1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5 <meta name="keywords" content="OpenJPEG, current, changes, changelog" />
6 <meta name="description" content="Log of changes in the package" />
7 <link rel="stylesheet" type="text/css" href="../../../css/common.css" />
8 <link rel="stylesheet" type="text/css" href="../../../css/changelog.css" />
12 OpenJPEG current: changelog
18 <table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for OpenJPEG' href='../../../timeline/openjpeg/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(OpenJPEG)</h1></td></tr></table><hr/>
21 <h1>Changelog from Git</h1><br/><br/>
22 <div class='changelog'>
23 <pre class='wrap'>commit cbee7891a0ee664dd83ca09553d2e30da716a883
24 Merge: 172c8ae e8e258a
25 Author: Even Rouault <even.rouault@spatialys.com>
26 Date: 2020-06-30 22:05:13 +0200
28 Merge pull request #1262 from rouault/fix_1261
30 opj_decompress: fix double-free on input directory with mix of valid and invalid images
32 commit e8e258ab049240c2dd1f1051b4e773b21e2d3dc0
33 Author: Even Rouault <even.rouault@spatialys.com>
34 Date: 2020-06-28 14:19:59 +0200
36 opj_decompress: fix double-free on input directory with mix of valid and invalid images (CVE-2020-15389)
40 Credits to @Ruia-ruia for reporting and analysis.
42 commit 172c8ae5cf230ff74b5814daf29e5b577aa30a9b
43 Merge: e252438 b028e8d
44 Author: Even Rouault <even.rouault@spatialys.com>
45 Date: 2020-06-22 22:35:44 +0200
47 Merge pull request #1260 from sebras/fix-issue-1259
49 openjp2: Plug image leak when failing to allocate codestream index.
51 commit e252438d5e23e6ba9561e73a5a4754713bfd626a
52 Merge: 98150d0 79b199a
53 Author: Even Rouault <even.rouault@spatialys.com>
54 Date: 2020-06-22 22:12:08 +0200
56 Merge pull request #1258 from sebras/fix-issue-1257
58 openjp2: Plug memory leak when setting data as TLS fails.
60 commit b028e8d1ce7798f61c35b1b20d836f80d78a35d0
61 Author: Sebastian Rasmussen <sebras@gmail.com>
62 Date: 2020-06-23 02:18:19 +0800
64 openjp2: Plug image leak when failing to allocate codestream index.
66 This fixes issue #1259.
68 commit 79b199a8fee2a0d51d4389fcde3f5f4dd01971eb
69 Author: Sebastian Rasmussen <sebras@gmail.com>
70 Date: 2020-06-23 02:18:19 +0800
72 openjp2: Plug memory leak when setting data as TLS fails.
74 Previously the Tier 1 handle was not freed when setting it as
77 This fixes issue #1257.
79 commit 98150d09422149305c9c8648337a744df5786fbe
80 Merge: 25fb144 93b9f72
81 Author: Even Rouault <even.rouault@spatialys.com>
82 Date: 2020-06-22 21:03:23 +0200
84 Merge pull request #1256 from sebras/master
86 openjp2: Error out if failing to create Tier 1 handle.
88 commit 93b9f7236ce09614ea5edcb0f616f1b4095c4830
89 Author: Sebastian Rasmussen <sebras@gmail.com>
90 Date: 2020-06-23 02:18:19 +0800
92 openjp2: Error out if failing to create Tier 1 handle.
94 Previously when the handle failed to be created (e.g. when
95 opj_calloc returned NULL due to low memory), the code still
96 assumed that the t1 handle pointer was valid and dereferenced
97 NULL, causing a crash. After this commit OpenJPEG will instead
98 error out under this condition.
