Even Rouault
c22cbd8bdf
Avoid heap buffer overflow in function pnmtoimage of convert.c, and unsigned integer overflow in opj_image_create() (CVE-2016-9118, #861 )
2017-07-30 18:43:25 +02:00
Even Rouault
83342f2aaf
Fix Doxygen warnings (patch derived from Winfried's doxygen-dif.txt.zip, #849 )
2017-07-30 18:18:59 +02:00
Even Rouault
4748318136
j2k.c: remove hardcoded constants related to m_state, and useless FIXME
2017-07-30 17:26:03 +02:00
Even Rouault
e23e0c94d0
Avoid p_stream->m_user_data_length >= (OPJ_UINT64)p_stream->m_byte_offset assertion in opj_stream_get_number_byte_left(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2786 . Credit to OSS Fuzz
2017-07-30 16:48:15 +02:00
Even Rouault
1ed8d67797
opj_j2k_set_decode_area: replace assertions by runtime checks. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2795 . Credit to OSS Fuzz
2017-07-30 15:35:47 +02:00
Even Rouault
68832af20e
opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2799 . Credit to OSS Fuzz
2017-07-30 15:22:24 +02:00
Even Rouault
517bf6fd86
src/bin/jpwl/convert.c: fix memleak (fix suggested by maddin200, #631 )
2017-07-29 21:11:23 +02:00
Even Rouault
51eb86d8f7
Fix warnings in pi.c raised by VS11 analyze ( #190 )
2017-07-29 19:43:23 +02:00
Even Rouault
397f62c0a8
Fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of Tencent's Xuanwu LAB ( #835 )
2017-07-29 19:13:49 +02:00
Even Rouault
11445eddad
opj_pi_update_decode_poc(): limit layno1 to the number of layers (CVE-2016-1626 and CVE-2016-1628, #850 )
...
This has been recently fixed in a less elegant way per
80818c39f5
2017-07-29 19:03:13 +02:00
Even Rouault
3fbe713690
opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow ( #854 , CVE-2016-5152)
...
Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
2017-07-29 18:38:16 +02:00
Even Rouault
5a3e7aaf33
color_cielab_to_rgb(): reject images with components of different dimensions to void read heap buffer overflow ( #909 )
2017-07-29 17:56:12 +02:00
Even Rouault
784d4d47e9
Fix breakage of 2fa0fc61f2
( #970 )
2017-07-29 17:51:10 +02:00
Even Rouault
2fa0fc61f2
imagetopnm(): make sure the alpha component has same dimension as other components to avoid read heap buffer overflow ( #970 )
2017-07-29 17:28:55 +02:00
Even Rouault
db9ef99f6d
opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487 . Credit to OSS Fuzz
2017-07-29 16:34:35 +02:00
Even Rouault
f6551f822f
opj_t1_clbl_decode_processor(): avoid undefined behaviour if roishift >= 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2506 . Credit to OSS Fuzz
2017-07-29 16:29:11 +02:00
Even Rouault
9906fbf737
Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785 . Credit to OSS Fuzz
2017-07-29 16:22:36 +02:00
Even Rouault
71b4f5b124
opj_pi_next_pcrl(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2787 . Credit to OSS Fuzz
2017-07-29 15:52:11 +02:00
Even Rouault
d6654d906c
opj_int_ceildiv(): fix int32 overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2494 . Credit to OSS Fuzz
2017-07-28 22:15:47 +02:00
Even Rouault
361c4506fd
opj_tcd_dc_level_shift_decode(): avoid int overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2516 . Credit to OSS Fuzz
2017-07-28 22:06:26 +02:00
Even Rouault
7bdbe490cb
Fix null pointer dereference in opj_jp2_apply_pclr(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2558 . Credit to OSS Fuzz
2017-07-28 21:55:22 +02:00
Even Rouault
16aeb9282f
Fix null pointer dereference in opj_j2k_add_mct() ( #895 )
...
Fixes openjeg-crashes-2017-07-27/issue879-poc1.j2k of #895
2017-07-28 21:39:30 +02:00
Even Rouault
c5bf5ef4d6
Avoid use-after-free when a MCT marker is found after a MCC one ( #895 )
...
Fixes openjeg-crashes-2017-07-27/issue880-poc2.j2k of #895
2017-07-28 21:29:55 +02:00
Even Rouault
e03e947466
Avoid undefined shift behaviour if bit depth == 32 ( #895 )
...
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:003798,op:ext_AO,pos:128.jp2
2017-07-27 22:29:17 +02:00
Even Rouault
820fcfe8bb
opj_j2k_update_image_data / opj_tcd_update_tile_data: fix unaligned load/store ( #895 )
...
When components don't have the same width, unaligned load/store are possible.
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:001342,op:flip4,pos:162.jp2 of #895
2017-07-27 19:35:35 +02:00
Even Rouault
6c4e5bacb9
opj_pi_next_rpcl / opj_pi_next_pcrl / opj_pi_next_cprl: avoid int overflow ( #895 )
...
