: opj_j2k_read_tile_header (j2k.c:8617)
   n1: 23893200 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348)
    n1: 23893200 0x4E4E3CE: opj_j2k_decode (j2k.c:7846)
     n1: 23893200 0x4E53002: opj_jp2_decode (jp2.c:1564)
      n0: 23893200 0x40374E: main (opj_decompress.c:1459)
 n0: 17497464 in 52 places, all below massif's threshold (1.00%)
2017-08-07 18:32:52 +02:00
Even Rouault ca34d13e76 Decoding: do not allocate memory for the codestream of each codeblock
Currently we allocate at least 8192 bytes for each codeblock, and copy
the relevant parts of the codestream in that per-codeblock buffer as we
decode packets.
As the whole codestream for the tile is ingested in memory and alive
during the decoding, we can directly point to it instead of copying. But
to do that, we need an intermediate concept, a 'chunk' of code-stream segment,
given that segments may be made of data at different places in the code-stream
when quality layers are used.

With that change, the decoding of MAPA_005.jp2 goes down from the previous
improvement of 2.7 GB down to 1.9 GB.

New profile:

n4: 1885648469 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
 n1: 1610689344 0x4E78287: opj_aligned_malloc (opj_malloc.c:61)
  n1: 1610689344 0x4E71D7B: opj_alloc_tile_component_data (tcd.c:676)
   n1: 1610689344 0x4E7272C: opj_tcd_init_decode_tile (tcd.c:816)
    n1: 1610689344 0x4E4BDD9: opj_j2k_read_tile_header (j2k.c:8618)
     n1: 1610689344 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349)
      n1: 1610689344 0x4E4E36E: opj_j2k_decode (j2k.c:7847)
       n1: 1610689344 0x4E52FA2: opj_jp2_decode (jp2.c:1564)
        n0: 1610689344 0x40374E: main (opj_decompress.c:1459)
 n1: 219232541 0x4E4BBF0: opj_j2k_read_tile_header (j2k.c:4685)
  n1: 219232541 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349)
   n1: 219232541 0x4E4E36E: opj_j2k_decode (j2k.c:7847)
    n1: 219232541 0x4E52FA2: opj_jp2_decode (jp2.c:1564)
     n0: 219232541 0x40374E: main (opj_decompress.c:1459)
 n1: 39822000 0x4E727A9: opj_tcd_init_decode_tile (tcd.c:1219)
  n1: 39822000 0x4E4BDD9: opj_j2k_read_tile_header (j2k.c:8618)
   n1: 39822000 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349)
    n1: 39822000 0x4E4E36E: opj_j2k_decode (j2k.c:7847)
     n1: 39822000 0x4E52FA2: opj_jp2_decode (jp2.c:1564)
      n0: 39822000 0x40374E: main (opj_decompress.c:1459)
 n0: 15904584 in 52 places, all below massif's threshold (1.00%)
2017-08-07 18:32:52 +02:00
Even Rouault 373520db30 Add documentation for magic values in the code 2017-08-07 18:32:52 +02:00
Even Rouault 434ace4ff7 opj_jp2_apply_pclr() also needs to use opj_image_data_alloc/opj_image_data_free 2017-08-07 18:32:52 +02:00
Even Rouault 0c1fc0593e Complementary fix to previous commit 2017-08-07 18:32:52 +02:00
Even Rouault f58aab9d6a Add opj_image_data_alloc() / opj_image_data_free()
As bin/common/color.c used to directly call malloc()/free(), we need
to export functions dedicated to allocating/freeing image component data.
2017-08-07 18:32:52 +02:00
Even Rouault 61fb5dd7f8 Fix crash on Windows due to b7594c0fcb9dd3aa6356d72c4a525d76168da689
b7594c0fcb9dd3aa6356d72c4a525d76168da689 may put opj_tcd_tilecomp_t->data
allocated by opj_alloc_tile_component_data() as the image->comps[].data. As
opj_alloc_tile_component_data() use opj_aligned_malloc() we must be sure to
ue opj_alined_malloc()/_free() in all places where we alloc/free
image->comps[].data.

Note: this might have some compatibility impact in case user code does itself
the allocation/free of image->comps[].data
2017-08-07 18:32:49 +02:00
Even Rouault 793edc38e4 Decrease memory consumption for whole image single tile decoding.
We can use the same buffer for the tile decoding and the final image, and
save the intermediate buffer to transfer between those.

