956 lines
32 KiB
HTML
956 lines
32 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="keywords" content="OpenJPEG, current, changes, changelog" />
|
|
<meta name="description" content="Log of changes in the package" />
|
|
<link rel="stylesheet" type="text/css" href="../../../css/common.css" />
|
|
<link rel="stylesheet" type="text/css" href="../../../css/changelog.css" />
|
|
|
|
|
|
<title>
|
|
OpenJPEG current: changelog
|
|
</title>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
<table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for OpenJPEG' href='../../../timeline/openjpeg/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(OpenJPEG)</h1></td></tr></table><hr/>
|
|
<br/>
|
|
<br/>
|
|
<h1>Changelog from Git</h1><br/><br/>
|
|
<div class='changelog'>
|
|
<pre class='wrap'>commit cbee7891a0ee664dd83ca09553d2e30da716a883
|
|
Merge: 172c8ae e8e258a
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-06-30 22:05:13 +0200
|
|
|
|
Merge pull request #1262 from rouault/fix_1261
|
|
|
|
opj_decompress: fix double-free on input directory with mix of valid and invalid images
|
|
|
|
commit e8e258ab049240c2dd1f1051b4e773b21e2d3dc0
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-06-28 14:19:59 +0200
|
|
|
|
opj_decompress: fix double-free on input directory with mix of valid and invalid images (CVE-2020-15389)
|
|
|
|
Fixes #1261
|
|
|
|
Credits to @Ruia-ruia for reporting and analysis.
|
|
|
|
commit 172c8ae5cf230ff74b5814daf29e5b577aa30a9b
|
|
Merge: e252438 b028e8d
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-06-22 22:35:44 +0200
|
|
|
|
Merge pull request #1260 from sebras/fix-issue-1259
|
|
|
|
openjp2: Plug image leak when failing to allocate codestream index.
|
|
|
|
commit e252438d5e23e6ba9561e73a5a4754713bfd626a
|
|
Merge: 98150d0 79b199a
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-06-22 22:12:08 +0200
|
|
|
|
Merge pull request #1258 from sebras/fix-issue-1257
|
|
|
|
openjp2: Plug memory leak when setting data as TLS fails.
|
|
|
|
commit b028e8d1ce7798f61c35b1b20d836f80d78a35d0
|
|
Author: Sebastian Rasmussen <sebras@gmail.com>
|
|
Date: 2020-06-23 02:18:19 +0800
|
|
|
|
openjp2: Plug image leak when failing to allocate codestream index.
|
|
|
|
This fixes issue #1259.
|
|
|
|
commit 79b199a8fee2a0d51d4389fcde3f5f4dd01971eb
|
|
Author: Sebastian Rasmussen <sebras@gmail.com>
|
|
Date: 2020-06-23 02:18:19 +0800
|
|
|
|
openjp2: Plug memory leak when setting data as TLS fails.
|
|
|
|
Previously the Tier 1 handle was not freed when setting it as
|
|
TLS failed.
|
|
|
|
This fixes issue #1257.
|
|
|
|
commit 98150d09422149305c9c8648337a744df5786fbe
|
|
Merge: 25fb144 93b9f72
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-06-22 21:03:23 +0200
|
|
|
|
Merge pull request #1256 from sebras/master
|
|
|
|
openjp2: Error out if failing to create Tier 1 handle.
|
|
|
|
commit 93b9f7236ce09614ea5edcb0f616f1b4095c4830
|
|
Author: Sebastian Rasmussen <sebras@gmail.com>
|
|
Date: 2020-06-23 02:18:19 +0800
|
|
|
|
openjp2: Error out if failing to create Tier 1 handle.
|
|
|
|
Previously when the handle failed to be created (e.g. when
|
|
opj_calloc returned NULL due to low memory), the code still
|
|
assumed that the t1 handle pointer was valid and dereferenced
|
|
NULL, causing a crash. After this commit OpenJPEG will instead
|
|
error out under this condition.
|
|
|
|
This fixes issue #1255.
|
|
|
|
commit 25fb144c42f97489594302e1e6ff886791e0a5b3
|
|
Author: szukw000 <szukw000@arcor.de>
|
|
Date: 2020-06-10 17:40:50 +0200
|
|
|
|
Testing for invalid values of width, height, numcomps (#1254)
|
|
|
|
commit 19ef7f26c43f689b627aad642da7f6150893b863
|
|
Merge: 1d358f2 f3ee448
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-05-20 21:10:55 +0200
|
|
|
|
Merge pull request #1211 from sebras/master
|
|
|
|
Add check to validate SGcod/SPcoc/SPcod parameter values.