100 This fixes issue #1255.
102 commit 25fb144c42f97489594302e1e6ff886791e0a5b3
103 Author: szukw000 <szukw000@arcor.de>
104 Date: 2020-06-10 17:40:50 +0200
106 Testing for invalid values of width, height, numcomps (#1254)
108 commit 19ef7f26c43f689b627aad642da7f6150893b863
109 Merge: 1d358f2 f3ee448
110 Author: Even Rouault <even.rouault@spatialys.com>
111 Date: 2020-05-20 21:10:55 +0200
113 Merge pull request #1211 from sebras/master
115 Add check to validate SGcod/SPcoc/SPcod parameter values.
117 commit 1d358f25c8eabbc7c274bcc148f4f5d594ec13fe
118 Merge: 64689d0 4edb8c8
119 Author: Even Rouault <even.rouault@spatialys.com>
120 Date: 2020-05-20 20:29:31 +0200
122 Merge pull request #1246 from rouault/write_plt
124 Add support for generation of PLT markers in encoder
126 commit 4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
127 Author: Even Rouault <even.rouault@spatialys.com>
128 Date: 2020-04-21 15:55:44 +0200
130 Add support for generation of PLT markers in encoder
132 * -PLT switch added to opj_compress
133 * Add a opj_encoder_set_extra_options() function that
134 accepts a PLT=YES option, and could be expanded later
139 Testing with a Sentinel2 10m band, T36JTT_20160914T074612_B02.jp2,
140 coming from S2A_MSIL1C_20160914T074612_N0204_R135_T36JTT_20160914T081456.SAFE
142 Decompress it to TIFF:
144 opj_uncompress -i T36JTT_20160914T074612_B02.jp2 -o T36JTT_20160914T074612_B02.tif
147 Recompress it with similar parameters as original:
149 opj_compress -n 5 -c [256,256],[256,256],[256,256],[256,256],[256,256] -t 1024,1024 -PLT -i T36JTT_20160914T074612_B02.tif -o T36JTT_20160914T074612_B02_PLT.jp2
152 Dump codestream detail with GDAL dump_jp2.py utility (https://github.com/OSGeo/gdal/blob/master/gdal/swig/python/samples/dump_jp2.py)
154 python dump_jp2.py T36JTT_20160914T074612_B02.jp2 > /tmp/dump_sentinel2_ori.txt
155 python dump_jp2.py T36JTT_20160914T074612_B02_PLT.jp2 > /tmp/dump_sentinel2_openjpeg_plt.txt
158 The diff between both show very similar structure, and identical number of packets in PLT markers
160 Now testing with Kakadu (KDU803_Demo_Apps_for_Linux-x86-64_200210)
162 Full file decompression:
164 kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp.tif
166 Consumed 121 tile-part(s) from a total of 121 tile(s).
167 Consumed 80,318,806 codestream bytes (excluding any file format) = 5.329697
169 Processed using the multi-threaded environment, with
170 8 parallel threads of execution
173 Partial decompresson (presumably using PLT markers):
175 kdu_expand -i T36JTT_20160914T074612_B02.jp2 -o tmp.pgm -region "{0.5,0.5},{0.01,0.01}"
176 kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp2.pgm -region "{0.5,0.5},{0.01,0.01}"
177 diff tmp.pgm tmp2.pgm && echo "same !"
182 Funded by ESA for S2-MPC project
184 commit 64689d05dfaaf52105581d93fb1eb173b20829a4
185 Author: Even Rouault <even.rouault@spatialys.com>
186 Date: 2020-04-18 18:25:44 +0200
188 struct opj_j2k: remove unused fields, and add some documentation
190 commit 774889a328abd5d3c280d9a897f1ac4c672cb0e5
191 Merge: b6b7e96 271a71e
192 Author: Even Rouault <even.rouault@spatialys.com>
193 Date: 2020-04-17 00:39:46 +0200
195 Merge pull request #1244 from rouault/fix_pi_warnings
197 Fix warnings about signed/unsigned casts in pi.c
199 commit b6b7e96b0cf7819ef6a2e8ba2f8bdaaf938326ed
200 Author: szukw000 <szukw000@arcor.de>
201 Date: 2020-04-17 00:37:33 +0200
203 color_apply_icc_profile: add checks on the number of components (#1236)
205 commit 040e142288e90c9c2d46d25d0a27f828f968bb93
206 Author: Eduardo Barretto <edusbarretto@gmail.com>
207 Date: 2020-04-16 19:09:40 -0300
209 jp3d/jpwl/mj2/jpip: Fix resource leaks (#1226)
