1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5 <meta name="keywords" content="OpenJPEG, current, changes, changelog" />
6 <meta name="description" content="Log of changes in the package" />
7 <link rel="stylesheet" type="text/css" href="../../../css/common.css" />
8 <link rel="stylesheet" type="text/css" href="../../../css/changelog.css" />
12 OpenJPEG current: changelog
18 <table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for OpenJPEG' href='../../../timeline/openjpeg/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(OpenJPEG)</h1></td></tr></table><hr/>
21 <h1>Changelog from Git</h1><br/><br/>
22 <div class='changelog'>
23 <pre class='wrap'>commit 64689d05dfaaf52105581d93fb1eb173b20829a4
24 Author: Even Rouault <even.rouault@spatialys.com>
25 Date: 2020-04-18 18:25:44 +0200
27 struct opj_j2k: remove unused fields, and add some documentation
29 commit 774889a328abd5d3c280d9a897f1ac4c672cb0e5
30 Merge: b6b7e96 271a71e
31 Author: Even Rouault <even.rouault@spatialys.com>
32 Date: 2020-04-17 00:39:46 +0200
34 Merge pull request #1244 from rouault/fix_pi_warnings
36 Fix warnings about signed/unsigned casts in pi.c
38 commit b6b7e96b0cf7819ef6a2e8ba2f8bdaaf938326ed
39 Author: szukw000 <szukw000@arcor.de>
40 Date: 2020-04-17 00:37:33 +0200
42 color_apply_icc_profile: add checks on the number of components (#1236)
44 commit 040e142288e90c9c2d46d25d0a27f828f968bb93
45 Author: Eduardo Barretto <edusbarretto@gmail.com>
46 Date: 2020-04-16 19:09:40 -0300
48 jp3d/jpwl/mj2/jpip: Fix resource leaks (#1226)
50 This issues were found by cppcheck and coverity.
52 commit 271a71ef0f1dd4740c9f4474279c7da8d15850c9
53 Author: Even Rouault <even.rouault@spatialys.com>
54 Date: 2020-04-16 20:52:44 +0200
56 Fix warnings about signed/unsigned casts in pi.c
58 commit 221a801a97a3ea968a311f7905c18a1eb7f034c4
59 Author: Even Rouault <even.rouault@spatialys.com>
60 Date: 2020-04-16 20:33:22 +0200
62 Rename mis-named function opj_tcd_get_encoded_tile_size() to opj_tcd_get_encoder_input_buffer_size()
64 commit 9c1cfb034a8cf24eb5e35fe9c7074fd079d14b80
65 Merge: 563ecfb 1c54024
66 Author: Even Rouault <even.rouault@spatialys.com>
67 Date: 2020-04-01 22:00:19 +0200
69 Merge pull request #1240 from rouault/fix_crash_opj_decompress
71 opj_decompress: add sanity checks to avoid segfault in case of decoding error
73 commit 1c54024165fd5db0e6047f28903274eb27d0980f
74 Author: Even Rouault <even.rouault@spatialys.com>
75 Date: 2020-04-01 20:58:55 +0200
77 opj_decompress: add sanity checks to avoid segfault in case of decoding error
80 opj_decompress -i 0722_5-1_2019.jp2 -o out.ppm -r 4 -t 0
82 where 0722_5-1_2019.jp2 is
83 https://drive.google.com/file/d/1ZxOUZg2-FKjYwa257VFLMpTXRWxEoP0a/view?usp=sharing
85 commit 563ecfb55ca77c0fc5ea19e4885e00f55ec82ca9
86 Author: Even Rouault <even.rouault@spatialys.com>
87 Date: 2020-02-13 09:59:17 +0100
89 opj_compress: improve help message regarding new IMF switch
91 commit 4e5501b3c72a98b3117e68263afb922092c309cf
92 Merge: 2888145 84f3beb
93 Author: Even Rouault <even.rouault@spatialys.com>
94 Date: 2020-02-13 09:54:20 +0100
96 Merge pull request #1235 from rouault/imf
98 Implement writing of IMF profiles
100 commit 84f3bebbff515f2b00ccf0c817930ebb10b91760
101 Author: Even Rouault <even.rouault@spatialys.com>
102 Date: 2020-02-12 15:55:16 +0100
104 Implement writing of IMF profiles
106 Add -IMF switch to opj_compress as well
108 commit fffe32adcb9f41a00805f4120012be9625ba450a
109 Author: Even Rouault <even.rouault@spatialys.com>
110 Date: 2020-02-12 15:55:02 +0100
112 openjpeg.h: fix values of OPJ_PROFILE_IMF_ constants
114 commit 28881453f6b1ae68a357557999498a11a2bc8b7e
115 Merge: 647f9b1 b5cb419
116 Author: Even Rouault <even.rouault@spatialys.com>
117 Date: 2020-02-10 11:20:20 +0100
119 Merge pull request #1234 from rouault/md5_libtiff_4_1
121 tests: add alternate checksums for libtiff 4.1
123 commit b5cb419faff300fdbc0b4e98dab5c9010db6f39d
124 Author: Even Rouault <even.rouault@spatialys.com>
125 Date: 2020-02-07 21:53:10 +0100
127 tests: add alternate checksums for libtiff 4.1
131 libtiff 4.1 slightly modifies the way it generates files. So
132 add the new expected md5sum.