|
|
|
|
commit 1d358f25c8eabbc7c274bcc148f4f5d594ec13fe
|
|
Merge: 64689d0 4edb8c8
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-05-20 20:29:31 +0200
|
|
|
|
Merge pull request #1246 from rouault/write_plt
|
|
|
|
Add support for generation of PLT markers in encoder
|
|
|
|
commit 4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-04-21 15:55:44 +0200
|
|
|
|
Add support for generation of PLT markers in encoder
|
|
|
|
* -PLT switch added to opj_compress
|
|
* Add a opj_encoder_set_extra_options() function that
|
|
accepts a PLT=YES option, and could be expanded later
|
|
for other uses.
|
|
|
|
-------
|
|
|
|
Testing with a Sentinel2 10m band, T36JTT_20160914T074612_B02.jp2,
|
|
coming from S2A_MSIL1C_20160914T074612_N0204_R135_T36JTT_20160914T081456.SAFE
|
|
|
|
Decompress it to TIFF:
|
|
```
|
|
opj_uncompress -i T36JTT_20160914T074612_B02.jp2 -o T36JTT_20160914T074612_B02.tif
|
|
```
|
|
|
|
Recompress it with similar parameters as original:
|
|
```
|
|
opj_compress -n 5 -c [256,256],[256,256],[256,256],[256,256],[256,256] -t 1024,1024 -PLT -i T36JTT_20160914T074612_B02.tif -o T36JTT_20160914T074612_B02_PLT.jp2
|
|
```
|
|
|
|
Dump codestream detail with GDAL dump_jp2.py utility (https://github.com/OSGeo/gdal/blob/master/gdal/swig/python/samples/dump_jp2.py)
|
|
```
|
|
python dump_jp2.py T36JTT_20160914T074612_B02.jp2 > /tmp/dump_sentinel2_ori.txt
|
|
python dump_jp2.py T36JTT_20160914T074612_B02_PLT.jp2 > /tmp/dump_sentinel2_openjpeg_plt.txt
|
|
```
|
|
|
|
The diff between both show very similar structure, and identical number of packets in PLT markers
|
|
|
|
Now testing with Kakadu (KDU803_Demo_Apps_for_Linux-x86-64_200210)
|
|
|
|
Full file decompression:
|
|
```
|
|
kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp.tif
|
|
|
|
Consumed 121 tile-part(s) from a total of 121 tile(s).
|
|
Consumed 80,318,806 codestream bytes (excluding any file format) = 5.329697
|
|
bits/pel.
|
|
Processed using the multi-threaded environment, with
|
|
8 parallel threads of execution
|
|
```
|
|
|
|
Partial decompresson (presumably using PLT markers):
|
|
```
|
|
kdu_expand -i T36JTT_20160914T074612_B02.jp2 -o tmp.pgm -region "{0.5,0.5},{0.01,0.01}"
|
|
kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp2.pgm -region "{0.5,0.5},{0.01,0.01}"
|
|
diff tmp.pgm tmp2.pgm && echo "same !"
|
|
```
|
|
|
|
-------
|
|
|
|
Funded by ESA for S2-MPC project
|
|
|
|
commit 64689d05dfaaf52105581d93fb1eb173b20829a4
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-04-18 18:25:44 +0200
|
|
|
|
struct opj_j2k: remove unused fields, and add some documentation
|
|
|
|
commit 774889a328abd5d3c280d9a897f1ac4c672cb0e5
|
|
Merge: b6b7e96 271a71e
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-04-17 00:39:46 +0200
|
|
|
|
Merge pull request #1244 from rouault/fix_pi_warnings
|
|
|
|
Fix warnings about signed/unsigned casts in pi.c
|
|
|
|
commit b6b7e96b0cf7819ef6a2e8ba2f8bdaaf938326ed
|
|
Author: szukw000 <szukw000@arcor.de>
|
|
Date: 2020-04-17 00:37:33 +0200
|
|
|
|
color_apply_icc_profile: add checks on the number of components (#1236)
|
|
|
|
commit 040e142288e90c9c2d46d25d0a27f828f968bb93
|
|
Author: Eduardo Barretto <edusbarretto@gmail.com>
|
|
Date: 2020-04-16 19:09:40 -0300
|
|
|
|
jp3d/jpwl/mj2/jpip: Fix resource leaks (#1226)
|
|
|
|
This issues were found by cppcheck and coverity.