211 This issues were found by cppcheck and coverity.
213 commit 271a71ef0f1dd4740c9f4474279c7da8d15850c9
214 Author: Even Rouault <even.rouault@spatialys.com>
215 Date: 2020-04-16 20:52:44 +0200
217 Fix warnings about signed/unsigned casts in pi.c
219 commit 221a801a97a3ea968a311f7905c18a1eb7f034c4
220 Author: Even Rouault <even.rouault@spatialys.com>
221 Date: 2020-04-16 20:33:22 +0200
223 Rename mis-named function opj_tcd_get_encoded_tile_size() to opj_tcd_get_encoder_input_buffer_size()
225 commit 9c1cfb034a8cf24eb5e35fe9c7074fd079d14b80
226 Merge: 563ecfb 1c54024
227 Author: Even Rouault <even.rouault@spatialys.com>
228 Date: 2020-04-01 22:00:19 +0200
230 Merge pull request #1240 from rouault/fix_crash_opj_decompress
232 opj_decompress: add sanity checks to avoid segfault in case of decoding error
234 commit 1c54024165fd5db0e6047f28903274eb27d0980f
235 Author: Even Rouault <even.rouault@spatialys.com>
236 Date: 2020-04-01 20:58:55 +0200
238 opj_decompress: add sanity checks to avoid segfault in case of decoding error
240 Prevent crashes like:
241 opj_decompress -i 0722_5-1_2019.jp2 -o out.ppm -r 4 -t 0
243 where 0722_5-1_2019.jp2 is
244 https://drive.google.com/file/d/1ZxOUZg2-FKjYwa257VFLMpTXRWxEoP0a/view?usp=sharing
246 commit 563ecfb55ca77c0fc5ea19e4885e00f55ec82ca9
247 Author: Even Rouault <even.rouault@spatialys.com>
248 Date: 2020-02-13 09:59:17 +0100
250 opj_compress: improve help message regarding new IMF switch
252 commit 4e5501b3c72a98b3117e68263afb922092c309cf
253 Merge: 2888145 84f3beb
254 Author: Even Rouault <even.rouault@spatialys.com>
255 Date: 2020-02-13 09:54:20 +0100
257 Merge pull request #1235 from rouault/imf
259 Implement writing of IMF profiles
261 commit 84f3bebbff515f2b00ccf0c817930ebb10b91760
262 Author: Even Rouault <even.rouault@spatialys.com>
263 Date: 2020-02-12 15:55:16 +0100
265 Implement writing of IMF profiles
267 Add -IMF switch to opj_compress as well
269 commit fffe32adcb9f41a00805f4120012be9625ba450a
270 Author: Even Rouault <even.rouault@spatialys.com>
271 Date: 2020-02-12 15:55:02 +0100
273 openjpeg.h: fix values of OPJ_PROFILE_IMF_ constants
275 commit 28881453f6b1ae68a357557999498a11a2bc8b7e
276 Merge: 647f9b1 b5cb419
277 Author: Even Rouault <even.rouault@spatialys.com>
278 Date: 2020-02-10 11:20:20 +0100
280 Merge pull request #1234 from rouault/md5_libtiff_4_1
282 tests: add alternate checksums for libtiff 4.1
284 commit b5cb419faff300fdbc0b4e98dab5c9010db6f39d
285 Author: Even Rouault <even.rouault@spatialys.com>
286 Date: 2020-02-07 21:53:10 +0100
288 tests: add alternate checksums for libtiff 4.1
292 libtiff 4.1 slightly modifies the way it generates files. So
293 add the new expected md5sum.
295 Not super elegant solution admitedly.
297 commit 647f9b118d12819c63635eea65909b0e49e0f201
298 Merge: b63a433 05f9b91
299 Author: Even Rouault <even.rouault@spatialys.com>
300 Date: 2020-01-30 13:07:31 +0100
302 Merge pull request #1232 from rouault/fix_1231
304 opj_tcd_init_tile(): avoid integer overflow
306 commit 05f9b91e60debda0e83977e5e63b2e66486f7074
307 Author: Even Rouault <even.rouault@spatialys.com>
308 Date: 2020-01-30 00:59:57 +0100
310 opj_tcd_init_tile(): avoid integer overflow
312 That could lead to later assertion failures.
314 Fixes #1231 / CVE-2020-8112
316 commit b63a433ba168bad5fa10e83de04d6305e6a222e2
317 Author: Max Moroz <dor3s1@gmail.com>
318 Date: 2020-01-13 09:07:54 -0800
320 tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230)
322 This was changed some time ago (https://google.github.io/oss-fuzz/getting-started/new-project-guide/) but the build didn't fail as there is a fallback mechanism. The main advantage of the new approach is that for libFuzzer this produces more performant binaries (as `$LIB_FUZZING_ENGINE` expands into `-fsanitize=fuzzer`, which links libFuzzer from the compiler-rt, allowing better optimization tricks).
324 I'm also experimenting with dataflow (https://github.com/google/oss-fuzz/issues/1632) on your project, and the dataflow config doesn't have a fallback (as it's a new configuration), therefore I'm proposing a change to migrate from `-lFuzzingEngine` to `$LIB_FUZZING_ENGINE`.