134 Not super elegant solution admitedly.
136 commit 647f9b118d12819c63635eea65909b0e49e0f201
137 Merge: b63a433 05f9b91
138 Author: Even Rouault <even.rouault@spatialys.com>
139 Date: 2020-01-30 13:07:31 +0100
141 Merge pull request #1232 from rouault/fix_1231
143 opj_tcd_init_tile(): avoid integer overflow
145 commit 05f9b91e60debda0e83977e5e63b2e66486f7074
146 Author: Even Rouault <even.rouault@spatialys.com>
147 Date: 2020-01-30 00:59:57 +0100
149 opj_tcd_init_tile(): avoid integer overflow
151 That could lead to later assertion failures.
153 Fixes #1231 / CVE-2020-8112
155 commit b63a433ba168bad5fa10e83de04d6305e6a222e2
156 Author: Max Moroz <dor3s1@gmail.com>
157 Date: 2020-01-13 09:07:54 -0800
159 tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230)
161 This was changed some time ago (https://google.github.io/oss-fuzz/getting-started/new-project-guide/) but the build didn't fail as there is a fallback mechanism. The main advantage of the new approach is that for libFuzzer this produces more performant binaries (as `$LIB_FUZZING_ENGINE` expands into `-fsanitize=fuzzer`, which links libFuzzer from the compiler-rt, allowing better optimization tricks).
163 I'm also experimenting with dataflow (https://github.com/google/oss-fuzz/issues/1632) on your project, and the dataflow config doesn't have a fallback (as it's a new configuration), therefore I'm proposing a change to migrate from `-lFuzzingEngine` to `$LIB_FUZZING_ENGINE`.
165 commit 46c1eff9e98bbcf794d042f7b2e3d45556e805ce
166 Merge: ac37373 024b840
167 Author: Even Rouault <even.rouault@spatialys.com>
168 Date: 2020-01-11 11:29:11 +0100
170 Merge pull request #1229 from rouault/fix_1228
172 opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
174 commit 024b8407392cb0b82b04b58ed256094ed5799e04
175 Author: Even Rouault <even.rouault@spatialys.com>
176 Date: 2020-01-11 01:51:19 +0100
178 opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
180 commit ac3737372a00b8778b528094dd5bd58a74f67d42
181 Merge: 9701b33 4cb1f66
182 Author: Even Rouault <even.rouault@spatialys.com>
183 Date: 2019-11-17 13:08:41 +0100
185 Merge pull request #1217 from rouault/fix_ossfuzz_18979
187 pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
189 commit 9701b3305db58d35e4446946309f88937e2f5342
190 Author: Robert Ancell <robert.ancell@gmail.com>
191 Date: 2019-11-17 15:09:59 +1300
193 JPWL: convert: Fix buffer overflow reading an image file less than four characters (#1196)
197 commit cb332992a7c84316824b1c4810103ee4f190937c
198 Merge: 5875a6b 016f80a
199 Author: Even Rouault <even.rouault@spatialys.com>
200 Date: 2019-11-17 02:47:26 +0100
202 Merge pull request #1218 from rouault/fix_broken_abi_check
204 abi-check.sh: fix false postive ABI error, and display output error log
206 commit 016f80ae2106c2b1b5bca08a684b0bd082e231e6
207 Author: Even Rouault <even.rouault@spatialys.com>
208 Date: 2019-11-17 01:35:26 +0100
210 abi-check.sh: fix false postive ABI error, and display output error log
212 There is currently a false positive ABI check failure between v2.3.1
213 and current. It disappears when removing the generated reports of v2.3.1
214 and recreating them. It is likely that some tooling has evolved since
215 the initial v2.3.1 report generation.
