Commit Graph

2705 Commits

Author SHA1 Message Date
Hugo Lefeuvre ca16fe5501 convertbmp: fix issues with zero bitmasks
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
with header size <= 56, all bitmask values keep their initialization
value 0. This may lead to various undefined behavior later e.g. when
doing 1 << (l_comp->prec - 1).

This issue does not affect files with bit count 16 because of a check
added in 16240e2 which sets default values to the color masks if they
are all 0.

This commit adds similar checks for the 32 bit case.

Also, if a BMP file declares compression 3 with header size >= 56 and
intentional 0 bitmasks, the same issue will be triggered in both the
16 and 32 bit count case.

This commit adds checks to bmp_read_info_header() rejecting BMP files
with "intentional" 0 bitmasks. These checks might be removed in the
future when proper handling of zero bitmasks will be available in
openjpeg2.

fixes #1057 (CVE-2018-5785)
2018-09-22 14:51:50 -04:00
Even Rouault 9d1a9dc20d
Merge pull request #1133 from robe2/robe2-pkgconfig-instructions
Add -DBUILD_PKGCONFIG_FILES to install instructions
2018-08-11 23:35:35 +02:00
Regina Obe 56f23b29a0
Add -DBUILD_PKGCONFIG_FILES to install instructions
Building under msys/mingw doesn't automatically install the pkg config files needed to build GDAL and other libraries
2018-08-11 16:59:30 -04:00
Even Rouault d2205ba2ee
Merge pull request #1121 from rouault/fix_tnsot_zero
Fix regression in reading files with TNsot == 0 (refs #1120)
2018-06-20 16:26:24 +02:00
Even Rouault 4170681661
Add test cases for https://github.com/uclouvain/openjpeg/issues/1120 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785 2018-06-20 15:28:53 +02:00
Even Rouault 0c913b0aba
Avoid assertion when running opj_j2k_merge_ppt() several time due to e6674f7ed66abdb32a0be5944f618722b6a7b5d5 revert. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785 2018-06-20 15:12:47 +02:00
Even Rouault 832dfd1866
Revert "Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz" (fixes #1120)
This reverts commit 9906fbf737.
which broke decoding of images where TNsot == 0
2018-06-20 14:54:20 +02:00
Even Rouault fd205f457b
opj_compress: try to make help message of -c switch clearer (fixes #1117) 2018-06-16 16:17:58 +02:00
Even Rouault 2c7eb4fed9 opj_compress: fix help message regarding default precinct size 2018-03-12 14:24:20 +01:00
Even Rouault a59512e099
Merge pull request #1104 from rouault/macos_fix
Fix Mac builds
2018-03-04 23:54:09 +01:00
Even Rouault 8ad94f689e Fix Mac builds 2018-03-04 23:30:53 +01:00
Even Rouault 3910be8a68
Merge pull request #1062 from radarhere/master
Fixed typos
2018-03-04 23:19:59 +01:00
Even Rouault e98d0a20f0
Merge pull request #1094 from kbabioch/fix/missing-format-string-parameter
mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
2018-03-04 23:16:04 +01:00
Even Rouault 31a347a9a0
Merge pull request #1096 from kbabioch/fix/opj_mj2_extract-help
opj_mj2_extract: Rename output_location to output_prefix
2018-03-04 23:13:45 +01:00
Even Rouault b02e0d9c4e
Merge pull request #1101 from kbabioch/fix/jp3d-sprintf-overflow
jp3d: Replace sprintf() by snprintf() in volumetobin()
2018-03-04 23:10:48 +01:00
Karol Babioch e351c22ee8 jp3d: Replace sprintf() by snprintf() in volumetobin()
This replaces the unsafe sprintf() invocation by the safer snprintf()
one, with the correct buffer size to prevent buffer overflows.