326 commit 46c1eff9e98bbcf794d042f7b2e3d45556e805ce
327 Merge: ac37373 024b840
328 Author: Even Rouault <even.rouault@spatialys.com>
329 Date: 2020-01-11 11:29:11 +0100
331 Merge pull request #1229 from rouault/fix_1228
333 opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
335 commit 024b8407392cb0b82b04b58ed256094ed5799e04
336 Author: Even Rouault <even.rouault@spatialys.com>
337 Date: 2020-01-11 01:51:19 +0100
339 opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
341 commit ac3737372a00b8778b528094dd5bd58a74f67d42
342 Merge: 9701b33 4cb1f66
343 Author: Even Rouault <even.rouault@spatialys.com>
344 Date: 2019-11-17 13:08:41 +0100
346 Merge pull request #1217 from rouault/fix_ossfuzz_18979
348 pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
350 commit 9701b3305db58d35e4446946309f88937e2f5342
351 Author: Robert Ancell <robert.ancell@gmail.com>
352 Date: 2019-11-17 15:09:59 +1300
354 JPWL: convert: Fix buffer overflow reading an image file less than four characters (#1196)
358 commit cb332992a7c84316824b1c4810103ee4f190937c
359 Merge: 5875a6b 016f80a
360 Author: Even Rouault <even.rouault@spatialys.com>
361 Date: 2019-11-17 02:47:26 +0100
363 Merge pull request #1218 from rouault/fix_broken_abi_check
365 abi-check.sh: fix false postive ABI error, and display output error log
367 commit 016f80ae2106c2b1b5bca08a684b0bd082e231e6
368 Author: Even Rouault <even.rouault@spatialys.com>
369 Date: 2019-11-17 01:35:26 +0100
371 abi-check.sh: fix false postive ABI error, and display output error log
373 There is currently a false positive ABI check failure between v2.3.1
374 and current. It disappears when removing the generated reports of v2.3.1
375 and recreating them. It is likely that some tooling has evolved since
376 the initial v2.3.1 report generation.
378 commit 4cb1f663049aab96e122d1ff16f601d0cc0be976
379 Author: Even Rouault <even.rouault@spatialys.com>
380 Date: 2019-11-17 01:18:26 +0100
382 pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
384 commit 5875a6b44618fb7dfd5cd6d742533eaee2014060
385 Author: Even Rouault <even.rouault@spatialys.com>
386 Date: 2019-10-03 11:04:30 +0200
388 opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151)
390 commit f3ee448815eb992b8d4746e32c05e8289f30415f
391 Author: Sebastian Rasmussen <sebras@gmail.com>
392 Date: 2018-10-31 15:56:11 +0100
394 openjp2/j2k: Validate all SGcod/SPcod/SPcoc parameter values.
396 Previously the multiple component transformation SGcod(C)
397 and wavelet transformation SPcod(H)/SPcoc(E) parameter
398 values were never checked, allowing for out of range values.
400 The lack of validation allowed the bit stream provided in
401 issue #1158 through. After this commit an error message
402 points to the marker segments' parameters as being out of
405 input/nonregression/edf_c2_20.jp2 contains an SPcod(H) value
406 of 17, but according to Table A-20 of the specification only
407 values 0 and 1 are valid. input/nonregression/issue826.jp2
408 contains a SGcod(B) value of 2, but according to Table A-17
409 of the specification only values 0 and 1 are valid.
410 input/nonregression/oss-fuzz2785.jp2 contains a SGcod(B)
411 value of 32, but it is likewise limited to 0 or 1. These test
412 cases have been updated to consistently fail to parse the
413 headers since they contain out of bounds values.
415 This fixes issue #1210.
417 commit d801bd4e6287d13b65a48775ebd43fca350b21d9
418 Author: Sebastian Rasmussen <sebras@gmail.com>
419 Date: 2019-09-04 01:18:37 +0200
421 openjp2/j2k: Make comments adhere to specification.
423 The function is used to read both SPcod and SPcoc, so all
424 comments should refer to both marker segments' parameter names.
426 commit e66125fe260deee49fdf6e9978d9bd29871dd5bb
427 Merge: 8db9d25 b275196
428 Author: Even Rouault <even.rouault@spatialys.com>
429 Date: 2019-09-03 17:03:54 +0200
431 Merge pull request #1164 from sebras/master
433 openjp2/j2k: Report error if all wanted components are not decoded.