|
|
|
|
commit 271a71ef0f1dd4740c9f4474279c7da8d15850c9
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-04-16 20:52:44 +0200
|
|
|
|
Fix warnings about signed/unsigned casts in pi.c
|
|
|
|
commit 221a801a97a3ea968a311f7905c18a1eb7f034c4
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-04-16 20:33:22 +0200
|
|
|
|
Rename mis-named function opj_tcd_get_encoded_tile_size() to opj_tcd_get_encoder_input_buffer_size()
|
|
|
|
commit 9c1cfb034a8cf24eb5e35fe9c7074fd079d14b80
|
|
Merge: 563ecfb 1c54024
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-04-01 22:00:19 +0200
|
|
|
|
Merge pull request #1240 from rouault/fix_crash_opj_decompress
|
|
|
|
opj_decompress: add sanity checks to avoid segfault in case of decoding error
|
|
|
|
commit 1c54024165fd5db0e6047f28903274eb27d0980f
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-04-01 20:58:55 +0200
|
|
|
|
opj_decompress: add sanity checks to avoid segfault in case of decoding error
|
|
|
|
Prevent crashes like:
|
|
opj_decompress -i 0722_5-1_2019.jp2 -o out.ppm -r 4 -t 0
|
|
|
|
where 0722_5-1_2019.jp2 is
|
|
https://drive.google.com/file/d/1ZxOUZg2-FKjYwa257VFLMpTXRWxEoP0a/view?usp=sharing
|
|
|
|
commit 563ecfb55ca77c0fc5ea19e4885e00f55ec82ca9
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-02-13 09:59:17 +0100
|
|
|
|
opj_compress: improve help message regarding new IMF switch
|
|
|
|
commit 4e5501b3c72a98b3117e68263afb922092c309cf
|
|
Merge: 2888145 84f3beb
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-02-13 09:54:20 +0100
|
|
|
|
Merge pull request #1235 from rouault/imf
|
|
|
|
Implement writing of IMF profiles
|
|
|
|
commit 84f3bebbff515f2b00ccf0c817930ebb10b91760
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-02-12 15:55:16 +0100
|
|
|
|
Implement writing of IMF profiles
|
|
|
|
Add -IMF switch to opj_compress as well
|
|
|
|
commit fffe32adcb9f41a00805f4120012be9625ba450a
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-02-12 15:55:02 +0100
|
|
|
|
openjpeg.h: fix values of OPJ_PROFILE_IMF_ constants
|
|
|
|
commit 28881453f6b1ae68a357557999498a11a2bc8b7e
|
|
Merge: 647f9b1 b5cb419
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-02-10 11:20:20 +0100
|
|
|
|
Merge pull request #1234 from rouault/md5_libtiff_4_1
|
|
|
|
tests: add alternate checksums for libtiff 4.1
|
|
|
|
commit b5cb419faff300fdbc0b4e98dab5c9010db6f39d
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-02-07 21:53:10 +0100
|
|
|
|
tests: add alternate checksums for libtiff 4.1
|
|
|
|
Fixes #1233
|
|
|
|
libtiff 4.1 slightly modifies the way it generates files. So
|
|
add the new expected md5sum.
|
|
|
|
Not super elegant solution admitedly.
|
|
|
|
commit 647f9b118d12819c63635eea65909b0e49e0f201
|
|
Merge: b63a433 05f9b91
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-01-30 13:07:31 +0100
|
|
|
|
Merge pull request #1232 from rouault/fix_1231
|
|
|
|
opj_tcd_init_tile(): avoid integer overflow
|
|
|
|
commit 05f9b91e60debda0e83977e5e63b2e66486f7074
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-01-30 00:59:57 +0100
|
|
|
|
opj_tcd_init_tile(): avoid integer overflow
|
|
|
|
That could lead to later assertion failures.
|
|
|
|
Fixes #1231 / CVE-2020-8112
|
|
|
|
commit b63a433ba168bad5fa10e83de04d6305e6a222e2
|
|
Author: Max Moroz <dor3s1@gmail.com>
|
|
Date: 2020-01-13 09:07:54 -0800
|
|
|
|
tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230)
|
|
|
|
This was changed some time ago (https://google.github.io/oss-fuzz/getting-started/new-project-guide/) but the build didn't fail as there is a fallback mechanism. The main advantage of the new approach is that for libFuzzer this produces more performant binaries (as `$LIB_FUZZING_ENGINE` expands into `-fsanitize=fuzzer`, which links libFuzzer from the compiler-rt, allowing better optimization tricks).
|
|
|
|
I'm also experimenting with dataflow (https://github.com/google/oss-fuzz/issues/1632) on your project, and the dataflow config doesn't have a fallback (as it's a new configuration), therefore I'm proposing a change to migrate from `-lFuzzingEngine` to `$LIB_FUZZING_ENGINE`.