Effect on the decoding of MAPA (9944 x 13498 x 3 components of size byte)

Peak memory from 4.5 GB to 2.7 GB

Now:
n5: 2699708767 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
 n1: 1610689344 0x4E77E07: opj_aligned_malloc (opj_malloc.c:61) <-- final image
  n1: 1610689344 0x4E7195B: opj_alloc_tile_component_data (tcd.c:676)
   n1: 1610689344 0x4E722D2: opj_tcd_init_decode_tile (tcd.c:816)
    n1: 1610689344 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
     n1: 1610689344 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
      n1: 1610689344 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
       n1: 1610689344 0x4E52E42: opj_jp2_decode (jp2.c:1564)
        n0: 1610689344 0x40369E: main (opj_decompress.c:1459)
 n1: 815554560 0x4E72231: opj_tcd_init_decode_tile (tcd.c:1217) <-- working memory for code blocks: 9944*13498/64/64*8192*3
  n1: 815554560 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
   n1: 815554560 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
    n1: 815554560 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
     n1: 815554560 0x4E52E42: opj_jp2_decode (jp2.c:1564)
      n0: 815554560 0x40369E: main (opj_decompress.c:1459)
 n1: 219758391 0x4E4C0BF: opj_j2k_read_tile_header (j2k.c:4661) <-- ingestion of code stream
  n1: 219758391 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
   n1: 219758391 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
    n1: 219758391 0x4E52E42: opj_jp2_decode (jp2.c:1564)
     n0: 219758391 0x40369E: main (opj_decompress.c:1459)
 n1: 39822000 0x4E7224F: opj_tcd_init_decode_tile (tcd.c:1224) <-- OPJ_J2K_DEFAULT_NB_SEGS*sizeof(opj_tcd_seg_t) per codeblock
  n1: 39822000 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
   n1: 39822000 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
    n1: 39822000 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
     n1: 39822000 0x4E52E42: opj_jp2_decode (jp2.c:1564)
      n0: 39822000 0x40369E: main (opj_decompress.c:1459)
 n0: 13884472 in 49 places, all below massif's threshold (1.00%)