Fixes int overflow on openjeg-crashes-2017-07-27/id:000000,sig:08,src:000879,op:flip2,pos:128.jp2
2017-07-27 19:22:14 +02:00
Even Rouault
178194c093
opj_jp2_check_color(): replace assertion regarding mtyp by runtime check ( #672 , #895 )
...
Fixes test case openjeg-crashes-2017-07-27/id:000000,sig:06,src:000001,op:flip1,pos:808.jp2
of #895
2017-07-27 18:52:35 +02:00
Even Rouault
d6fa300997
Avoids undefined shift behaviour in m_dc_level_shift computation
...
Fixes warning found on clusterfuzz-testcase-minimized-5146316340461568
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2495
Credit to OSS Fuzz
2017-07-27 18:10:03 +02:00
Even Rouault
a88cbb6a0b
Fix various undefined shift behaviour in pi.c
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2496
Credit to OSS Fuzz
2017-07-26 22:53:59 +02:00
Even Rouault
6c5fe9407b
Avoid potential undefined shift behaviour in opj_bio_read() from opj_t2_read_packet_header()
...
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2485
Credit to OSS Fuzz
2017-07-26 22:22:44 +02:00
Even Rouault
94c4b7300c
T1 decoder: check code stream errors when predictable termination is enabled and emit a warning when errors are found
2017-07-26 21:43:32 +02:00
Even Rouault
5e795d90a1
Spelling fixes (patch by ka7, #890 , rebased on top of master)
2017-07-26 21:06:38 +02:00
Even Rouault
2be20ce7d9
Reformat src/bin/wx/OPJViewer/source/OPJThreads.cpp src/bin/wx/OPJViewer/source/imagjpeg2000.cpp wrapping/java/openjp2/JavaOpenJPEG.c
2017-07-26 21:04:01 +02:00
Even Rouault
94cc97c58a
opj_decompress: fix null pointer dereference on comps[].data on id_000167,sig_11,src_006079,op_havoc,rep_4 ( #939 )
2017-07-26 20:13:09 +02:00
Even Rouault
8d2e69e37d
Fix assertion / memory leak in opj_j2k_merge_ppt() on corrupted images ( #939 )
...
Fixes issue on id:000020,sig:06,src:001958,op:flip4,pos:149 that has two
SOT markers for the same tile with the same tile part number, causing
opj_j2k_merge_ppt() to be called several times.
2017-07-26 19:49:38 +02:00
Even Rouault
5c5319984b
Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl, opj_pi_next_cprl ( #938 )
...
Fixes crash on id_000004,sig_06,src_000679,op_arith8,pos_49,val_-17
2017-07-26 18:05:56 +02:00
Even Rouault
80818c39f5
Avoid index out of bounds access to pi->include[] ( #938 )
...
Fix id:000098,sig:11,src:005411,op:havoc,rep:2 test case
2017-07-26 12:50:51 +02:00
Even Rouault
d27ccf01c6
Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl and opj_pi_next_cprl ( #938 )
...
Fixes issues with id:000026,sig:08,src:002419,op:int32,pos:60,val:+32 and
id:000019,sig:08,src:001098,op:flip1,pos:49
2017-07-26 11:32:41 +02:00
Jeroen
90ced71601
install static libraries
2017-07-13 11:34:15 +02:00
Even Rouault
60f8ddf577
Comment fix
2017-07-06 12:11:37 +02:00
Even Rouault
a38c4496b6
Remove unused m_DA_x0, m_DA_y0, m_DA_x1, m_DA_y1 members from opj_j2k_dec structure
2017-07-05 21:33:42 +02:00
Even Rouault
c308de39ed
opj_j2k_read_header_procedure(): validate marker size to avoid excessive memory allocation attempt
2017-07-03 14:33:57 +02:00
Even Rouault
5736b1a368
Merge pull request #954 from jeroen/static
...
build both shared and static library
2017-07-03 12:03:29 +02:00
Even Rouault
8fa405ee15
IDWT 5x3: fix bug in AVX2 implementation ( #953 , #957 )
2017-06-30 00:03:05 +02:00
Even Rouault
533fa2fdee
Merge pull request #957 from rouault/idwt_53_improvements
...
IDWT 5x3 single-pass lifting and SSE2/AVX2 implementation
2017-06-26 12:45:34 +02:00
Even Rouault
6026786069
Style fix
2017-06-21 13:20:35 +02:00
Even Rouault
93aca84731
Fix mingw related warnings
2017-06-21 12:54:40 +02:00
Even Rouault
cdd3e83bae
Fix clang warning about extraneous parentheses
2017-06-21 12:49:01 +02:00
Even Rouault
fd0dc535ad
IDWT 5x3: generalize SSE2 version for AVX2
...
Thanks to our macros that abstract SSE use, the functions can use
AVX2 when available (at compile time)
This brings an extra 23% speed improvement on bench_dwt in 64bit builds
with AVX2 compared to SSE2.
2017-06-21 12:12:58 +02:00
Even Rouault
f6e3475cc9
dwt.c: small cleanup
2017-06-21 01:07:56 +02:00