435 commit 8db9d25dcf360528fd1e094e4f9274c0635e90cc
436 Author: Even Rouault <even.rouault@spatialys.com>
437 Date: 2019-06-15 09:55:16 +0200
439 opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)
441 commit f4d65783593fd0490e0fdb9f323f2d5aff81a21d
442 Author: Even Rouault <even.rouault@spatialys.com>
443 Date: 2019-05-26 11:06:01 +0200
445 test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)
447 commit 9b7620ee7a3d72bfcdbebd78e607c5ee8aa7fade
448 Merge: 4f447c6 3aef207
449 Author: Even Rouault <even.rouault@spatialys.com>
450 Date: 2019-04-26 19:52:52 +0200
452 Merge pull request #1185 from Young-X/fix
454 Fix several potential vulnerabilities
456 commit 4f447c6e18444a4182f7844d25033861eee8df55
457 Merge: 5dd75f6 a94cfbd
458 Author: Even Rouault <even.rouault@spatialys.com>
459 Date: 2019-04-25 15:32:22 +0200
461 Merge pull request #1192 from rouault/poc_fixes
463 compression: emit POC marker when only one single POC is requested (f…
465 commit a94cfbd5334922ca5b63cfac9d2e5e0ec98155be
466 Author: Even Rouault <even.rouault@spatialys.com>
467 Date: 2019-04-25 14:07:46 +0200
469 Change opj_j2k_check_poc_val() to take into account tile number
471 commit bdec5ae2723369be5abba7aaae398aa4ae3225cc
472 Author: Even Rouault <even.rouault@spatialys.com>
473 Date: 2019-04-25 01:29:38 +0200
475 Add test for previous commit
477 commit 6423163141412cb93364de4e33d90bcffefa0885
478 Author: Even Rouault <even.rouault@spatialys.com>
479 Date: 2019-04-25 01:27:02 +0200
481 Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
483 commit b86717fdd36b628ea7ecb5c24f7a086bf5bcd3a7
484 Author: Even Rouault <even.rouault@spatialys.com>
485 Date: 2019-04-25 00:40:04 +0200
487 Add test for previous commit
489 commit 23883458b9de2c57fc1890b42efbd0832c8fbe3b
490 Author: Even Rouault <even.rouault@spatialys.com>
491 Date: 2019-04-25 00:34:44 +0200
493 opj_j2k_check_poc_val(): prevent potential write outside of allocated array
495 commit 6589c609f6d6b3743715fceefbdac6e4ecb76aee
496 Author: Even Rouault <even.rouault@spatialys.com>
497 Date: 2019-04-25 00:28:05 +0200
499 opj_j2k_check_poc_val(): fix starting index for checking layer dimension
501 The standard mandates that the layer index always starts at zero for every
504 commit 1e3a57563defb6aa7cf24ffd2394d4a820e13bda
505 Author: Even Rouault <even.rouault@spatialys.com>
506 Date: 2019-04-25 00:17:13 +0200
508 compression: emit POC marker when only one single POC is requested (fixes #1191)
510 commit 5dd75f62e20efff9f094fd1dbd0d4d00e8b37689
511 Author: Even Rouault <even.rouault@spatialys.com>
512 Date: 2019-04-23 16:52:21 +0200
514 j2k.c: use correct naming convention for total_data_size variable
516 commit 3aef207f90e937d4931daf6d411e092f76d82e66
517 Author: Young Xiao <YangX92@hotmail.com>
518 Date: 2019-03-16 20:09:59 +0800
520 bmp_read_rle4_data(): avoid potential infinite loop
522 commit 21399f6b7d318fcdf4406d5e88723c4922202aa3
523 Author: Young Xiao <YangX92@hotmail.com>
524 Date: 2019-03-16 19:57:27 +0800
526 convertbmp: detect invalid file dimensions early
528 width/length dimensions read from bmp headers are not necessarily
529 valid. For instance they may have been maliciously set to very large
530 values with the intention to cause DoS (large memory allocation, stack
531 overflow). In these cases we want to detect the invalid size as early
534 This commit introduces a counter which verifies that the number of
535 written bytes corresponds to the advertized width/length.