This fixes #1085.
2018-03-03 10:11:39 +01:00
Karol Babioch db6841a099 opj_mj2_extract: Rename output_location to output_prefix
This renames the argument in the help output, as the latter better describes
the the purpose of this argument.
2018-03-02 15:19:21 +01:00
Karol Babioch d4d78272eb mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
This adds the appropriate variables to the invocation of fprintf(). They were
specified in the format string, but were missing in the actual call. This
fixes #1074 and #1075.
2018-03-02 14:03:08 +01:00
Even Rouault 564fbfb678
Merge pull request #1090 from stweil/utf8
Convert files to UTF-8 encoding
2018-02-25 19:59:18 +01:00
Even Rouault bce2bd71c0 .travis.yml: temporarily disable OPJ_CI_ASAN=1 (refs #1091) 2018-02-25 19:20:38 +01:00
Stefan Weil b49fa93aa7 openjp3d: Convert ISO-8859 to UTF-8
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-02-25 18:27:01 +01:00
Stefan Weil 244f52483d jp3d: Convert ISO-8859 to UTF-8
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-02-25 18:25:51 +01:00
Even Rouault 90b1bffa7e
Merge pull request #1080 from setharnold/patch-1
fix unchecked integer multiplication overflow
2018-02-25 18:21:23 +01:00
Even Rouault 06f7d41243 bench_dwt: fix wrong index in iteration (issue found by Fethi Migaou) 2018-02-18 14:38:16 +01:00
setharnold 24d08ff94a
fix unchecked integer multiplication overflow
Hello, this fixes an unchecked integer multiplication overflow. Thanks.
2018-02-14 17:46:38 -08:00
Even Rouault da5e897232 Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions. Credit to Google Autofuzz project for providing test case 2018-02-11 13:31:04 +01:00
Andrew Murray cfc539512a Fixed typos 2018-02-09 21:02:25 +11:00
Even Rouault d96d2b9a25
Merge pull request #1055 from ideasman42/patch-1
Note that seek uses SEEK_SET behavior.
2018-02-05 17:31:49 +01:00
Campbell Barton 6941bc67cf
Note that seek uses SEEK_SET behavior. 2018-01-18 15:16:03 +11:00
Even Rouault 07d526e4cb opj_t2_encode_packet(): disable setting empty packet header bit to 1 when there is an empty packet
This effectively reverts commit 2609fb8077
since it has been reported that
such packets cause decoding issues with cinema J2K hardware
decoders: https://groups.google.com/forum/#!topic/openjpeg/M7M_fLX_Bco
2018-01-08 09:38:44 +01:00
Even Rouault bdcead70d5
Merge pull request #1047 from stweil/coverity
Fix resource leak (CID 179466)
2018-01-07 17:49:37 +01:00
Even Rouault e4c3595077
Merge pull request #1050 from szukw000/changes-for-obsolete-doxygen-tags
Some Doxygen tags are removed
2018-01-07 17:49:08 +01:00
Even Rouault d241298fdc Add known failure for Windows VC10 i386 target (refs #1043) 2018-01-07 17:45:53 +01:00
szukw000 6e6f8354a0 Some Doxygen tags are removed 2018-01-07 17:11:09 +01:00
Stefan Weil 4841292b5d Fix resource leak (CID 179466)
Coverity report:

CID 179466 (#1 of 1): Resource leak (RESOURCE_LEAK)
93. leaked_storage: Variable name going out of scope leaks the storage it points to.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-12-15 16:49:33 +01:00
Even Rouault 9d0d1a0128 Add known failure for i386 target (refs #1043) 2017-11-30 15:39:45 +01:00
Even Rouault 98cfdd3134 opj_j2k_read_cod: remove check for 'No more than one COD marker per tile' (fixes #1043)
This check was added per daed8cc919
to fix https://github.com/uclouvain/openjpeg/issues/476 , but it does not seem
to be necessary with latest master (issue476.jp2 doesn't cause memory issues),
and breaks reading legit files.
2017-11-30 14:48:34 +01:00
Even Rouault 936910cf7a Fix typo in comments 2017-11-30 14:26:17 +01:00
Even Rouault 370d024d10
Merge pull request #1042 from radarhere/cmake
Changed cmake version test to allow for cmake 2.8.11.x
2017-11-14 12:28:44 +01:00
Andrew Murray 157a3d8408 Changed cmake version test to allow for cmake 2.8.11.x 2017-11-14 21:45:09 +11:00
Even Rouault d9f8f7ba9a Merge pull request #1037 from gfiumara/master
Add missing fclose() statement in error condition.
2017-10-20 21:59:14 +02:00
Gregory Fiumara 10d22ec26d Add missing fclose() statement in error condition. 2017-10-20 15:31:45 -04:00
Even Rouault 53d265576a CMakeLists.txt: turn BUILD_PKGCONFIG_FILES ON by default on Windows if compiler is GCC 2017-10-14 22:42:12 +02:00
Even Rouault be6ea90e13 opj_j2k_set_threads(): add sanity check to error out if called after opj_read_header() 2017-10-12 01:16:23 +02:00
Even Rouault b8bf9bf789 Improve doc of opj_codec_set_threads() 2017-10-12 01:05:04 +02:00
Even Rouault 66297f07a4 Unix build: fix regression of 2.3.0 where a shared-only or static-only build lacks the installation target for the library (#1019, fixes regression introduced by 3dfc6ca2bc) 2017-10-09 11:40:43 +02:00
Even Rouault e8b6b54d1f opj_decompress -h: document -threads ALL_CPUS 2017-10-06 19:25:07 +02:00
Antonin Descampe acd915080e Finalise ABI check update for v2.3.0 2017-10-04 23:17:04 -03:00
Antonin Descampe d322cc876f Update ABI check for v2.3.0 2017-10-04 22:59:08 -03:00
Antonin Descampe 081de4b15f Update CHANGELOG.md 2017-10-04 19:23:14 -03:00