904 lines
31 KiB
HTML
904 lines
31 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||
<head>
|
||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
<meta name="keywords" content="OpenJPEG, current, changes, changelog" />
|
||
<meta name="description" content="Log of changes in the package" />
|
||
<link rel="stylesheet" type="text/css" href="../../../css/common.css" />
|
||
<link rel="stylesheet" type="text/css" href="../../../css/changelog.css" />
|
||
|
||
|
||
<title>
|
||
OpenJPEG current: changelog
|
||
</title>
|
||
|
||
</head>
|
||
|
||
<body>
|
||
<table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for OpenJPEG' href='../../../timeline/openjpeg/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(OpenJPEG)</h1></td></tr></table><hr/>
|
||
<br/>
|
||
<br/>
|
||
<h1>Changelog from Git</h1><br/><br/>
|
||
<div class='changelog'>
|
||
<pre class='wrap'>commit b6b7e96b0cf7819ef6a2e8ba2f8bdaaf938326ed
|
||
Author: szukw000 <szukw000@arcor.de>
|
||
Date: 2020-04-17 00:37:33 +0200
|
||
|
||
color_apply_icc_profile: add checks on the number of components (#1236)
|
||
|
||
commit 040e142288e90c9c2d46d25d0a27f828f968bb93
|
||
Author: Eduardo Barretto <edusbarretto@gmail.com>
|
||
Date: 2020-04-16 19:09:40 -0300
|
||
|
||
jp3d/jpwl/mj2/jpip: Fix resource leaks (#1226)
|
||
|
||
This issues were found by cppcheck and coverity.
|
||
|
||
commit 221a801a97a3ea968a311f7905c18a1eb7f034c4
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-04-16 20:33:22 +0200
|
||
|
||
Rename mis-named function opj_tcd_get_encoded_tile_size() to opj_tcd_get_encoder_input_buffer_size()
|
||
|
||
commit 9c1cfb034a8cf24eb5e35fe9c7074fd079d14b80
|
||
Merge: 563ecfb 1c54024
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-04-01 22:00:19 +0200
|
||
|
||
Merge pull request #1240 from rouault/fix_crash_opj_decompress
|
||
|
||
opj_decompress: add sanity checks to avoid segfault in case of decoding error
|
||
|
||
commit 1c54024165fd5db0e6047f28903274eb27d0980f
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-04-01 20:58:55 +0200
|
||
|
||
opj_decompress: add sanity checks to avoid segfault in case of decoding error
|
||
|
||
Prevent crashes like:
|
||
opj_decompress -i 0722_5-1_2019.jp2 -o out.ppm -r 4 -t 0
|
||
|
||
where 0722_5-1_2019.jp2 is
|
||
https://drive.google.com/file/d/1ZxOUZg2-FKjYwa257VFLMpTXRWxEoP0a/view?usp=sharing
|
||
|
||
commit 563ecfb55ca77c0fc5ea19e4885e00f55ec82ca9
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-02-13 09:59:17 +0100
|
||
|
||
opj_compress: improve help message regarding new IMF switch
|
||
|
||
commit 4e5501b3c72a98b3117e68263afb922092c309cf
|
||
Merge: 2888145 84f3beb
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-02-13 09:54:20 +0100
|
||
|
||
Merge pull request #1235 from rouault/imf
|
||
|
||
Implement writing of IMF profiles
|
||
|
||
commit 84f3bebbff515f2b00ccf0c817930ebb10b91760
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-02-12 15:55:16 +0100
|
||
|
||
Implement writing of IMF profiles
|
||
|
||
Add -IMF switch to opj_compress as well
|
||
|
||
commit fffe32adcb9f41a00805f4120012be9625ba450a
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-02-12 15:55:02 +0100
|
||
|
||
openjpeg.h: fix values of OPJ_PROFILE_IMF_ constants
|
||
|
||
commit 28881453f6b1ae68a357557999498a11a2bc8b7e
|
||
Merge: 647f9b1 b5cb419
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-02-10 11:20:20 +0100
|
||
|
||
Merge pull request #1234 from rouault/md5_libtiff_4_1
|
||
|
||
tests: add alternate checksums for libtiff 4.1
|
||
|
||
commit b5cb419faff300fdbc0b4e98dab5c9010db6f39d
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-02-07 21:53:10 +0100
|
||
|
||
tests: add alternate checksums for libtiff 4.1
|
||
|
||
Fixes #1233
|
||
|
||
libtiff 4.1 slightly modifies the way it generates files. So
|
||
add the new expected md5sum.