537 See commit 8ee335227bbc for details.
539 Signed-off-by: Young Xiao <YangX92@hotmail.com>
541 commit d0dd894ae24d0f2f09072adf1b966033dd64672d
542 Author: Antonin Descampe <antonin@gmail.com>
543 Date: 2019-04-02 15:37:38 +0200
545 Comment back opj_previous_version in abi_check.sh
547 commit 291e45bb045e63334729ad9a894595f8e1e2b2c7
548 Author: Antonin Descampe <antonin@gmail.com>
549 Date: 2019-04-02 15:12:59 +0200
551 Update version number for automatic abi check
553 commit 57096325457f96d8cd07bd3af04fe81d7a2ba788
554 Author: Antonin Descampe <antonin@gmail.com>
555 Date: 2019-04-02 14:45:15 +0200
557 update token for appveyor auto release
559 commit 8b9a89bc2e61652d30bbc56673f8f03ef464430f
560 Author: Antonin Descampe <antonin@gmail.com>
561 Date: 2019-04-02 14:25:09 +0200
563 update token for automatic release
565 commit d1d422c126cbc2a5435340bd85f4b52ff0477101
566 Author: Antonin Descampe <antonin@gmail.com>
567 Date: 2019-04-02 12:08:52 +0200
569 Update for release 2.3.1
571 commit d3b0b8927acf2e050a6379320d36fc3bb3751fe3
572 Author: Antonin Descampe <info@openjpeg.org>
573 Date: 2019-04-02 11:03:16 +0200
575 Update for release 2.3.1
577 commit c7798bb0c636c89ab7f0bab4d89e7f0136e0e55a
578 Author: Antonin Descampe <info@openjpeg.org>
579 Date: 2019-04-02 11:02:20 +0200
581 update for release 2.3.1
583 commit 8196ab531e79602fe3c947d09d3240c25c358731
584 Author: Antonin Descampe <info@openjpeg.org>
585 Date: 2019-04-02 11:00:58 +0200
587 Update BUILD version for release 2.3.1
589 commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
590 Merge: d6b8aed 5151426
591 Author: Even Rouault <even.rouault@mines-paris.org>
592 Date: 2019-03-29 12:25:39 +0100
594 Merge pull request #1188 from rouault/fix_abi_check
596 abi-check.sh: fix broken download URL
598 commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
599 Author: Even Rouault <even.rouault@spatialys.com>
600 Date: 2019-03-29 11:53:23 +0100
602 abi-check.sh: fix broken download URL
604 commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
605 Merge: 25b815d a1d32a5
606 Author: Even Rouault <even.rouault@mines-paris.org>
607 Date: 2019-03-29 11:52:38 +0100
609 Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
611 opj_t1_encode_cblks: fix UBSAN signed integer overflow
613 commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
614 Author: Even Rouault <even.rouault@spatialys.com>
615 Date: 2019-03-29 11:17:39 +0100
617 opj_t1_encode_cblks: fix UBSAN signed integer overflow
619 Fixes #1053 / CVE-2018-5727
621 Note: I don't consider this issue to be a security vulnerability, in
623 At least with gcc or clang compilers on x86_64 which generate the same
624 assembly code with or without that fix.
626 commit 25b815dc460dbf9def7e6b822c8998727094f85a
627 Author: Even Rouault <even.rouault@spatialys.com>
628 Date: 2019-03-29 10:44:35 +0100
630 Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
632 This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
634 This commit doesn't compile due to missing OPJ_UINT64 type
636 commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
637 Author: Even Rouault <even.rouault@spatialys.com>
638 Date: 2019-03-29 10:40:58 +0100
640 Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
642 This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
644 The commit didn't compile. include_size is not defined in openmj2
646 commit b2751967ecabf8d8856e85ab91e25d4f235e2eb3
647 Author: Sebastian Rasmussen <sebras@gmail.com>
648 Date: 2018-10-31 20:22:11 +0100
650 openjp2/j2k: Report error if all wanted components are not decoded.
652 Previously the caller had to check whether each component data had
653 been decoded. This means duplicating the checking in every user of
654 openjpeg which is unnecessary. If the caller wantes to decode all
655 or a set of, or a specific component then openjpeg ought to error
656 out if it was unable to do so.
660 commit 51f097e6d5754ddae93e716276fe8176b44ec548
661 Merge: e7640f5 8ee3352
662 Author: Even Rouault <even.rouault@mines-paris.org>
663 Date: 2018-12-21 16:41:00 +0100
665 Merge pull request #1172 from hlef/master
667 convertbmp: detect invalid file dimensions early (CVE-2018-6616)
669 commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
670 Author: Hugo Lefeuvre <hle@debian.org>
671 Date: 2018-12-14 04:58:40 +0100
673 convertbmp: detect invalid file dimensions early
675 width/length dimensions read from bmp headers are not necessarily
676 valid. For instance they may have been maliciously set to very large
677 values with the intention to cause DoS (large memory allocation, stack
678 overflow). In these cases we want to detect the invalid size as early
681 This commit introduces a counter which verifies that the number of
682 written bytes corresponds to the advertized width/length.