217 commit 4cb1f663049aab96e122d1ff16f601d0cc0be976
218 Author: Even Rouault <even.rouault@spatialys.com>
219 Date: 2019-11-17 01:18:26 +0100
221 pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
223 commit 5875a6b44618fb7dfd5cd6d742533eaee2014060
224 Author: Even Rouault <even.rouault@spatialys.com>
225 Date: 2019-10-03 11:04:30 +0200
227 opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151)
229 commit e66125fe260deee49fdf6e9978d9bd29871dd5bb
230 Merge: 8db9d25 b275196
231 Author: Even Rouault <even.rouault@spatialys.com>
232 Date: 2019-09-03 17:03:54 +0200
234 Merge pull request #1164 from sebras/master
236 openjp2/j2k: Report error if all wanted components are not decoded.
238 commit 8db9d25dcf360528fd1e094e4f9274c0635e90cc
239 Author: Even Rouault <even.rouault@spatialys.com>
240 Date: 2019-06-15 09:55:16 +0200
242 opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)
244 commit f4d65783593fd0490e0fdb9f323f2d5aff81a21d
245 Author: Even Rouault <even.rouault@spatialys.com>
246 Date: 2019-05-26 11:06:01 +0200
248 test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)
250 commit 9b7620ee7a3d72bfcdbebd78e607c5ee8aa7fade
251 Merge: 4f447c6 3aef207
252 Author: Even Rouault <even.rouault@spatialys.com>
253 Date: 2019-04-26 19:52:52 +0200
255 Merge pull request #1185 from Young-X/fix
257 Fix several potential vulnerabilities
259 commit 4f447c6e18444a4182f7844d25033861eee8df55
260 Merge: 5dd75f6 a94cfbd
261 Author: Even Rouault <even.rouault@spatialys.com>
262 Date: 2019-04-25 15:32:22 +0200
264 Merge pull request #1192 from rouault/poc_fixes
266 compression: emit POC marker when only one single POC is requested (f…
268 commit a94cfbd5334922ca5b63cfac9d2e5e0ec98155be
269 Author: Even Rouault <even.rouault@spatialys.com>
270 Date: 2019-04-25 14:07:46 +0200
272 Change opj_j2k_check_poc_val() to take into account tile number
274 commit bdec5ae2723369be5abba7aaae398aa4ae3225cc
275 Author: Even Rouault <even.rouault@spatialys.com>
276 Date: 2019-04-25 01:29:38 +0200
278 Add test for previous commit
280 commit 6423163141412cb93364de4e33d90bcffefa0885
281 Author: Even Rouault <even.rouault@spatialys.com>
282 Date: 2019-04-25 01:27:02 +0200
284 Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
286 commit b86717fdd36b628ea7ecb5c24f7a086bf5bcd3a7
287 Author: Even Rouault <even.rouault@spatialys.com>
288 Date: 2019-04-25 00:40:04 +0200
290 Add test for previous commit
292 commit 23883458b9de2c57fc1890b42efbd0832c8fbe3b
293 Author: Even Rouault <even.rouault@spatialys.com>
294 Date: 2019-04-25 00:34:44 +0200
296 opj_j2k_check_poc_val(): prevent potential write outside of allocated array
298 commit 6589c609f6d6b3743715fceefbdac6e4ecb76aee
299 Author: Even Rouault <even.rouault@spatialys.com>
300 Date: 2019-04-25 00:28:05 +0200
302 opj_j2k_check_poc_val(): fix starting index for checking layer dimension
304 The standard mandates that the layer index always starts at zero for every
307 commit 1e3a57563defb6aa7cf24ffd2394d4a820e13bda
308 Author: Even Rouault <even.rouault@spatialys.com>
309 Date: 2019-04-25 00:17:13 +0200
311 compression: emit POC marker when only one single POC is requested (fixes #1191)
313 commit 5dd75f62e20efff9f094fd1dbd0d4d00e8b37689
314 Author: Even Rouault <even.rouault@spatialys.com>
315 Date: 2019-04-23 16:52:21 +0200
317 j2k.c: use correct naming convention for total_data_size variable
319 commit 3aef207f90e937d4931daf6d411e092f76d82e66
320 Author: Young Xiao <YangX92@hotmail.com>
321 Date: 2019-03-16 20:09:59 +0800
323 bmp_read_rle4_data(): avoid potential infinite loop
325 commit 21399f6b7d318fcdf4406d5e88723c4922202aa3
326 Author: Young Xiao <YangX92@hotmail.com>
327 Date: 2019-03-16 19:57:27 +0800
329 convertbmp: detect invalid file dimensions early
331 width/length dimensions read from bmp headers are not necessarily
332 valid. For instance they may have been maliciously set to very large
333 values with the intention to cause DoS (large memory allocation, stack
334 overflow). In these cases we want to detect the invalid size as early
337 This commit introduces a counter which verifies that the number of
338 written bytes corresponds to the advertized width/length.