|
||
|
||
Not super elegant solution admitedly.
|
||
|
||
commit 647f9b118d12819c63635eea65909b0e49e0f201
|
||
Merge: b63a433 05f9b91
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-01-30 13:07:31 +0100
|
||
|
||
Merge pull request #1232 from rouault/fix_1231
|
||
|
||
opj_tcd_init_tile(): avoid integer overflow
|
||
|
||
commit 05f9b91e60debda0e83977e5e63b2e66486f7074
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-01-30 00:59:57 +0100
|
||
|
||
opj_tcd_init_tile(): avoid integer overflow
|
||
|
||
That could lead to later assertion failures.
|
||
|
||
Fixes #1231 / CVE-2020-8112
|
||
|
||
commit b63a433ba168bad5fa10e83de04d6305e6a222e2
|
||
Author: Max Moroz <dor3s1@gmail.com>
|
||
Date: 2020-01-13 09:07:54 -0800
|
||
|
||
tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230)
|
||
|
||
This was changed some time ago (https://google.github.io/oss-fuzz/getting-started/new-project-guide/) but the build didn't fail as there is a fallback mechanism. The main advantage of the new approach is that for libFuzzer this produces more performant binaries (as `$LIB_FUZZING_ENGINE` expands into `-fsanitize=fuzzer`, which links libFuzzer from the compiler-rt, allowing better optimization tricks).
|
||
|
||
I'm also experimenting with dataflow (https://github.com/google/oss-fuzz/issues/1632) on your project, and the dataflow config doesn't have a fallback (as it's a new configuration), therefore I'm proposing a change to migrate from `-lFuzzingEngine` to `$LIB_FUZZING_ENGINE`.
|
||
|
||
commit 46c1eff9e98bbcf794d042f7b2e3d45556e805ce
|
||
Merge: ac37373 024b840
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-01-11 11:29:11 +0100
|
||
|
||
Merge pull request #1229 from rouault/fix_1228
|
||
|
||
opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
|
||
|
||
commit 024b8407392cb0b82b04b58ed256094ed5799e04
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2020-01-11 01:51:19 +0100
|
||
|
||
opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
|
||
|
||
commit ac3737372a00b8778b528094dd5bd58a74f67d42
|
||
Merge: 9701b33 4cb1f66
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-11-17 13:08:41 +0100
|
||
|
||
Merge pull request #1217 from rouault/fix_ossfuzz_18979
|
||
|
||
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
|
||
|
||
commit 9701b3305db58d35e4446946309f88937e2f5342
|
||
Author: Robert Ancell <robert.ancell@gmail.com>
|
||
Date: 2019-11-17 15:09:59 +1300
|
||
|
||
JPWL: convert: Fix buffer overflow reading an image file less than four characters (#1196)
|
||
|
||
Fixes #1068
|
||
|
||
commit cb332992a7c84316824b1c4810103ee4f190937c
|
||
Merge: 5875a6b 016f80a
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-11-17 02:47:26 +0100
|
||
|
||
Merge pull request #1218 from rouault/fix_broken_abi_check
|
||
|
||
abi-check.sh: fix false postive ABI error, and display output error log
|
||
|
||
commit 016f80ae2106c2b1b5bca08a684b0bd082e231e6
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-11-17 01:35:26 +0100
|
||
|
||
abi-check.sh: fix false postive ABI error, and display output error log
|
||
|
||
There is currently a false positive ABI check failure between v2.3.1
|
||
and current. It disappears when removing the generated reports of v2.3.1
|
||
and recreating them. It is likely that some tooling has evolved since
|
||
the initial v2.3.1 report generation.
|
||
|
||
commit 4cb1f663049aab96e122d1ff16f601d0cc0be976
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-11-17 01:18:26 +0100
|
||
|
||
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
|
||
|
||
commit 5875a6b44618fb7dfd5cd6d742533eaee2014060
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-10-03 11:04:30 +0200
|
||
|
||
opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151)
|
||
|
||
commit e66125fe260deee49fdf6e9978d9bd29871dd5bb
|
||
Merge: 8db9d25 b275196
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-09-03 17:03:54 +0200
|
||
|
||
Merge pull request #1164 from sebras/master
|
||
|
||
openjp2/j2k: Report error if all wanted components are not decoded.