|
|
|
|
commit 46c1eff9e98bbcf794d042f7b2e3d45556e805ce
|
|
Merge: ac37373 024b840
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-01-11 11:29:11 +0100
|
|
|
|
Merge pull request #1229 from rouault/fix_1228
|
|
|
|
opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
|
|
|
|
commit 024b8407392cb0b82b04b58ed256094ed5799e04
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2020-01-11 01:51:19 +0100
|
|
|
|
opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
|
|
|
|
commit ac3737372a00b8778b528094dd5bd58a74f67d42
|
|
Merge: 9701b33 4cb1f66
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-11-17 13:08:41 +0100
|
|
|
|
Merge pull request #1217 from rouault/fix_ossfuzz_18979
|
|
|
|
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
|
|
|
|
commit 9701b3305db58d35e4446946309f88937e2f5342
|
|
Author: Robert Ancell <robert.ancell@gmail.com>
|
|
Date: 2019-11-17 15:09:59 +1300
|
|
|
|
JPWL: convert: Fix buffer overflow reading an image file less than four characters (#1196)
|
|
|
|
Fixes #1068
|
|
|
|
commit cb332992a7c84316824b1c4810103ee4f190937c
|
|
Merge: 5875a6b 016f80a
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-11-17 02:47:26 +0100
|
|
|
|
Merge pull request #1218 from rouault/fix_broken_abi_check
|
|
|
|
abi-check.sh: fix false postive ABI error, and display output error log
|
|
|
|
commit 016f80ae2106c2b1b5bca08a684b0bd082e231e6
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-11-17 01:35:26 +0100
|
|
|
|
abi-check.sh: fix false postive ABI error, and display output error log
|
|
|
|
There is currently a false positive ABI check failure between v2.3.1
|
|
and current. It disappears when removing the generated reports of v2.3.1
|
|
and recreating them. It is likely that some tooling has evolved since
|
|
the initial v2.3.1 report generation.
|
|
|
|
commit 4cb1f663049aab96e122d1ff16f601d0cc0be976
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-11-17 01:18:26 +0100
|
|
|
|
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
|
|
|
|
commit 5875a6b44618fb7dfd5cd6d742533eaee2014060
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-10-03 11:04:30 +0200
|
|
|
|
opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151)
|
|
|
|
commit f3ee448815eb992b8d4746e32c05e8289f30415f
|
|
Author: Sebastian Rasmussen <sebras@gmail.com>
|
|
Date: 2018-10-31 15:56:11 +0100
|
|
|
|
openjp2/j2k: Validate all SGcod/SPcod/SPcoc parameter values.
|
|
|
|
Previously the multiple component transformation SGcod(C)
|
|
and wavelet transformation SPcod(H)/SPcoc(E) parameter
|
|
values were never checked, allowing for out of range values.
|
|
|
|
The lack of validation allowed the bit stream provided in
|
|
issue #1158 through. After this commit an error message
|
|
points to the marker segments' parameters as being out of
|
|
range.
|
|
|
|
input/nonregression/edf_c2_20.jp2 contains an SPcod(H) value
|
|
of 17, but according to Table A-20 of the specification only
|
|
values 0 and 1 are valid. input/nonregression/issue826.jp2
|
|
contains a SGcod(B) value of 2, but according to Table A-17
|
|
of the specification only values 0 and 1 are valid.
|
|
input/nonregression/oss-fuzz2785.jp2 contains a SGcod(B)
|
|
value of 32, but it is likewise limited to 0 or 1. These test
|
|
cases have been updated to consistently fail to parse the
|
|
headers since they contain out of bounds values.
|
|
|
|
This fixes issue #1210.
|
|
|
|
commit d801bd4e6287d13b65a48775ebd43fca350b21d9
|
|
Author: Sebastian Rasmussen <sebras@gmail.com>
|
|
Date: 2019-09-04 01:18:37 +0200
|
|
|
|
openjp2/j2k: Make comments adhere to specification.
|
|
|
|
The function is used to read both SPcod and SPcoc, so all
|
|
comments should refer to both marker segments' parameter names.
|
|
|
|
commit e66125fe260deee49fdf6e9978d9bd29871dd5bb
|
|
Merge: 8db9d25 b275196
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-09-03 17:03:54 +0200
|
|
|
|
Merge pull request #1164 from sebras/master
|
|
|
|
openjp2/j2k: Report error if all wanted components are not decoded.