684 Fixes #1059 (CVE-2018-6616).
686 commit e7640f58f122d1228f3d750864543ad4703e18fc
687 Merge: e0f5212 05be308
688 Author: Even Rouault <even.rouault@mines-paris.org>
689 Date: 2018-12-07 21:27:38 +0100
691 Merge pull request #1168 from Young-X/fix_dev
693 Fix multiple potential vulnerabilities and bugs
695 commit 05be3084460e46282ee63f04c72c451f3271fd28
696 Author: Young Xiao <YangX92@hotmail.com>
697 Date: 2018-11-28 14:44:06 +0800
699 [JPWL] tgatoimage(): avoid excessive memory allocation attempt,
700 and fixes unaligned load
702 Signed-off-by: Young Xiao <YangX92@hotmail.com>
704 commit bd88611ed9ad7144ec4f3de54790cd848175891b
705 Author: Young_X <YangX92@hotmail.com>
706 Date: 2018-11-23 17:15:05 +0800
708 [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
710 Signed-off-by: Young_X <YangX92@hotmail.com>
712 commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
713 Author: Young_X <YangX92@hotmail.com>
714 Date: 2018-11-23 17:12:06 +0800
716 [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
718 Signed-off-by: Young_X <YangX92@hotmail.com>
720 commit c58df149900df862806d0e892859b41115875845
721 Author: Young_X <YangX92@hotmail.com>
722 Date: 2018-11-23 16:24:19 +0800
724 [OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
725 opj_get_encoding_parameters
727 Signed-off-by: Young_X <YangX92@hotmail.com>
729 commit c277159986c80142180fbe5efb256bbf3bdf3edc
730 Author: Young_X <YangX92@hotmail.com>
731 Date: 2018-11-23 16:12:53 +0800
733 [MJ2] Avoid index out of bounds access to pi->include[]
735 Signed-off-by: Young_X <YangX92@hotmail.com>
737 commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
738 Merge: 92023cd 2e5ab1d
739 Author: Even Rouault <even.rouault@mines-paris.org>
740 Date: 2018-11-28 00:04:30 +0100
742 Merge pull request #1170 from rouault/fix_color_apply_icc_profile
744 color_apply_icc_profile: avoid potential heap buffer overflow
746 commit 2e5ab1d9987831c981ff05862e8ccf1381ed58ea
747 Author: Even Rouault <even.rouault@spatialys.com>
748 Date: 2018-11-27 23:31:30 +0100
750 color_apply_icc_profile: avoid potential heap buffer overflow
752 Derived from a patch by Thuan Pham
754 commit 46822d0eddc3324b2a056bc60ffa997027bebd66
755 Author: Young_X <YangX92@hotmail.com>
756 Date: 2018-11-23 15:58:23 +0800
758 [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
760 Signed-off-by: Young_X <YangX92@hotmail.com>
762 commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
763 Author: Young_X <YangX92@hotmail.com>
764 Date: 2018-11-23 15:02:26 +0800
766 [JPWL] fix CVE-2018-16375
768 Signed-off-by: Young_X <YangX92@hotmail.com>
770 commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
771 Author: Young_X <YangX92@hotmail.com>
772 Date: 2018-11-23 14:47:36 +0800
774 [MJ2] To avoid divisions by zero / undefined behaviour on shift
776 Signed-off-by: Young_X <YangX92@hotmail.com>
778 commit 92023cd6c377e0384a7725949b25655d4d94dced
779 Merge: c196b23 cab352e
780 Author: Even Rouault <even.rouault@mines-paris.org>
781 Date: 2018-11-16 09:42:19 +0100
783 Merge pull request #1160 from hlef/master
785 jp3d/jpwl convert: fix write stack buffer overflow
787 commit c196b23b90321b5c7e3238294607a2e8626c503f
788 Author: ichlubna <43234438+ichlubna@users.noreply.github.com>
789 Date: 2018-11-16 09:40:31 +0100
791 openjp3d: Int overflow fixed (#1159)
793 When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
795 commit cab352e249ed3372dd9355c85e837613fff98fa2
796 Author: Hugo Lefeuvre <hle@debian.org>
797 Date: 2018-11-07 18:48:29 +0100
799 jp2: convert: fix null pointer dereference
801 Tile components in a JP2 image might have null data pointer by defining a
802 zero component size (for example using large horizontal or vertical
803 sampling periods). This null data pointer leads to null image component
804 data pointer, causing crash when dereferenced without != null check in
809 This commit addresses #1152 (CVE-2018-18088).
811 commit 0bc90e4062a5f9258c91eca018c019b179066c62
812 Author: Hugo Lefeuvre <hle@debian.org>
813 Date: 2018-10-22 16:59:41 +0200
815 jp3d/jpwl convert: fix write stack buffer overflow
817 Missing buffer length formatter in fscanf call might lead to write
818 stack buffer overflow.
820 fixes #1044 (CVE-2017-17480)
822 commit 948332e6ed17565100d1df5f6fdbf66865218e36
823 Author: Stefan Weil <sw@weilnetz.de>
824 Date: 2018-10-31 20:44:30 +0100
826 Fix some potential overflow issues (#1161)
828 * Fix some potential overflow issues
830 Put sizeof to the beginning of the multiplication to enforce that
831 size_t instead of smaller integer types is used for the calculation.