|
||
|
||
commit 8db9d25dcf360528fd1e094e4f9274c0635e90cc
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-06-15 09:55:16 +0200
|
||
|
||
opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)
|
||
|
||
commit f4d65783593fd0490e0fdb9f323f2d5aff81a21d
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-05-26 11:06:01 +0200
|
||
|
||
test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)
|
||
|
||
commit 9b7620ee7a3d72bfcdbebd78e607c5ee8aa7fade
|
||
Merge: 4f447c6 3aef207
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-26 19:52:52 +0200
|
||
|
||
Merge pull request #1185 from Young-X/fix
|
||
|
||
Fix several potential vulnerabilities
|
||
|
||
commit 4f447c6e18444a4182f7844d25033861eee8df55
|
||
Merge: 5dd75f6 a94cfbd
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 15:32:22 +0200
|
||
|
||
Merge pull request #1192 from rouault/poc_fixes
|
||
|
||
compression: emit POC marker when only one single POC is requested (f…
|
||
|
||
commit a94cfbd5334922ca5b63cfac9d2e5e0ec98155be
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 14:07:46 +0200
|
||
|
||
Change opj_j2k_check_poc_val() to take into account tile number
|
||
|
||
commit bdec5ae2723369be5abba7aaae398aa4ae3225cc
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 01:29:38 +0200
|
||
|
||
Add test for previous commit
|
||
|
||
commit 6423163141412cb93364de4e33d90bcffefa0885
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 01:27:02 +0200
|
||
|
||
Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
|
||
|
||
commit b86717fdd36b628ea7ecb5c24f7a086bf5bcd3a7
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 00:40:04 +0200
|
||
|
||
Add test for previous commit
|
||
|
||
commit 23883458b9de2c57fc1890b42efbd0832c8fbe3b
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 00:34:44 +0200
|
||
|
||
opj_j2k_check_poc_val(): prevent potential write outside of allocated array
|
||
|
||
commit 6589c609f6d6b3743715fceefbdac6e4ecb76aee
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 00:28:05 +0200
|
||
|
||
opj_j2k_check_poc_val(): fix starting index for checking layer dimension
|
||
|
||
The standard mandates that the layer index always starts at zero for every
|
||
progression.
|
||
|
||
commit 1e3a57563defb6aa7cf24ffd2394d4a820e13bda
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-25 00:17:13 +0200
|
||
|
||
compression: emit POC marker when only one single POC is requested (fixes #1191)
|
||
|
||
commit 5dd75f62e20efff9f094fd1dbd0d4d00e8b37689
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-04-23 16:52:21 +0200
|
||
|
||
j2k.c: use correct naming convention for total_data_size variable
|
||
|
||
commit 3aef207f90e937d4931daf6d411e092f76d82e66
|
||
Author: Young Xiao <YangX92@hotmail.com>
|
||
Date: 2019-03-16 20:09:59 +0800
|
||
|
||
bmp_read_rle4_data(): avoid potential infinite loop
|
||
|
||
commit 21399f6b7d318fcdf4406d5e88723c4922202aa3
|
||
Author: Young Xiao <YangX92@hotmail.com>
|
||
Date: 2019-03-16 19:57:27 +0800
|
||
|
||
convertbmp: detect invalid file dimensions early
|
||
|
||
width/length dimensions read from bmp headers are not necessarily
|
||
valid. For instance they may have been maliciously set to very large
|
||
values with the intention to cause DoS (large memory allocation, stack
|
||
overflow). In these cases we want to detect the invalid size as early
|
||
as possible.
|
||
|
||
This commit introduces a counter which verifies that the number of
|
||
written bytes corresponds to the advertized width/length.
|
||
|
||
See commit 8ee335227bbc for details.