340 See commit 8ee335227bbc for details.
342 Signed-off-by: Young Xiao <YangX92@hotmail.com>
344 commit d0dd894ae24d0f2f09072adf1b966033dd64672d
345 Author: Antonin Descampe <antonin@gmail.com>
346 Date: 2019-04-02 15:37:38 +0200
348 Comment back opj_previous_version in abi_check.sh
350 commit 291e45bb045e63334729ad9a894595f8e1e2b2c7
351 Author: Antonin Descampe <antonin@gmail.com>
352 Date: 2019-04-02 15:12:59 +0200
354 Update version number for automatic abi check
356 commit 57096325457f96d8cd07bd3af04fe81d7a2ba788
357 Author: Antonin Descampe <antonin@gmail.com>
358 Date: 2019-04-02 14:45:15 +0200
360 update token for appveyor auto release
362 commit 8b9a89bc2e61652d30bbc56673f8f03ef464430f
363 Author: Antonin Descampe <antonin@gmail.com>
364 Date: 2019-04-02 14:25:09 +0200
366 update token for automatic release
368 commit d1d422c126cbc2a5435340bd85f4b52ff0477101
369 Author: Antonin Descampe <antonin@gmail.com>
370 Date: 2019-04-02 12:08:52 +0200
372 Update for release 2.3.1
374 commit d3b0b8927acf2e050a6379320d36fc3bb3751fe3
375 Author: Antonin Descampe <info@openjpeg.org>
376 Date: 2019-04-02 11:03:16 +0200
378 Update for release 2.3.1
380 commit c7798bb0c636c89ab7f0bab4d89e7f0136e0e55a
381 Author: Antonin Descampe <info@openjpeg.org>
382 Date: 2019-04-02 11:02:20 +0200
384 update for release 2.3.1
386 commit 8196ab531e79602fe3c947d09d3240c25c358731
387 Author: Antonin Descampe <info@openjpeg.org>
388 Date: 2019-04-02 11:00:58 +0200
390 Update BUILD version for release 2.3.1
392 commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
393 Merge: d6b8aed 5151426
394 Author: Even Rouault <even.rouault@mines-paris.org>
395 Date: 2019-03-29 12:25:39 +0100
397 Merge pull request #1188 from rouault/fix_abi_check
399 abi-check.sh: fix broken download URL
401 commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
402 Author: Even Rouault <even.rouault@spatialys.com>
403 Date: 2019-03-29 11:53:23 +0100
405 abi-check.sh: fix broken download URL
407 commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
408 Merge: 25b815d a1d32a5
409 Author: Even Rouault <even.rouault@mines-paris.org>
410 Date: 2019-03-29 11:52:38 +0100
412 Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
414 opj_t1_encode_cblks: fix UBSAN signed integer overflow
416 commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
417 Author: Even Rouault <even.rouault@spatialys.com>
418 Date: 2019-03-29 11:17:39 +0100
420 opj_t1_encode_cblks: fix UBSAN signed integer overflow
422 Fixes #1053 / CVE-2018-5727
424 Note: I don't consider this issue to be a security vulnerability, in
426 At least with gcc or clang compilers on x86_64 which generate the same
427 assembly code with or without that fix.