833 This fixes warnings from LGTM:
835 Multiplication result may overflow 'unsigned int'
836 before it is converted to 'unsigned long'.
838 It also allows removing some type casts.
840 Signed-off-by: Stefan Weil <sw@weilnetz.de>
842 * Fix code indentation
844 Signed-off-by: Stefan Weil <sw@weilnetz.de>
846 commit e52909f4c7896c5efff3340d707c12d0df55d3f9
847 Merge: cd900d9 943db0f
848 Author: Even Rouault <even.rouault@mines-paris.org>
849 Date: 2018-10-31 20:41:52 +0100
851 Merge pull request #1163 from nforro/memory-and-resource-leaks
853 Fix several memory and resource leaks
855 commit 943db0f1c28ca6a7df6d18483f97166a03be9bf7
856 Author: Nikola Forró <nforro@redhat.com>
857 Date: 2018-10-31 13:39:05 +0100
859 Fix several memory and resource leaks
861 Signed-off-by: Nikola Forró <nforro@redhat.com>
863 commit cd900d96618ab77e79812db654731dd6b5fc7bd8
864 Author: Even Rouault <even.rouault@spatialys.com>
865 Date: 2018-10-18 11:45:45 +0200
867 opj_thread_pool_setup(): fix infinite waiting if a thread creation failed
869 commit 0e6a5553cfef21b764d289585af2c6934a95456b
870 Merge: 8fc09e5 ca16fe5
871 Author: Even Rouault <even.rouault@mines-paris.org>
872 Date: 2018-09-22 23:54:12 +0200
874 Merge pull request #1148 from hlef/master
876 CVE-2018-5785: fix issues with zero bitmasks
878 commit 8fc09e50e557fa6af4c099b9c6d36bb1071ee1ed
879 Author: Even Rouault <even.rouault@spatialys.com>
880 Date: 2018-09-22 23:47:56 +0200
882 opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125)
884 commit aaf48ee6bae91032f025f9ac11592c4085a0d96b
885 Merge: ee827ad cc38247
886 Author: Even Rouault <even.rouault@spatialys.com>
887 Date: 2018-09-22 23:12:50 +0200
889 Merge branch 'pr1095'
891 commit cc3824767bde397fedb8a1ae4786a222ba860c8d
892 Author: Karol Babioch <kbabioch@suse.de>
893 Date: 2018-03-02 14:40:58 +0100
895 opj_mj2_extract: Check provided output prefix for length
897 This uses snprintf() with correct buffer length instead of sprintf(), which
898 prevents a buffer overflow when providing a long output prefix. Furthermore
899 the program exits with an error when the provided output prefix is too long.
903 commit ee827ad3f32469d4854b2da71c9703a2af359f9f
904 Merge: 5d94bcd 1eb9a57
905 Author: Even Rouault <even.rouault@spatialys.com>
906 Date: 2018-09-22 23:05:54 +0200
908 Merge branch 'pr1107'
910 commit 1eb9a57ac1216209a4d9adf87bc47ba19810d3b3
911 Author: szukw000 <szukw000@arcor.de>
912 Date: 2018-03-13 18:11:54 +0100
914 opj_mj2_extract: Avoid segfault for long filenames
916 commit 5d94bcd89c6e281614955c56cbfebb11b866a9dd
917 Merge: b54c06f 0fa7ebe
918 Author: Even Rouault <even.rouault@mines-paris.org>
919 Date: 2018-09-22 22:59:36 +0200
921 Merge pull request #1136 from reverson/master
925 commit b54c06fb350d318c8e74755710b3480eae3b9911
926 Merge: 17bbb0e 4aaf52e
927 Author: Even Rouault <even.rouault@mines-paris.org>
928 Date: 2018-09-22 22:59:17 +0200
930 Merge pull request #1119 from stweil/ssize_t
932 Use local type declaration for POSIX standard type only for MS compiler
934 commit 17bbb0e23ff03bb722914841a9b962b21fe7a310
935 Merge: ccc4441 3d6ffaf
936 Author: Even Rouault <even.rouault@mines-paris.org>
937 Date: 2018-09-22 22:55:33 +0200
939 Merge pull request #1128 from stweil/typos
941 Fix some typos in code comments and documentation
943 commit ccc4441aeb7bf4928e55bd543fab8de662f6d5e7
944 Merge: c6ee006 24fd3ce
945 Author: Even Rouault <even.rouault@mines-paris.org>
946 Date: 2018-09-22 22:54:51 +0200
948 Merge pull request #1140 from bukatlib/fix_relpath
950 Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file