|
||
|
||
Signed-off-by: Young Xiao <YangX92@hotmail.com>
|
||
|
||
commit d0dd894ae24d0f2f09072adf1b966033dd64672d
|
||
Author: Antonin Descampe <antonin@gmail.com>
|
||
Date: 2019-04-02 15:37:38 +0200
|
||
|
||
Comment back opj_previous_version in abi_check.sh
|
||
|
||
commit 291e45bb045e63334729ad9a894595f8e1e2b2c7
|
||
Author: Antonin Descampe <antonin@gmail.com>
|
||
Date: 2019-04-02 15:12:59 +0200
|
||
|
||
Update version number for automatic abi check
|
||
|
||
commit 57096325457f96d8cd07bd3af04fe81d7a2ba788
|
||
Author: Antonin Descampe <antonin@gmail.com>
|
||
Date: 2019-04-02 14:45:15 +0200
|
||
|
||
update token for appveyor auto release
|
||
|
||
commit 8b9a89bc2e61652d30bbc56673f8f03ef464430f
|
||
Author: Antonin Descampe <antonin@gmail.com>
|
||
Date: 2019-04-02 14:25:09 +0200
|
||
|
||
update token for automatic release
|
||
|
||
commit d1d422c126cbc2a5435340bd85f4b52ff0477101
|
||
Author: Antonin Descampe <antonin@gmail.com>
|
||
Date: 2019-04-02 12:08:52 +0200
|
||
|
||
Update for release 2.3.1
|
||
|
||
commit d3b0b8927acf2e050a6379320d36fc3bb3751fe3
|
||
Author: Antonin Descampe <info@openjpeg.org>
|
||
Date: 2019-04-02 11:03:16 +0200
|
||
|
||
Update for release 2.3.1
|
||
|
||
commit c7798bb0c636c89ab7f0bab4d89e7f0136e0e55a
|
||
Author: Antonin Descampe <info@openjpeg.org>
|
||
Date: 2019-04-02 11:02:20 +0200
|
||
|
||
update for release 2.3.1
|
||
|
||
commit 8196ab531e79602fe3c947d09d3240c25c358731
|
||
Author: Antonin Descampe <info@openjpeg.org>
|
||
Date: 2019-04-02 11:00:58 +0200
|
||
|
||
Update BUILD version for release 2.3.1
|
||
|
||
commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
|
||
Merge: d6b8aed 5151426
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2019-03-29 12:25:39 +0100
|
||
|
||
Merge pull request #1188 from rouault/fix_abi_check
|
||
|
||
abi-check.sh: fix broken download URL
|
||
|
||
commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-03-29 11:53:23 +0100
|
||
|
||
abi-check.sh: fix broken download URL
|
||
|
||
commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
|
||
Merge: 25b815d a1d32a5
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2019-03-29 11:52:38 +0100
|
||
|
||
Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
|
||
|
||
opj_t1_encode_cblks: fix UBSAN signed integer overflow
|
||
|
||
commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-03-29 11:17:39 +0100
|
||
|
||
opj_t1_encode_cblks: fix UBSAN signed integer overflow
|
||
|
||
Fixes #1053 / CVE-2018-5727
|
||
|
||
Note: I don't consider this issue to be a security vulnerability, in
|
||
practice.
|
||
At least with gcc or clang compilers on x86_64 which generate the same
|
||
assembly code with or without that fix.
|
||
|
||
commit 25b815dc460dbf9def7e6b822c8998727094f85a
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-03-29 10:44:35 +0100
|
||
|
||
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
|
||
|
||
This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
|
||
|
||
This commit doesn't compile due to missing OPJ_UINT64 type
|
||
|
||
commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2019-03-29 10:40:58 +0100
|
||
|
||
Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
|
||
|
||
This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
|
||
|
||
The commit didn't compile. include_size is not defined in openmj2
|
||
|
||
commit b2751967ecabf8d8856e85ab91e25d4f235e2eb3
|
||
Author: Sebastian Rasmussen <sebras@gmail.com>
|
||
Date: 2018-10-31 20:22:11 +0100
|
||
|
||
openjp2/j2k: Report error if all wanted components are not decoded.
|
||
|
||
Previously the caller had to check whether each component data had
|
||
been decoded. This means duplicating the checking in every user of
|
||
openjpeg which is unnecessary. If the caller wantes to decode all
|
||
or a set of, or a specific component then openjpeg ought to error
|
||
out if it was unable to do so.
|
||
|
||
Fixes #1158.
|
||
|
||
commit 51f097e6d5754ddae93e716276fe8176b44ec548
|
||
Merge: e7640f5 8ee3352
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-12-21 16:41:00 +0100
|
||
|
||
Merge pull request #1172 from hlef/master
|
||
|
||
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
|
||
|
||
commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
|
||
Author: Hugo Lefeuvre <hle@debian.org>
|
||
Date: 2018-12-14 04:58:40 +0100
|
||
|
||
convertbmp: detect invalid file dimensions early
|
||
|
||
width/length dimensions read from bmp headers are not necessarily
|
||
valid. For instance they may have been maliciously set to very large
|
||
values with the intention to cause DoS (large memory allocation, stack
|
||
overflow). In these cases we want to detect the invalid size as early
|
||
as possible.