429 commit 25b815dc460dbf9def7e6b822c8998727094f85a
430 Author: Even Rouault <even.rouault@spatialys.com>
431 Date: 2019-03-29 10:44:35 +0100
433 Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
435 This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
437 This commit doesn't compile due to missing OPJ_UINT64 type
439 commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
440 Author: Even Rouault <even.rouault@spatialys.com>
441 Date: 2019-03-29 10:40:58 +0100
443 Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
445 This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
447 The commit didn't compile. include_size is not defined in openmj2
449 commit b2751967ecabf8d8856e85ab91e25d4f235e2eb3
450 Author: Sebastian Rasmussen <sebras@gmail.com>
451 Date: 2018-10-31 20:22:11 +0100
453 openjp2/j2k: Report error if all wanted components are not decoded.
455 Previously the caller had to check whether each component data had
456 been decoded. This means duplicating the checking in every user of
457 openjpeg which is unnecessary. If the caller wantes to decode all
458 or a set of, or a specific component then openjpeg ought to error
459 out if it was unable to do so.
463 commit 51f097e6d5754ddae93e716276fe8176b44ec548
464 Merge: e7640f5 8ee3352
465 Author: Even Rouault <even.rouault@mines-paris.org>
466 Date: 2018-12-21 16:41:00 +0100
468 Merge pull request #1172 from hlef/master
470 convertbmp: detect invalid file dimensions early (CVE-2018-6616)
472 commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
473 Author: Hugo Lefeuvre <hle@debian.org>
474 Date: 2018-12-14 04:58:40 +0100
476 convertbmp: detect invalid file dimensions early
478 width/length dimensions read from bmp headers are not necessarily
479 valid. For instance they may have been maliciously set to very large
480 values with the intention to cause DoS (large memory allocation, stack
481 overflow). In these cases we want to detect the invalid size as early
484 This commit introduces a counter which verifies that the number of
485 written bytes corresponds to the advertized width/length.
487 Fixes #1059 (CVE-2018-6616).
489 commit e7640f58f122d1228f3d750864543ad4703e18fc
490 Merge: e0f5212 05be308
491 Author: Even Rouault <even.rouault@mines-paris.org>
492 Date: 2018-12-07 21:27:38 +0100
494 Merge pull request #1168 from Young-X/fix_dev
496 Fix multiple potential vulnerabilities and bugs
498 commit 05be3084460e46282ee63f04c72c451f3271fd28
499 Author: Young Xiao <YangX92@hotmail.com>
500 Date: 2018-11-28 14:44:06 +0800
502 [JPWL] tgatoimage(): avoid excessive memory allocation attempt,
503 and fixes unaligned load
505 Signed-off-by: Young Xiao <YangX92@hotmail.com>
507 commit bd88611ed9ad7144ec4f3de54790cd848175891b
508 Author: Young_X <YangX92@hotmail.com>
509 Date: 2018-11-23 17:15:05 +0800
511 [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
513 Signed-off-by: Young_X <YangX92@hotmail.com>
515 commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
516 Author: Young_X <YangX92@hotmail.com>
517 Date: 2018-11-23 17:12:06 +0800
519 [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
521 Signed-off-by: Young_X <YangX92@hotmail.com>
523 commit c58df149900df862806d0e892859b41115875845
524 Author: Young_X <YangX92@hotmail.com>
525 Date: 2018-11-23 16:24:19 +0800
527 [OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
528 opj_get_encoding_parameters
530 Signed-off-by: Young_X <YangX92@hotmail.com>
532 commit c277159986c80142180fbe5efb256bbf3bdf3edc
533 Author: Young_X <YangX92@hotmail.com>
534 Date: 2018-11-23 16:12:53 +0800
536 [MJ2] Avoid index out of bounds access to pi->include[]
538 Signed-off-by: Young_X <YangX92@hotmail.com>
540 commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
541 Merge: 92023cd 2e5ab1d
542 Author: Even Rouault <even.rouault@mines-paris.org>
543 Date: 2018-11-28 00:04:30 +0100
545 Merge pull request #1170 from rouault/fix_color_apply_icc_profile
547 color_apply_icc_profile: avoid potential heap buffer overflow
549 commit 2e5ab1d9987831c981ff05862e8ccf1381ed58ea
550 Author: Even Rouault <even.rouault@spatialys.com>
551 Date: 2018-11-27 23:31:30 +0100
553 color_apply_icc_profile: avoid potential heap buffer overflow
555 Derived from a patch by Thuan Pham
557 commit 46822d0eddc3324b2a056bc60ffa997027bebd66
558 Author: Young_X <YangX92@hotmail.com>
559 Date: 2018-11-23 15:58:23 +0800
561 [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
