Commit Graph

803 Commits

Author SHA1 Message Date
Even Rouault c22cbd8bdf Avoid heap buffer overflow in function pnmtoimage of convert.c, and unsigned integer overflow in opj_image_create() (CVE-2016-9118, #861) 2017-07-30 18:43:25 +02:00
Even Rouault 83342f2aaf Fix Doxygen warnings (patch derived from Winfried's doxygen-dif.txt.zip, #849) 2017-07-30 18:18:59 +02:00
Even Rouault 4748318136 j2k.c: remove hardcoded constants related to m_state, and useless FIXME 2017-07-30 17:26:03 +02:00
Even Rouault e23e0c94d0 Avoid p_stream->m_user_data_length >= (OPJ_UINT64)p_stream->m_byte_offset assertion in opj_stream_get_number_byte_left(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2786. Credit to OSS Fuzz 2017-07-30 16:48:15 +02:00
Even Rouault 1ed8d67797 opj_j2k_set_decode_area: replace assertions by runtime checks. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2795. Credit to OSS Fuzz 2017-07-30 15:35:47 +02:00
Even Rouault 68832af20e opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2799. Credit to OSS Fuzz 2017-07-30 15:22:24 +02:00
Even Rouault 517bf6fd86 src/bin/jpwl/convert.c: fix memleak (fix suggested by maddin200, #631) 2017-07-29 21:11:23 +02:00
Even Rouault 51eb86d8f7 Fix warnings in pi.c raised by VS11 analyze (#190) 2017-07-29 19:43:23 +02:00
Even Rouault 397f62c0a8 Fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of Tencent's Xuanwu LAB (#835) 2017-07-29 19:13:49 +02:00
Even Rouault 11445eddad opj_pi_update_decode_poc(): limit layno1 to the number of layers (CVE-2016-1626 and CVE-2016-1628, #850)
This has been recently fixed in a less elegant way per
80818c39f5
2017-07-29 19:03:13 +02:00
Even Rouault 3fbe713690 opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow (#854, CVE-2016-5152)
Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
2017-07-29 18:38:16 +02:00
Even Rouault 5a3e7aaf33 color_cielab_to_rgb(): reject images with components of different dimensions to void read heap buffer overflow (#909) 2017-07-29 17:56:12 +02:00
Even Rouault 784d4d47e9 Fix breakage of 2fa0fc61f2 (#970) 2017-07-29 17:51:10 +02:00
Even Rouault 2fa0fc61f2 imagetopnm(): make sure the alpha component has same dimension as other components to avoid read heap buffer overflow (#970) 2017-07-29 17:28:55 +02:00
Even Rouault db9ef99f6d opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487. Credit to OSS Fuzz 2017-07-29 16:34:35 +02:00
Even Rouault f6551f822f opj_t1_clbl_decode_processor(): avoid undefined behaviour if roishift >= 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2506. Credit to OSS Fuzz 2017-07-29 16:29:11 +02:00
Even Rouault 9906fbf737 Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz 2017-07-29 16:22:36 +02:00
Even Rouault 71b4f5b124 opj_pi_next_pcrl(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2787. Credit to OSS Fuzz 2017-07-29 15:52:11 +02:00
Even Rouault d6654d906c opj_int_ceildiv(): fix int32 overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2494. Credit to OSS Fuzz 2017-07-28 22:15:47 +02:00
Even Rouault 361c4506fd opj_tcd_dc_level_shift_decode(): avoid int overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2516. Credit to OSS Fuzz 2017-07-28 22:06:26 +02:00
Even Rouault 7bdbe490cb Fix null pointer dereference in opj_jp2_apply_pclr(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2558. Credit to OSS Fuzz 2017-07-28 21:55:22 +02:00
Even Rouault 16aeb9282f Fix null pointer dereference in opj_j2k_add_mct() (#895)
Fixes openjeg-crashes-2017-07-27/issue879-poc1.j2k of #895
2017-07-28 21:39:30 +02:00
Even Rouault c5bf5ef4d6 Avoid use-after-free when a MCT marker is found after a MCC one (#895)
Fixes openjeg-crashes-2017-07-27/issue880-poc2.j2k of #895
2017-07-28 21:29:55 +02:00
Even Rouault e03e947466 Avoid undefined shift behaviour if bit depth == 32 (#895)
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:003798,op:ext_AO,pos:128.jp2
2017-07-27 22:29:17 +02:00
Even Rouault 820fcfe8bb opj_j2k_update_image_data / opj_tcd_update_tile_data: fix unaligned load/store (#895)
When components don't have the same width, unaligned load/store are possible.

Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:001342,op:flip4,pos:162.jp2 of #895
2017-07-27 19:35:35 +02:00
Even Rouault 6c4e5bacb9 opj_pi_next_rpcl / opj_pi_next_pcrl / opj_pi_next_cprl: avoid int overflow (#895)
Fixes int overflow on openjeg-crashes-2017-07-27/id:000000,sig:08,src:000879,op:flip2,pos:128.jp2
2017-07-27 19:22:14 +02:00
Even Rouault 178194c093 opj_jp2_check_color(): replace assertion regarding mtyp by runtime check (#672, #895)
Fixes test case openjeg-crashes-2017-07-27/id:000000,sig:06,src:000001,op:flip1,pos:808.jp2
of #895
2017-07-27 18:52:35 +02:00
Even Rouault d6fa300997 Avoids undefined shift behaviour in m_dc_level_shift computation
Fixes warning found on clusterfuzz-testcase-minimized-5146316340461568
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2495

Credit to OSS Fuzz
2017-07-27 18:10:03 +02:00
Even Rouault a88cbb6a0b Fix various undefined shift behaviour in pi.c
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2496
Credit to OSS Fuzz
2017-07-26 22:53:59 +02:00
Even Rouault 6c5fe9407b Avoid potential undefined shift behaviour in opj_bio_read() from opj_t2_read_packet_header()
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2485
Credit to OSS Fuzz
2017-07-26 22:22:44 +02:00
Even Rouault 94c4b7300c T1 decoder: check code stream errors when predictable termination is enabled and emit a warning when errors are found 2017-07-26 21:43:32 +02:00
Even Rouault 5e795d90a1 Spelling fixes (patch by ka7, #890, rebased on top of master) 2017-07-26 21:06:38 +02:00
Even Rouault 2be20ce7d9 Reformat src/bin/wx/OPJViewer/source/OPJThreads.cpp src/bin/wx/OPJViewer/source/imagjpeg2000.cpp wrapping/java/openjp2/JavaOpenJPEG.c 2017-07-26 21:04:01 +02:00
Even Rouault 94cc97c58a opj_decompress: fix null pointer dereference on comps[].data on id_000167,sig_11,src_006079,op_havoc,rep_4 (#939) 2017-07-26 20:13:09 +02:00
Even Rouault 8d2e69e37d Fix assertion / memory leak in opj_j2k_merge_ppt() on corrupted images (#939)
Fixes issue on id:000020,sig:06,src:001958,op:flip4,pos:149 that has two
SOT markers for the same tile with the same tile part number, causing
opj_j2k_merge_ppt() to be called several times.
2017-07-26 19:49:38 +02:00
Even Rouault 5c5319984b Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl, opj_pi_next_cprl (#938)
Fixes crash on id_000004,sig_06,src_000679,op_arith8,pos_49,val_-17
2017-07-26 18:05:56 +02:00
Even Rouault 80818c39f5 Avoid index out of bounds access to pi->include[] (#938)
Fix id:000098,sig:11,src:005411,op:havoc,rep:2 test case
2017-07-26 12:50:51 +02:00
Even Rouault d27ccf01c6 Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl and opj_pi_next_cprl (#938)
Fixes issues with id:000026,sig:08,src:002419,op:int32,pos:60,val:+32 and
id:000019,sig:08,src:001098,op:flip1,pos:49
2017-07-26 11:32:41 +02:00
Jeroen 90ced71601 install static libraries 2017-07-13 11:34:15 +02:00
Even Rouault 60f8ddf577 Comment fix 2017-07-06 12:11:37 +02:00
Even Rouault a38c4496b6 Remove unused m_DA_x0, m_DA_y0, m_DA_x1, m_DA_y1 members from opj_j2k_dec structure 2017-07-05 21:33:42 +02:00
Even Rouault c308de39ed opj_j2k_read_header_procedure(): validate marker size to avoid excessive memory allocation attempt 2017-07-03 14:33:57 +02:00
Even Rouault 5736b1a368 Merge pull request #954 from jeroen/static
build both shared and static library
2017-07-03 12:03:29 +02:00
Even Rouault 8fa405ee15 IDWT 5x3: fix bug in AVX2 implementation (#953, #957) 2017-06-30 00:03:05 +02:00
Even Rouault 533fa2fdee Merge pull request #957 from rouault/idwt_53_improvements
IDWT 5x3 single-pass lifting and SSE2/AVX2 implementation
2017-06-26 12:45:34 +02:00
Even Rouault 6026786069 Style fix 2017-06-21 13:20:35 +02:00
Even Rouault 93aca84731 Fix mingw related warnings 2017-06-21 12:54:40 +02:00
Even Rouault cdd3e83bae Fix clang warning about extraneous parentheses 2017-06-21 12:49:01 +02:00
Even Rouault fd0dc535ad IDWT 5x3: generalize SSE2 version for AVX2
Thanks to our macros that abstract SSE use, the functions can use
AVX2 when available (at compile time)

This brings an extra 23% speed improvement on bench_dwt in 64bit builds
with AVX2 compared to SSE2.
2017-06-21 12:12:58 +02:00
Even Rouault f6e3475cc9 dwt.c: small cleanup 2017-06-21 01:07:56 +02:00