|
||
|
||
This commit introduces a counter which verifies that the number of
|
||
written bytes corresponds to the advertized width/length.
|
||
|
||
Fixes #1059 (CVE-2018-6616).
|
||
|
||
commit e7640f58f122d1228f3d750864543ad4703e18fc
|
||
Merge: e0f5212 05be308
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-12-07 21:27:38 +0100
|
||
|
||
Merge pull request #1168 from Young-X/fix_dev
|
||
|
||
Fix multiple potential vulnerabilities and bugs
|
||
|
||
commit 05be3084460e46282ee63f04c72c451f3271fd28
|
||
Author: Young Xiao <YangX92@hotmail.com>
|
||
Date: 2018-11-28 14:44:06 +0800
|
||
|
||
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
|
||
and fixes unaligned load
|
||
|
||
Signed-off-by: Young Xiao <YangX92@hotmail.com>
|
||
|
||
commit bd88611ed9ad7144ec4f3de54790cd848175891b
|
||
Author: Young_X <YangX92@hotmail.com>
|
||
Date: 2018-11-23 17:15:05 +0800
|
||
|
||
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
|
||
|
||
Signed-off-by: Young_X <YangX92@hotmail.com>
|
||
|
||
commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
|
||
Author: Young_X <YangX92@hotmail.com>
|
||
Date: 2018-11-23 17:12:06 +0800
|
||
|
||
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
|
||
|
||
Signed-off-by: Young_X <YangX92@hotmail.com>
|
||
|
||
commit c58df149900df862806d0e892859b41115875845
|
||
Author: Young_X <YangX92@hotmail.com>
|
||
Date: 2018-11-23 16:24:19 +0800
|
||
|
||
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
|
||
opj_get_encoding_parameters
|
||
|
||
Signed-off-by: Young_X <YangX92@hotmail.com>
|
||
|
||
commit c277159986c80142180fbe5efb256bbf3bdf3edc
|
||
Author: Young_X <YangX92@hotmail.com>
|
||
Date: 2018-11-23 16:12:53 +0800
|
||
|
||
[MJ2] Avoid index out of bounds access to pi->include[]
|
||
|
||
Signed-off-by: Young_X <YangX92@hotmail.com>
|
||
|
||
commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
|
||
Merge: 92023cd 2e5ab1d
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-11-28 00:04:30 +0100
|
||
|
||
Merge pull request #1170 from rouault/fix_color_apply_icc_profile
|
||
|
||
color_apply_icc_profile: avoid potential heap buffer overflow
|
||
|
||
commit 2e5ab1d9987831c981ff05862e8ccf1381ed58ea
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-11-27 23:31:30 +0100
|
||
|
||
color_apply_icc_profile: avoid potential heap buffer overflow
|
||
|
||
Derived from a patch by Thuan Pham
|
||
|
||
commit 46822d0eddc3324b2a056bc60ffa997027bebd66
|
||
Author: Young_X <YangX92@hotmail.com>
|
||
Date: 2018-11-23 15:58:23 +0800
|
||
|
||
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
|
||
|
||
Signed-off-by: Young_X <YangX92@hotmail.com>
|
||
|
||
commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
|
||
Author: Young_X <YangX92@hotmail.com>
|
||
Date: 2018-11-23 15:02:26 +0800
|
||
|
||
[JPWL] fix CVE-2018-16375
|
||
|
||
Signed-off-by: Young_X <YangX92@hotmail.com>
|
||
|
||
commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
|
||
Author: Young_X <YangX92@hotmail.com>
|
||
Date: 2018-11-23 14:47:36 +0800
|
||
|
||
[MJ2] To avoid divisions by zero / undefined behaviour on shift
|
||
|
||
Signed-off-by: Young_X <YangX92@hotmail.com>
|
||
|
||
commit 92023cd6c377e0384a7725949b25655d4d94dced
|
||
Merge: c196b23 cab352e
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-11-16 09:42:19 +0100
|
||
|
||
Merge pull request #1160 from hlef/master
|
||
|
||
jp3d/jpwl convert: fix write stack buffer overflow
|
||
|
||
commit c196b23b90321b5c7e3238294607a2e8626c503f
|
||
Author: ichlubna <43234438+ichlubna@users.noreply.github.com>
|
||
Date: 2018-11-16 09:40:31 +0100
|
||
|
||
openjp3d: Int overflow fixed (#1159)
|
||
|
||
When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
|
||
|
||
commit cab352e249ed3372dd9355c85e837613fff98fa2
|
||
Author: Hugo Lefeuvre <hle@debian.org>
|
||
Date: 2018-11-07 18:48:29 +0100
|
||
|
||
jp2: convert: fix null pointer dereference
|
||
|
||
Tile components in a JP2 image might have null data pointer by defining a
|
||
zero component size (for example using large horizontal or vertical
|
||
sampling periods). This null data pointer leads to null image component
|
||
data pointer, causing crash when dereferenced without != null check in
|
||
imagetopnm.