|
|
|
|
commit 8db9d25dcf360528fd1e094e4f9274c0635e90cc
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-06-15 09:55:16 +0200
|
|
|
|
opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)
|
|
|
|
commit f4d65783593fd0490e0fdb9f323f2d5aff81a21d
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-05-26 11:06:01 +0200
|
|
|
|
test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)
|
|
|
|
commit 9b7620ee7a3d72bfcdbebd78e607c5ee8aa7fade
|
|
Merge: 4f447c6 3aef207
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-26 19:52:52 +0200
|
|
|
|
Merge pull request #1185 from Young-X/fix
|
|
|
|
Fix several potential vulnerabilities
|
|
|
|
commit 4f447c6e18444a4182f7844d25033861eee8df55
|
|
Merge: 5dd75f6 a94cfbd
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 15:32:22 +0200
|
|
|
|
Merge pull request #1192 from rouault/poc_fixes
|
|
|
|
compression: emit POC marker when only one single POC is requested (f…
|
|
|
|
commit a94cfbd5334922ca5b63cfac9d2e5e0ec98155be
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 14:07:46 +0200
|
|
|
|
Change opj_j2k_check_poc_val() to take into account tile number
|
|
|
|
commit bdec5ae2723369be5abba7aaae398aa4ae3225cc
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 01:29:38 +0200
|
|
|
|
Add test for previous commit
|
|
|
|
commit 6423163141412cb93364de4e33d90bcffefa0885
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 01:27:02 +0200
|
|
|
|
Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
|
|
|
|
commit b86717fdd36b628ea7ecb5c24f7a086bf5bcd3a7
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 00:40:04 +0200
|
|
|
|
Add test for previous commit
|
|
|
|
commit 23883458b9de2c57fc1890b42efbd0832c8fbe3b
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 00:34:44 +0200
|
|
|
|
opj_j2k_check_poc_val(): prevent potential write outside of allocated array
|
|
|
|
commit 6589c609f6d6b3743715fceefbdac6e4ecb76aee
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 00:28:05 +0200
|
|
|
|
opj_j2k_check_poc_val(): fix starting index for checking layer dimension
|
|
|
|
The standard mandates that the layer index always starts at zero for every
|
|
progression.
|
|
|
|
commit 1e3a57563defb6aa7cf24ffd2394d4a820e13bda
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-25 00:17:13 +0200
|
|
|
|
compression: emit POC marker when only one single POC is requested (fixes #1191)
|
|
|
|
commit 5dd75f62e20efff9f094fd1dbd0d4d00e8b37689
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-04-23 16:52:21 +0200
|
|
|
|
j2k.c: use correct naming convention for total_data_size variable
|
|
|
|
commit 3aef207f90e937d4931daf6d411e092f76d82e66
|
|
Author: Young Xiao <YangX92@hotmail.com>
|
|
Date: 2019-03-16 20:09:59 +0800
|
|
|
|
bmp_read_rle4_data(): avoid potential infinite loop
|
|
|
|
commit 21399f6b7d318fcdf4406d5e88723c4922202aa3
|
|
Author: Young Xiao <YangX92@hotmail.com>
|
|
Date: 2019-03-16 19:57:27 +0800
|
|
|
|
convertbmp: detect invalid file dimensions early
|
|
|
|
width/length dimensions read from bmp headers are not necessarily
|
|
valid. For instance they may have been maliciously set to very large
|
|
values with the intention to cause DoS (large memory allocation, stack
|
|
overflow). In these cases we want to detect the invalid size as early
|
|
as possible.
|
|
|
|
This commit introduces a counter which verifies that the number of
|
|
written bytes corresponds to the advertized width/length.
|
|
|
|
See commit 8ee335227bbc for details.
|
|
|
|
Signed-off-by: Young Xiao <YangX92@hotmail.com>
|
|
|
|
commit d0dd894ae24d0f2f09072adf1b966033dd64672d
|
|
Author: Antonin Descampe <antonin@gmail.com>
|
|
Date: 2019-04-02 15:37:38 +0200
|
|
|
|
Comment back opj_previous_version in abi_check.sh
|
|
|
|
commit 291e45bb045e63334729ad9a894595f8e1e2b2c7
|
|
Author: Antonin Descampe <antonin@gmail.com>
|
|
Date: 2019-04-02 15:12:59 +0200
|
|
|
|
Update version number for automatic abi check
|
|
|
|
commit 57096325457f96d8cd07bd3af04fe81d7a2ba788
|
|
Author: Antonin Descampe <antonin@gmail.com>
|
|
Date: 2019-04-02 14:45:15 +0200
|
|
|
|
update token for appveyor auto release
|
|
|
|