Before:
n5: 4493329848 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
 n2: 1610709160 0x4E77C87: opj_aligned_malloc (opj_malloc.c:61)
  n1: 1610689344 0x4E717DB: opj_alloc_tile_component_data (tcd.c:676)
   n1: 1610689344 0x4E72152: opj_tcd_init_decode_tile (tcd.c:816)
    n1: 1610689344 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
     n1: 1610689344 0x4E4C64A: opj_j2k_decode_tiles (j2k.c:10318)
      n1: 1610689344 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
       n1: 1610689344 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
        n0: 1610689344 0x40369E: main (opj_decompress.c:1459)
  n0: 19816 in 2 places, all below massif's threshold (1.00%)
 n1: 1610689344 0x4E43F36: opj_j2k_update_image_data.isra.7 (j2k.c:8743)
  n1: 1610689344 0x4E4C5C1: opj_j2k_decode_tiles (j2k.c:10358)
   n1: 1610689344 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
    n1: 1610689344 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
     n0: 1610689344 0x40369E: main (opj_decompress.c:1459)
 n1: 815554560 0x4E720B1: opj_tcd_init_decode_tile (tcd.c:1217)
  n1: 815554560 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
   n1: 815554560 0x4E4C64A: opj_j2k_decode_tiles (j2k.c:10318)
    n1: 815554560 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
     n1: 815554560 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
      n0: 815554560 0x40369E: main (opj_decompress.c:1459)
 n1: 402672336 0x4E4C545: opj_j2k_decode_tiles (j2k.c:10336)
  n1: 402672336 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
   n1: 402672336 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
    n0: 402672336 0x40369E: main (opj_decompress.c:1459)
 n0: 53704448 in 58 places, all below massif's threshold (1.00%)
2017-08-07 18:18:53 +02:00
szukw000 bc3cb74100 Changes for converttif.c to fix tsize_t 2017-08-07 16:44:28 +02:00
Even Rouault 2fbd4bb0b9 opj_j2k_read_sot(): check current TPSot number regarding previous (non-zero) TNsot to avoid opj_j2k_merge_ppt() to be called several times. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2851. Credit to OSS Fuzz 2017-08-04 18:02:10 +02:00
szukw000 57e36dbfeb First change on changes-for-afl-tests 2017-08-02 17:27:08 +02:00
Even Rouault 48125b0d12 src/bin/jpwl/convert.c: add missing fclose() in error code path (suggested by maddin200, #976) 2017-07-31 17:35:10 +02:00
szukw000 00f45684a8 Catch images broken by AFL 2017-07-31 13:58:08 +02:00
Even Rouault 13cde9fa37 src/lib/openjp2/*.h: use OPJ_ prefix for inclusion guards instead of reserved __ (#587) 2017-07-30 19:46:52 +02:00
Even Rouault 9a6d41d22b opj_event_msg(): force zero termination of buffer 2017-07-30 19:27:01 +02:00
Even Rouault b716f86163 Fix breakage of 22bf99ce02 2017-07-30 19:26:47 +02:00
Even Rouault 22bf99ce02 Test return value of opj_j2k_setup_decoding_tile() (commit ec31fa0c7f by ak-dxdy, #561) 2017-07-30 19:07:16 +02:00
Even Rouault ffa9a4f658 Fix warnings in USE_JPIP compilation mode 2017-07-30 18:46:34 +02:00
Even Rouault c22cbd8bdf Avoid heap buffer overflow in function pnmtoimage of convert.c, and unsigned integer overflow in opj_image_create() (CVE-2016-9118, #861) 2017-07-30 18:43:25 +02:00
Even Rouault 83342f2aaf Fix Doxygen warnings (patch derived from Winfried's doxygen-dif.txt.zip, #849) 2017-07-30 18:18:59 +02:00
Even Rouault 4748318136 j2k.c: remove hardcoded constants related to m_state, and useless FIXME 2017-07-30 17:26:03 +02:00
Even Rouault e23e0c94d0 Avoid p_stream->m_user_data_length >= (OPJ_UINT64)p_stream->m_byte_offset assertion in opj_stream_get_number_byte_left(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2786. Credit to OSS Fuzz 2017-07-30 16:48:15 +02:00
Even Rouault 1ed8d67797 opj_j2k_set_decode_area: replace assertions by runtime checks. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2795. Credit to OSS Fuzz 2017-07-30 15:35:47 +02:00
Even Rouault 68832af20e opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2799. Credit to OSS Fuzz 2017-07-30 15:22:24 +02:00
Even Rouault 517bf6fd86 src/bin/jpwl/convert.c: fix memleak (fix suggested by maddin200, #631) 2017-07-29 21:11:23 +02:00
Even Rouault 51eb86d8f7 Fix warnings in pi.c raised by VS11 analyze (#190) 2017-07-29 19:43:23 +02:00
Even Rouault 397f62c0a8 Fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of Tencent's Xuanwu LAB (#835) 2017-07-29 19:13:49 +02:00
Even Rouault 11445eddad opj_pi_update_decode_poc(): limit layno1 to the number of layers (CVE-2016-1626 and CVE-2016-1628, #850)
This has been recently fixed in a less elegant way per
80818c39f5
2017-07-29 19:03:13 +02:00
Even Rouault 3fbe713690 opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow (#854, CVE-2016-5152)
Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
2017-07-29 18:38:16 +02:00
Even Rouault 5a3e7aaf33 color_cielab_to_rgb(): reject images with components of different dimensions to void read heap buffer overflow (#909) 2017-07-29 17:56:12 +02:00
Even Rouault 784d4d47e9 Fix breakage of 2fa0fc61f2 (#970) 2017-07-29 17:51:10 +02:00
Even Rouault 2fa0fc61f2 imagetopnm(): make sure the alpha component has same dimension as other components to avoid read heap buffer overflow (#970) 2017-07-29 17:28:55 +02:00
Even Rouault db9ef99f6d opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487. Credit to OSS Fuzz 2017-07-29 16:34:35 +02:00
Even Rouault f6551f822f opj_t1_clbl_decode_processor(): avoid undefined behaviour if roishift >= 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2506. Credit to OSS Fuzz 2017-07-29 16:29:11 +02:00