|
||
|
||
Add != null check.
|
||
|
||
This commit addresses #1152 (CVE-2018-18088).
|
||
|
||
commit 0bc90e4062a5f9258c91eca018c019b179066c62
|
||
Author: Hugo Lefeuvre <hle@debian.org>
|
||
Date: 2018-10-22 16:59:41 +0200
|
||
|
||
jp3d/jpwl convert: fix write stack buffer overflow
|
||
|
||
Missing buffer length formatter in fscanf call might lead to write
|
||
stack buffer overflow.
|
||
|
||
fixes #1044 (CVE-2017-17480)
|
||
|
||
commit 948332e6ed17565100d1df5f6fdbf66865218e36
|
||
Author: Stefan Weil <sw@weilnetz.de>
|
||
Date: 2018-10-31 20:44:30 +0100
|
||
|
||
Fix some potential overflow issues (#1161)
|
||
|
||
* Fix some potential overflow issues
|
||
|
||
Put sizeof to the beginning of the multiplication to enforce that
|
||
size_t instead of smaller integer types is used for the calculation.
|
||
|
||
This fixes warnings from LGTM:
|
||
|
||
Multiplication result may overflow 'unsigned int'
|
||
before it is converted to 'unsigned long'.
|
||
|
||
It also allows removing some type casts.
|
||
|
||
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
||
|
||
* Fix code indentation
|
||
|
||
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
||
|
||
commit e52909f4c7896c5efff3340d707c12d0df55d3f9
|
||
Merge: cd900d9 943db0f
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-10-31 20:41:52 +0100
|
||
|
||
Merge pull request #1163 from nforro/memory-and-resource-leaks
|
||
|
||
Fix several memory and resource leaks
|
||
|
||
commit 943db0f1c28ca6a7df6d18483f97166a03be9bf7
|
||
Author: Nikola Forró <nforro@redhat.com>
|
||
Date: 2018-10-31 13:39:05 +0100
|
||
|
||
Fix several memory and resource leaks
|
||
|
||
Signed-off-by: Nikola Forró <nforro@redhat.com>
|
||
|
||
commit cd900d96618ab77e79812db654731dd6b5fc7bd8
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-10-18 11:45:45 +0200
|
||
|
||
opj_thread_pool_setup(): fix infinite waiting if a thread creation failed
|
||
|
||
commit 0e6a5553cfef21b764d289585af2c6934a95456b
|
||
Merge: 8fc09e5 ca16fe5
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 23:54:12 +0200
|
||
|
||
Merge pull request #1148 from hlef/master
|
||
|
||
CVE-2018-5785: fix issues with zero bitmasks
|
||
|
||
commit 8fc09e50e557fa6af4c099b9c6d36bb1071ee1ed
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-09-22 23:47:56 +0200
|
||
|
||
opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125)
|
||
|
||
commit aaf48ee6bae91032f025f9ac11592c4085a0d96b
|
||
Merge: ee827ad cc38247
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-09-22 23:12:50 +0200
|
||
|
||
Merge branch 'pr1095'
|
||
|
||
commit cc3824767bde397fedb8a1ae4786a222ba860c8d
|
||
Author: Karol Babioch <kbabioch@suse.de>
|
||
Date: 2018-03-02 14:40:58 +0100
|
||
|
||
opj_mj2_extract: Check provided output prefix for length
|
||
|
||
This uses snprintf() with correct buffer length instead of sprintf(), which
|
||
prevents a buffer overflow when providing a long output prefix. Furthermore
|
||
the program exits with an error when the provided output prefix is too long.
|
||
|
||
Fixes #1088.