commit 8b9a89bc2e61652d30bbc56673f8f03ef464430f
|
|
Author: Antonin Descampe <antonin@gmail.com>
|
|
Date: 2019-04-02 14:25:09 +0200
|
|
|
|
update token for automatic release
|
|
|
|
commit d1d422c126cbc2a5435340bd85f4b52ff0477101
|
|
Author: Antonin Descampe <antonin@gmail.com>
|
|
Date: 2019-04-02 12:08:52 +0200
|
|
|
|
Update for release 2.3.1
|
|
|
|
commit d3b0b8927acf2e050a6379320d36fc3bb3751fe3
|
|
Author: Antonin Descampe <info@openjpeg.org>
|
|
Date: 2019-04-02 11:03:16 +0200
|
|
|
|
Update for release 2.3.1
|
|
|
|
commit c7798bb0c636c89ab7f0bab4d89e7f0136e0e55a
|
|
Author: Antonin Descampe <info@openjpeg.org>
|
|
Date: 2019-04-02 11:02:20 +0200
|
|
|
|
update for release 2.3.1
|
|
|
|
commit 8196ab531e79602fe3c947d09d3240c25c358731
|
|
Author: Antonin Descampe <info@openjpeg.org>
|
|
Date: 2019-04-02 11:00:58 +0200
|
|
|
|
Update BUILD version for release 2.3.1
|
|
|
|
commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
|
|
Merge: d6b8aed 5151426
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2019-03-29 12:25:39 +0100
|
|
|
|
Merge pull request #1188 from rouault/fix_abi_check
|
|
|
|
abi-check.sh: fix broken download URL
|
|
|
|
commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-03-29 11:53:23 +0100
|
|
|
|
abi-check.sh: fix broken download URL
|
|
|
|
commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
|
|
Merge: 25b815d a1d32a5
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2019-03-29 11:52:38 +0100
|
|
|
|
Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
|
|
|
|
opj_t1_encode_cblks: fix UBSAN signed integer overflow
|
|
|
|
commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-03-29 11:17:39 +0100
|
|
|
|
opj_t1_encode_cblks: fix UBSAN signed integer overflow
|
|
|
|
Fixes #1053 / CVE-2018-5727
|
|
|
|
Note: I don't consider this issue to be a security vulnerability, in
|
|
practice.
|
|
At least with gcc or clang compilers on x86_64 which generate the same
|
|
assembly code with or without that fix.
|
|
|
|
commit 25b815dc460dbf9def7e6b822c8998727094f85a
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-03-29 10:44:35 +0100
|
|
|
|
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
|
|
|
|
This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
|
|
|
|
This commit doesn't compile due to missing OPJ_UINT64 type
|
|
|
|
commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2019-03-29 10:40:58 +0100
|
|
|
|
Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
|
|
|
|
This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
|
|
|
|
The commit didn't compile. include_size is not defined in openmj2
|
|
|
|
commit b2751967ecabf8d8856e85ab91e25d4f235e2eb3
|
|
Author: Sebastian Rasmussen <sebras@gmail.com>
|
|
Date: 2018-10-31 20:22:11 +0100
|
|
|
|
openjp2/j2k: Report error if all wanted components are not decoded.
|
|
|
|
Previously the caller had to check whether each component data had
|
|
been decoded. This means duplicating the checking in every user of
|
|
openjpeg which is unnecessary. If the caller wantes to decode all
|
|
or a set of, or a specific component then openjpeg ought to error
|
|
out if it was unable to do so.
|
|
|
|
Fixes #1158.
|
|
|
|
commit 51f097e6d5754ddae93e716276fe8176b44ec548
|
|
Merge: e7640f5 8ee3352
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-12-21 16:41:00 +0100
|
|
|
|
Merge pull request #1172 from hlef/master
|
|
|
|
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
|
|
|
|
commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
|
|
Author: Hugo Lefeuvre <hle@debian.org>
|
|
Date: 2018-12-14 04:58:40 +0100
|
|
|
|
convertbmp: detect invalid file dimensions early
|
|
|
|
width/length dimensions read from bmp headers are not necessarily
|
|
valid. For instance they may have been maliciously set to very large
|
|
values with the intention to cause DoS (large memory allocation, stack
|
|
overflow). In these cases we want to detect the invalid size as early
|
|
as possible.
|
|
|
|
This commit introduces a counter which verifies that the number of
|
|
written bytes corresponds to the advertized width/length.
|
|
|
|
Fixes #1059 (CVE-2018-6616).