563 Signed-off-by: Young_X <YangX92@hotmail.com>
565 commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
566 Author: Young_X <YangX92@hotmail.com>
567 Date: 2018-11-23 15:02:26 +0800
569 [JPWL] fix CVE-2018-16375
571 Signed-off-by: Young_X <YangX92@hotmail.com>
573 commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
574 Author: Young_X <YangX92@hotmail.com>
575 Date: 2018-11-23 14:47:36 +0800
577 [MJ2] To avoid divisions by zero / undefined behaviour on shift
579 Signed-off-by: Young_X <YangX92@hotmail.com>
581 commit 92023cd6c377e0384a7725949b25655d4d94dced
582 Merge: c196b23 cab352e
583 Author: Even Rouault <even.rouault@mines-paris.org>
584 Date: 2018-11-16 09:42:19 +0100
586 Merge pull request #1160 from hlef/master
588 jp3d/jpwl convert: fix write stack buffer overflow
590 commit c196b23b90321b5c7e3238294607a2e8626c503f
591 Author: ichlubna <43234438+ichlubna@users.noreply.github.com>
592 Date: 2018-11-16 09:40:31 +0100
594 openjp3d: Int overflow fixed (#1159)
596 When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
598 commit cab352e249ed3372dd9355c85e837613fff98fa2
599 Author: Hugo Lefeuvre <hle@debian.org>
600 Date: 2018-11-07 18:48:29 +0100
602 jp2: convert: fix null pointer dereference
604 Tile components in a JP2 image might have null data pointer by defining a
605 zero component size (for example using large horizontal or vertical
606 sampling periods). This null data pointer leads to null image component
607 data pointer, causing crash when dereferenced without != null check in
612 This commit addresses #1152 (CVE-2018-18088).
614 commit 0bc90e4062a5f9258c91eca018c019b179066c62
615 Author: Hugo Lefeuvre <hle@debian.org>
616 Date: 2018-10-22 16:59:41 +0200
618 jp3d/jpwl convert: fix write stack buffer overflow
620 Missing buffer length formatter in fscanf call might lead to write
621 stack buffer overflow.
623 fixes #1044 (CVE-2017-17480)
625 commit 948332e6ed17565100d1df5f6fdbf66865218e36
626 Author: Stefan Weil <sw@weilnetz.de>
627 Date: 2018-10-31 20:44:30 +0100
629 Fix some potential overflow issues (#1161)
631 * Fix some potential overflow issues
633 Put sizeof to the beginning of the multiplication to enforce that
634 size_t instead of smaller integer types is used for the calculation.
636 This fixes warnings from LGTM:
638 Multiplication result may overflow 'unsigned int'
639 before it is converted to 'unsigned long'.
641 It also allows removing some type casts.
643 Signed-off-by: Stefan Weil <sw@weilnetz.de>
645 * Fix code indentation
647 Signed-off-by: Stefan Weil <sw@weilnetz.de>
649 commit e52909f4c7896c5efff3340d707c12d0df55d3f9
650 Merge: cd900d9 943db0f
651 Author: Even Rouault <even.rouault@mines-paris.org>
652 Date: 2018-10-31 20:41:52 +0100
654 Merge pull request #1163 from nforro/memory-and-resource-leaks
656 Fix several memory and resource leaks
658 commit 943db0f1c28ca6a7df6d18483f97166a03be9bf7
659 Author: Nikola Forró <nforro@redhat.com>
660 Date: 2018-10-31 13:39:05 +0100
662 Fix several memory and resource leaks
664 Signed-off-by: Nikola Forró <nforro@redhat.com>
666 commit cd900d96618ab77e79812db654731dd6b5fc7bd8
667 Author: Even Rouault <even.rouault@spatialys.com>
668 Date: 2018-10-18 11:45:45 +0200
670 opj_thread_pool_setup(): fix infinite waiting if a thread creation failed
672 commit 0e6a5553cfef21b764d289585af2c6934a95456b
673 Merge: 8fc09e5 ca16fe5
674 Author: Even Rouault <even.rouault@mines-paris.org>
675 Date: 2018-09-22 23:54:12 +0200
677 Merge pull request #1148 from hlef/master
679 CVE-2018-5785: fix issues with zero bitmasks
681 commit 8fc09e50e557fa6af4c099b9c6d36bb1071ee1ed
682 Author: Even Rouault <even.rouault@spatialys.com>
683 Date: 2018-09-22 23:47:56 +0200
685 opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125)
687 commit aaf48ee6bae91032f025f9ac11592c4085a0d96b
688 Merge: ee827ad cc38247
689 Author: Even Rouault <even.rouault@spatialys.com>
690 Date: 2018-09-22 23:12:50 +0200
692 Merge branch 'pr1095'
694 commit cc3824767bde397fedb8a1ae4786a222ba860c8d
695 Author: Karol Babioch <kbabioch@suse.de>
696 Date: 2018-03-02 14:40:58 +0100
698 opj_mj2_extract: Check provided output prefix for length
700 This uses snprintf() with correct buffer length instead of sprintf(), which
701 prevents a buffer overflow when providing a long output prefix. Furthermore
702 the program exits with an error when the provided output prefix is too long.