|
||
|
||
commit ee827ad3f32469d4854b2da71c9703a2af359f9f
|
||
Merge: 5d94bcd 1eb9a57
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-09-22 23:05:54 +0200
|
||
|
||
Merge branch 'pr1107'
|
||
|
||
commit 1eb9a57ac1216209a4d9adf87bc47ba19810d3b3
|
||
Author: szukw000 <szukw000@arcor.de>
|
||
Date: 2018-03-13 18:11:54 +0100
|
||
|
||
opj_mj2_extract: Avoid segfault for long filenames
|
||
|
||
commit 5d94bcd89c6e281614955c56cbfebb11b866a9dd
|
||
Merge: b54c06f 0fa7ebe
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 22:59:36 +0200
|
||
|
||
Merge pull request #1136 from reverson/master
|
||
|
||
Cast on uint ceildiv
|
||
|
||
commit b54c06fb350d318c8e74755710b3480eae3b9911
|
||
Merge: 17bbb0e 4aaf52e
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 22:59:17 +0200
|
||
|
||
Merge pull request #1119 from stweil/ssize_t
|
||
|
||
Use local type declaration for POSIX standard type only for MS compiler
|
||
|
||
commit 17bbb0e23ff03bb722914841a9b962b21fe7a310
|
||
Merge: ccc4441 3d6ffaf
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 22:55:33 +0200
|
||
|
||
Merge pull request #1128 from stweil/typos
|
||
|
||
Fix some typos in code comments and documentation
|
||
|
||
commit ccc4441aeb7bf4928e55bd543fab8de662f6d5e7
|
||
Merge: c6ee006 24fd3ce
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 22:54:51 +0200
|
||
|
||
Merge pull request #1140 from bukatlib/fix_relpath
|
||
|
||
Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file
|
||
|
||
commit c6ee006250b093f443e226288c6c866c5ebe12f5
|
||
Merge: 2d28610 98363e2
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 22:47:27 +0200
|
||
|
||
Merge pull request #1141 from szukw000/changes-in-pnmtoimage
|
||
|
||
Changes in pnmtoimage if image data are missing
|
||
|
||
commit 2d2861036cfb68560e0cf21340760781ea78595d
|
||
Merge: 1b9a81d 31a03b3
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 22:28:04 +0200
|
||
|
||
Merge pull request #1143 from stweil/format
|
||
|
||
openjp2/jp2: Fix two format strings
|
||
|
||
commit 1b9a81dff7c22ed0cb22bf1033e6dfee1292da31
|
||
Merge: 9d1a9dc c28ed52
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-09-22 22:27:14 +0200
|
||
|
||
Merge pull request #1149 from rouault/fix_knownfailures
|
||
|
||
Update knownfailures- files given current configurations
|
||
|
||
commit c28ed521633c074f1e4891208028fe97f7602a14
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-09-22 21:56:50 +0200
|
||
|
||
Update knownfailures- files given current configurations
|
||
|
||
commit ca16fe55014c57090dd97369256c7657aeb25975
|
||
Author: Hugo Lefeuvre <hle@debian.org>
|
||
Date: 2018-09-22 14:33:19 -0400
|
||
|
||
convertbmp: fix issues with zero bitmasks
|
||
|
||
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
|
||
with header size <= 56, all bitmask values keep their initialization
|
||
value 0. This may lead to various undefined behavior later e.g. when
|
||
doing 1 << (l_comp->prec - 1).
|
||
|
||
This issue does not affect files with bit count 16 because of a check
|
||
added in 16240e2 which sets default values to the color masks if they
|
||
are all 0.
|
||
|
||
This commit adds similar checks for the 32 bit case.
|
||
|
||
Also, if a BMP file declares compression 3 with header size >= 56 and
|
||
intentional 0 bitmasks, the same issue will be triggered in both the
|
||
16 and 32 bit count case.
|
||
|
||
This commit adds checks to bmp_read_info_header() rejecting BMP files
|
||
with "intentional" 0 bitmasks. These checks might be removed in the
|
||
future when proper handling of zero bitmasks will be available in
|
||
openjpeg2.