|
|
|
|
commit e7640f58f122d1228f3d750864543ad4703e18fc
|
|
Merge: e0f5212 05be308
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-12-07 21:27:38 +0100
|
|
|
|
Merge pull request #1168 from Young-X/fix_dev
|
|
|
|
Fix multiple potential vulnerabilities and bugs
|
|
|
|
commit 05be3084460e46282ee63f04c72c451f3271fd28
|
|
Author: Young Xiao <YangX92@hotmail.com>
|
|
Date: 2018-11-28 14:44:06 +0800
|
|
|
|
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
|
|
and fixes unaligned load
|
|
|
|
Signed-off-by: Young Xiao <YangX92@hotmail.com>
|
|
|
|
commit bd88611ed9ad7144ec4f3de54790cd848175891b
|
|
Author: Young_X <YangX92@hotmail.com>
|
|
Date: 2018-11-23 17:15:05 +0800
|
|
|
|
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
|
|
|
|
Signed-off-by: Young_X <YangX92@hotmail.com>
|
|
|
|
commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
|
|
Author: Young_X <YangX92@hotmail.com>
|
|
Date: 2018-11-23 17:12:06 +0800
|
|
|
|
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
|
|
|
|
Signed-off-by: Young_X <YangX92@hotmail.com>
|
|
|
|
commit c58df149900df862806d0e892859b41115875845
|
|
Author: Young_X <YangX92@hotmail.com>
|
|
Date: 2018-11-23 16:24:19 +0800
|
|
|
|
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
|
|
opj_get_encoding_parameters
|
|
|
|
Signed-off-by: Young_X <YangX92@hotmail.com>
|
|
|
|
commit c277159986c80142180fbe5efb256bbf3bdf3edc
|
|
Author: Young_X <YangX92@hotmail.com>
|
|
Date: 2018-11-23 16:12:53 +0800
|
|
|
|
[MJ2] Avoid index out of bounds access to pi->include[]
|
|
|
|
Signed-off-by: Young_X <YangX92@hotmail.com>
|
|
|
|
commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
|
|
Merge: 92023cd 2e5ab1d
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-11-28 00:04:30 +0100
|
|
|
|
Merge pull request #1170 from rouault/fix_color_apply_icc_profile
|
|
|
|
color_apply_icc_profile: avoid potential heap buffer overflow
|
|
|
|
commit 2e5ab1d9987831c981ff05862e8ccf1381ed58ea
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2018-11-27 23:31:30 +0100
|
|
|
|
color_apply_icc_profile: avoid potential heap buffer overflow
|
|
|
|
Derived from a patch by Thuan Pham
|
|
|
|
commit 46822d0eddc3324b2a056bc60ffa997027bebd66
|
|
Author: Young_X <YangX92@hotmail.com>
|
|
Date: 2018-11-23 15:58:23 +0800
|
|
|
|
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
|
|
|
|
Signed-off-by: Young_X <YangX92@hotmail.com>
|
|
|
|
commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
|
|
Author: Young_X <YangX92@hotmail.com>
|
|
Date: 2018-11-23 15:02:26 +0800
|
|
|
|
[JPWL] fix CVE-2018-16375
|
|
|
|
Signed-off-by: Young_X <YangX92@hotmail.com>
|
|
|
|
commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
|
|
Author: Young_X <YangX92@hotmail.com>
|
|
Date: 2018-11-23 14:47:36 +0800
|
|
|
|
[MJ2] To avoid divisions by zero / undefined behaviour on shift
|
|
|
|
Signed-off-by: Young_X <YangX92@hotmail.com>
|
|
|
|
commit 92023cd6c377e0384a7725949b25655d4d94dced
|
|
Merge: c196b23 cab352e
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-11-16 09:42:19 +0100
|
|
|
|
Merge pull request #1160 from hlef/master
|
|
|
|
jp3d/jpwl convert: fix write stack buffer overflow
|
|
|
|
commit c196b23b90321b5c7e3238294607a2e8626c503f
|
|
Author: ichlubna <43234438+ichlubna@users.noreply.github.com>
|
|
Date: 2018-11-16 09:40:31 +0100
|
|
|
|
openjp3d: Int overflow fixed (#1159)
|
|
|
|
When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
|
|
|
|
commit cab352e249ed3372dd9355c85e837613fff98fa2
|
|
Author: Hugo Lefeuvre <hle@debian.org>
|
|
Date: 2018-11-07 18:48:29 +0100
|
|
|
|
jp2: convert: fix null pointer dereference
|
|
|
|
Tile components in a JP2 image might have null data pointer by defining a
|
|
zero component size (for example using large horizontal or vertical
|
|
sampling periods). This null data pointer leads to null image component
|
|
data pointer, causing crash when dereferenced without != null check in
|
|
imagetopnm.
|
|
|
|
Add != null check.
|
|
|
|
This commit addresses #1152 (CVE-2018-18088).
|
|
|
|
commit 0bc90e4062a5f9258c91eca018c019b179066c62
|
|
Author: Hugo Lefeuvre <hle@debian.org>
|
|
Date: 2018-10-22 16:59:41 +0200
|
|
|
|
jp3d/jpwl convert: fix write stack buffer overflow
|
|
|
|
Missing buffer length formatter in fscanf call might lead to write
|
|
stack buffer overflow.
|
|
|
|
fixes #1044 (CVE-2017-17480)
|
|
|
|
commit 948332e6ed17565100d1df5f6fdbf66865218e36
|
|
Author: Stefan Weil <sw@weilnetz.de>
|
|
Date: 2018-10-31 20:44:30 +0100
|
|
|
|
Fix some potential overflow issues (#1161)
|
|
|
|
* Fix some potential overflow issues
|
|
|
|
Put sizeof to the beginning of the multiplication to enforce that
|
|
size_t instead of smaller integer types is used for the calculation.