706 commit ee827ad3f32469d4854b2da71c9703a2af359f9f
707 Merge: 5d94bcd 1eb9a57
708 Author: Even Rouault <even.rouault@spatialys.com>
709 Date: 2018-09-22 23:05:54 +0200
711 Merge branch 'pr1107'
713 commit 1eb9a57ac1216209a4d9adf87bc47ba19810d3b3
714 Author: szukw000 <szukw000@arcor.de>
715 Date: 2018-03-13 18:11:54 +0100
717 opj_mj2_extract: Avoid segfault for long filenames
719 commit 5d94bcd89c6e281614955c56cbfebb11b866a9dd
720 Merge: b54c06f 0fa7ebe
721 Author: Even Rouault <even.rouault@mines-paris.org>
722 Date: 2018-09-22 22:59:36 +0200
724 Merge pull request #1136 from reverson/master
728 commit b54c06fb350d318c8e74755710b3480eae3b9911
729 Merge: 17bbb0e 4aaf52e
730 Author: Even Rouault <even.rouault@mines-paris.org>
731 Date: 2018-09-22 22:59:17 +0200
733 Merge pull request #1119 from stweil/ssize_t
735 Use local type declaration for POSIX standard type only for MS compiler
737 commit 17bbb0e23ff03bb722914841a9b962b21fe7a310
738 Merge: ccc4441 3d6ffaf
739 Author: Even Rouault <even.rouault@mines-paris.org>
740 Date: 2018-09-22 22:55:33 +0200
742 Merge pull request #1128 from stweil/typos
744 Fix some typos in code comments and documentation
746 commit ccc4441aeb7bf4928e55bd543fab8de662f6d5e7
747 Merge: c6ee006 24fd3ce
748 Author: Even Rouault <even.rouault@mines-paris.org>
749 Date: 2018-09-22 22:54:51 +0200
751 Merge pull request #1140 from bukatlib/fix_relpath
753 Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file
755 commit c6ee006250b093f443e226288c6c866c5ebe12f5
756 Merge: 2d28610 98363e2
757 Author: Even Rouault <even.rouault@mines-paris.org>
758 Date: 2018-09-22 22:47:27 +0200
760 Merge pull request #1141 from szukw000/changes-in-pnmtoimage
762 Changes in pnmtoimage if image data are missing
764 commit 2d2861036cfb68560e0cf21340760781ea78595d
765 Merge: 1b9a81d 31a03b3
766 Author: Even Rouault <even.rouault@mines-paris.org>
767 Date: 2018-09-22 22:28:04 +0200
769 Merge pull request #1143 from stweil/format
771 openjp2/jp2: Fix two format strings
773 commit 1b9a81dff7c22ed0cb22bf1033e6dfee1292da31
774 Merge: 9d1a9dc c28ed52
775 Author: Even Rouault <even.rouault@mines-paris.org>
776 Date: 2018-09-22 22:27:14 +0200
778 Merge pull request #1149 from rouault/fix_knownfailures
780 Update knownfailures- files given current configurations
782 commit c28ed521633c074f1e4891208028fe97f7602a14
783 Author: Even Rouault <even.rouault@spatialys.com>
784 Date: 2018-09-22 21:56:50 +0200
786 Update knownfailures- files given current configurations
788 commit ca16fe55014c57090dd97369256c7657aeb25975
789 Author: Hugo Lefeuvre <hle@debian.org>
790 Date: 2018-09-22 14:33:19 -0400
792 convertbmp: fix issues with zero bitmasks
794 In the case where a BMP file declares compression 3 (BI_BITFIELDS)
795 with header size <= 56, all bitmask values keep their initialization
796 value 0. This may lead to various undefined behavior later e.g. when
797 doing 1 << (l_comp->prec - 1).