|
||
|
||
fixes #1057 (CVE-2018-5785)
|
||
|
||
commit 31a03b390a77bfbe4b0f140121d1296acb611f76
|
||
Author: Stefan Weil <sw@weilnetz.de>
|
||
Date: 2018-09-05 21:51:30 +0200
|
||
|
||
openjp2/jp2: Fix two format strings
|
||
|
||
Compiler warnings:
|
||
|
||
src/lib/openjp2/jp2.c:1008:35: warning:
|
||
too many arguments for format [-Wformat-extra-args]
|
||
src/lib/openjp2/j2k.c:1928:73: warning:
|
||
format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘OPJ_OFF_T {aka long int}’ [-Wformat=]
|
||
|
||
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
||
|
||
commit 3d6ffaf3f3463b62830f88f50a8c1b510f555eb5
|
||
Author: Stefan Weil <sw@weilnetz.de>
|
||
Date: 2018-07-30 21:04:28 +0200
|
||
|
||
Fix some typos in code comments and documentation
|
||
|
||
All typos were found by Codespell.
|
||
|
||
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
||
|
||
commit 98363e244e027c731f73ee8239d3c19451a9153b
|
||
Author: szukw000 <szukw000@arcor.de>
|
||
Date: 2018-08-31 16:24:41 +0200
|
||
|
||
Changes in pnmtoimage if image data are missing
|
||
|
||
commit 24fd3ce777a64b8b315cfe1ee642ec7b1cc6aa97
|
||
Author: Libor Bukata <libor.bukata@oracle.com>
|
||
Date: 2018-08-31 12:57:40 +0200
|
||
|
||
The change makes a relative path to header files
|
||
always correct regardless of the number of sub-
|
||
directories in OPENJPEG_INSTALL_PACKAGE_DIR variable.
|
||
|
||
commit 0fa7ebe2540990f590c2247b3505ac1dc84b6eec
|
||
Author: Robert Everson <robert@reverson.net>
|
||
Date: 2018-08-27 15:28:53 -0700
|
||
|
||
Cast on uint ceildiv
|
||
|
||
commit 9d1a9dc20dd5155bab977a4f53d05c4bbd66533a
|
||
Merge: d2205ba 56f23b2
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-08-11 23:35:35 +0200
|
||
|
||
Merge pull request #1133 from robe2/robe2-pkgconfig-instructions
|
||
|
||
Add -DBUILD_PKGCONFIG_FILES to install instructions
|
||
|
||
commit 56f23b29a075467fc2377ba086c0263a3eb70fe6
|
||
Author: Regina Obe <lr@pcorp.us>
|
||
Date: 2018-08-11 16:59:30 -0400
|
||
|
||
Add -DBUILD_PKGCONFIG_FILES to install instructions
|
||
|
||
Building under msys/mingw doesn't automatically install the pkg config files needed to build GDAL and other libraries
|
||
|
||
commit d2205ba2ee78faeea659263383446c4472b1f9df
|
||
Merge: fd205f4 4170681
|
||
Author: Even Rouault <even.rouault@mines-paris.org>
|
||
Date: 2018-06-20 16:26:24 +0200
|
||
|
||
Merge pull request #1121 from rouault/fix_tnsot_zero
|
||
|
||
Fix regression in reading files with TNsot == 0 (refs #1120)
|
||
|
||
commit 4170681661126bc9c1348a0183633dc2f4fc8b05
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-06-20 15:06:16 +0200
|
||
|
||
Add test cases for https://github.com/uclouvain/openjpeg/issues/1120 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785
|
||
|
||
commit 0c913b0aba409148b51ca43d45c50ae595449723
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-06-20 14:54:09 +0200
|
||
|
||
Avoid assertion when running opj_j2k_merge_ppt() several time due to e6674f7ed66abdb32a0be5944f618722b6a7b5d5 revert. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785
|
||
|
||
commit 832dfd18665da08745748bde2d2563f00c7cd9e7
|
||
Author: Even Rouault <even.rouault@spatialys.com>
|
||
Date: 2018-06-20 14:38:41 +0200
|
||
|
||
Revert "Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz" (fixes #1120)
|
||
|
||
This reverts commit 9906fbf737692486cebabe98169988d818e2e66a.
|
||
which broke decoding of images where TNsot == 0
|
||
|
||
commit 4aaf52ec8d8ec7b94c73f77f9c0029a3d3cabbf9
|
||
Author: Stefan Weil <sw@weilnetz.de>
|
||
Date: 2018-06-18 14:06:25 +0200
|
||
|
||
Use local type declaration for POSIX standard type only for MS compiler
|
||
|
||
ssize_t is a POSIX type which is declared in POSIX include files.
|
||
Mingw-w64 provides it also for Windows.
|
||
|
||
Use the local declaration only with MS compilers.
|
||
|
||
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
||
|
||
...</pre></div>
|
||
|
||
</body>
|
||
</html>
|