|
|
|
|
This fixes warnings from LGTM:
|
|
|
|
Multiplication result may overflow 'unsigned int'
|
|
before it is converted to 'unsigned long'.
|
|
|
|
It also allows removing some type casts.
|
|
|
|
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
|
|
|
* Fix code indentation
|
|
|
|
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
|
|
|
commit e52909f4c7896c5efff3340d707c12d0df55d3f9
|
|
Merge: cd900d9 943db0f
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-10-31 20:41:52 +0100
|
|
|
|
Merge pull request #1163 from nforro/memory-and-resource-leaks
|
|
|
|
Fix several memory and resource leaks
|
|
|
|
commit 943db0f1c28ca6a7df6d18483f97166a03be9bf7
|
|
Author: Nikola Forró <nforro@redhat.com>
|
|
Date: 2018-10-31 13:39:05 +0100
|
|
|
|
Fix several memory and resource leaks
|
|
|
|
Signed-off-by: Nikola Forró <nforro@redhat.com>
|
|
|
|
commit cd900d96618ab77e79812db654731dd6b5fc7bd8
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2018-10-18 11:45:45 +0200
|
|
|
|
opj_thread_pool_setup(): fix infinite waiting if a thread creation failed
|
|
|
|
commit 0e6a5553cfef21b764d289585af2c6934a95456b
|
|
Merge: 8fc09e5 ca16fe5
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-09-22 23:54:12 +0200
|
|
|
|
Merge pull request #1148 from hlef/master
|
|
|
|
CVE-2018-5785: fix issues with zero bitmasks
|
|
|
|
commit 8fc09e50e557fa6af4c099b9c6d36bb1071ee1ed
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2018-09-22 23:47:56 +0200
|
|
|
|
opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125)
|
|
|
|
commit aaf48ee6bae91032f025f9ac11592c4085a0d96b
|
|
Merge: ee827ad cc38247
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2018-09-22 23:12:50 +0200
|
|
|
|
Merge branch 'pr1095'
|
|
|
|
commit cc3824767bde397fedb8a1ae4786a222ba860c8d
|
|
Author: Karol Babioch <kbabioch@suse.de>
|
|
Date: 2018-03-02 14:40:58 +0100
|
|
|
|
opj_mj2_extract: Check provided output prefix for length
|
|
|
|
This uses snprintf() with correct buffer length instead of sprintf(), which
|
|
prevents a buffer overflow when providing a long output prefix. Furthermore
|
|
the program exits with an error when the provided output prefix is too long.
|
|
|
|
Fixes #1088.
|
|
|
|
commit ee827ad3f32469d4854b2da71c9703a2af359f9f
|
|
Merge: 5d94bcd 1eb9a57
|
|
Author: Even Rouault <even.rouault@spatialys.com>
|
|
Date: 2018-09-22 23:05:54 +0200
|
|
|
|
Merge branch 'pr1107'
|
|
|
|
commit 1eb9a57ac1216209a4d9adf87bc47ba19810d3b3
|
|
Author: szukw000 <szukw000@arcor.de>
|
|
Date: 2018-03-13 18:11:54 +0100
|
|
|
|
opj_mj2_extract: Avoid segfault for long filenames
|
|
|
|
commit 5d94bcd89c6e281614955c56cbfebb11b866a9dd
|
|
Merge: b54c06f 0fa7ebe
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-09-22 22:59:36 +0200
|
|
|
|
Merge pull request #1136 from reverson/master
|
|
|
|
Cast on uint ceildiv
|
|
|
|
commit b54c06fb350d318c8e74755710b3480eae3b9911
|
|
Merge: 17bbb0e 4aaf52e
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-09-22 22:59:17 +0200
|
|
|
|
Merge pull request #1119 from stweil/ssize_t
|
|
|
|
Use local type declaration for POSIX standard type only for MS compiler
|
|
|
|
commit 17bbb0e23ff03bb722914841a9b962b21fe7a310
|
|
Merge: ccc4441 3d6ffaf
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-09-22 22:55:33 +0200
|
|
|
|
Merge pull request #1128 from stweil/typos
|
|
|
|
Fix some typos in code comments and documentation
|
|
|
|
commit ccc4441aeb7bf4928e55bd543fab8de662f6d5e7
|
|
Merge: c6ee006 24fd3ce
|
|
Author: Even Rouault <even.rouault@mines-paris.org>
|
|
Date: 2018-09-22 22:54:51 +0200
|
|
|
|
Merge pull request #1140 from bukatlib/fix_relpath
|
|
|
|
Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file
|
|
|
|
...</pre></div>
|
|
|
|
</body>
|
|
</html>
|