799 This issue does not affect files with bit count 16 because of a check
800 added in 16240e2 which sets default values to the color masks if they
803 This commit adds similar checks for the 32 bit case.
805 Also, if a BMP file declares compression 3 with header size >= 56 and
806 intentional 0 bitmasks, the same issue will be triggered in both the
807 16 and 32 bit count case.
809 This commit adds checks to bmp_read_info_header() rejecting BMP files
810 with "intentional" 0 bitmasks. These checks might be removed in the
811 future when proper handling of zero bitmasks will be available in
814 fixes #1057 (CVE-2018-5785)
816 commit 31a03b390a77bfbe4b0f140121d1296acb611f76
817 Author: Stefan Weil <sw@weilnetz.de>
818 Date: 2018-09-05 21:51:30 +0200
820 openjp2/jp2: Fix two format strings
824 src/lib/openjp2/jp2.c:1008:35: warning:
825 too many arguments for format [-Wformat-extra-args]
826 src/lib/openjp2/j2k.c:1928:73: warning:
827 format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘OPJ_OFF_T {aka long int}’ [-Wformat=]
829 Signed-off-by: Stefan Weil <sw@weilnetz.de>
831 commit 3d6ffaf3f3463b62830f88f50a8c1b510f555eb5
832 Author: Stefan Weil <sw@weilnetz.de>
833 Date: 2018-07-30 21:04:28 +0200
835 Fix some typos in code comments and documentation
837 All typos were found by Codespell.
839 Signed-off-by: Stefan Weil <sw@weilnetz.de>
841 commit 98363e244e027c731f73ee8239d3c19451a9153b
842 Author: szukw000 <szukw000@arcor.de>
843 Date: 2018-08-31 16:24:41 +0200
845 Changes in pnmtoimage if image data are missing
847 commit 24fd3ce777a64b8b315cfe1ee642ec7b1cc6aa97
848 Author: Libor Bukata <libor.bukata@oracle.com>
849 Date: 2018-08-31 12:57:40 +0200
851 The change makes a relative path to header files
852 always correct regardless of the number of sub-
853 directories in OPENJPEG_INSTALL_PACKAGE_DIR variable.
855 commit 0fa7ebe2540990f590c2247b3505ac1dc84b6eec
856 Author: Robert Everson <robert@reverson.net>
857 Date: 2018-08-27 15:28:53 -0700
861 commit 9d1a9dc20dd5155bab977a4f53d05c4bbd66533a
862 Merge: d2205ba 56f23b2
863 Author: Even Rouault <even.rouault@mines-paris.org>
864 Date: 2018-08-11 23:35:35 +0200
866 Merge pull request #1133 from robe2/robe2-pkgconfig-instructions
868 Add -DBUILD_PKGCONFIG_FILES to install instructions
870 commit 56f23b29a075467fc2377ba086c0263a3eb70fe6
871 Author: Regina Obe <lr@pcorp.us>
872 Date: 2018-08-11 16:59:30 -0400
874 Add -DBUILD_PKGCONFIG_FILES to install instructions
876 Building under msys/mingw doesn't automatically install the pkg config files needed to build GDAL and other libraries
878 commit d2205ba2ee78faeea659263383446c4472b1f9df
879 Merge: fd205f4 4170681
880 Author: Even Rouault <even.rouault@mines-paris.org>
881 Date: 2018-06-20 16:26:24 +0200
883 Merge pull request #1121 from rouault/fix_tnsot_zero
885 Fix regression in reading files with TNsot == 0 (refs #1120)
887 commit 4170681661126bc9c1348a0183633dc2f4fc8b05
888 Author: Even Rouault <even.rouault@spatialys.com>
889 Date: 2018-06-20 15:06:16 +0200
891 Add test cases for https://github.com/uclouvain/openjpeg/issues/1120 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785