1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5 <meta name="keywords" content="OpenJPEG, current, changes, changelog" />
6 <meta name="description" content="Log of changes in the package" />
7 <link rel="stylesheet" type="text/css" href="../../../css/common.css" />
8 <link rel="stylesheet" type="text/css" href="../../../css/changelog.css" />
12 OpenJPEG current: changelog
18 <table cellpadding='0' cellspacing='0'><tr><td align='center'><h1 class='tool'><a title='Home: ABI tracker for OpenJPEG' href='../../../timeline/openjpeg/index.html' class='tool'>ABI<br/>Tracker</a></h1></td><td width='30px;'></td><td><h1>(OpenJPEG)</h1></td></tr></table><hr/>
21 <h1>Changelog from Git</h1><br/><br/>
22 <div class='changelog'>
23 <pre class='wrap'>commit 1d358f25c8eabbc7c274bcc148f4f5d594ec13fe
24 Merge: 64689d0 4edb8c8
25 Author: Even Rouault <even.rouault@spatialys.com>
26 Date: 2020-05-20 20:29:31 +0200
28 Merge pull request #1246 from rouault/write_plt
30 Add support for generation of PLT markers in encoder
32 commit 4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
33 Author: Even Rouault <even.rouault@spatialys.com>
34 Date: 2020-04-21 15:55:44 +0200
36 Add support for generation of PLT markers in encoder
38 * -PLT switch added to opj_compress
39 * Add a opj_encoder_set_extra_options() function that
40 accepts a PLT=YES option, and could be expanded later
45 Testing with a Sentinel2 10m band, T36JTT_20160914T074612_B02.jp2,
46 coming from S2A_MSIL1C_20160914T074612_N0204_R135_T36JTT_20160914T081456.SAFE
48 Decompress it to TIFF:
50 opj_uncompress -i T36JTT_20160914T074612_B02.jp2 -o T36JTT_20160914T074612_B02.tif
53 Recompress it with similar parameters as original:
55 opj_compress -n 5 -c [256,256],[256,256],[256,256],[256,256],[256,256] -t 1024,1024 -PLT -i T36JTT_20160914T074612_B02.tif -o T36JTT_20160914T074612_B02_PLT.jp2
58 Dump codestream detail with GDAL dump_jp2.py utility (https://github.com/OSGeo/gdal/blob/master/gdal/swig/python/samples/dump_jp2.py)
60 python dump_jp2.py T36JTT_20160914T074612_B02.jp2 > /tmp/dump_sentinel2_ori.txt
61 python dump_jp2.py T36JTT_20160914T074612_B02_PLT.jp2 > /tmp/dump_sentinel2_openjpeg_plt.txt
64 The diff between both show very similar structure, and identical number of packets in PLT markers
66 Now testing with Kakadu (KDU803_Demo_Apps_for_Linux-x86-64_200210)
68 Full file decompression:
70 kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp.tif
72 Consumed 121 tile-part(s) from a total of 121 tile(s).
73 Consumed 80,318,806 codestream bytes (excluding any file format) = 5.329697
75 Processed using the multi-threaded environment, with
76 8 parallel threads of execution
79 Partial decompresson (presumably using PLT markers):
81 kdu_expand -i T36JTT_20160914T074612_B02.jp2 -o tmp.pgm -region "{0.5,0.5},{0.01,0.01}"
82 kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp2.pgm -region "{0.5,0.5},{0.01,0.01}"
83 diff tmp.pgm tmp2.pgm && echo "same !"
88 Funded by ESA for S2-MPC project
90 commit 64689d05dfaaf52105581d93fb1eb173b20829a4
91 Author: Even Rouault <even.rouault@spatialys.com>
92 Date: 2020-04-18 18:25:44 +0200
94 struct opj_j2k: remove unused fields, and add some documentation
96 commit 774889a328abd5d3c280d9a897f1ac4c672cb0e5
97 Merge: b6b7e96 271a71e
98 Author: Even Rouault <even.rouault@spatialys.com>
99 Date: 2020-04-17 00:39:46 +0200
101 Merge pull request #1244 from rouault/fix_pi_warnings
103 Fix warnings about signed/unsigned casts in pi.c
105 commit b6b7e96b0cf7819ef6a2e8ba2f8bdaaf938326ed
106 Author: szukw000 <szukw000@arcor.de>
107 Date: 2020-04-17 00:37:33 +0200
109 color_apply_icc_profile: add checks on the number of components (#1236)
111 commit 040e142288e90c9c2d46d25d0a27f828f968bb93
112 Author: Eduardo Barretto <edusbarretto@gmail.com>
113 Date: 2020-04-16 19:09:40 -0300
115 jp3d/jpwl/mj2/jpip: Fix resource leaks (#1226)
117 This issues were found by cppcheck and coverity.
119 commit 271a71ef0f1dd4740c9f4474279c7da8d15850c9
120 Author: Even Rouault <even.rouault@spatialys.com>
121 Date: 2020-04-16 20:52:44 +0200
123 Fix warnings about signed/unsigned casts in pi.c
125 commit 221a801a97a3ea968a311f7905c18a1eb7f034c4
126 Author: Even Rouault <even.rouault@spatialys.com>
127 Date: 2020-04-16 20:33:22 +0200
129 Rename mis-named function opj_tcd_get_encoded_tile_size() to opj_tcd_get_encoder_input_buffer_size()
131 commit 9c1cfb034a8cf24eb5e35fe9c7074fd079d14b80
132 Merge: 563ecfb 1c54024
133 Author: Even Rouault <even.rouault@spatialys.com>
134 Date: 2020-04-01 22:00:19 +0200
136 Merge pull request #1240 from rouault/fix_crash_opj_decompress
138 opj_decompress: add sanity checks to avoid segfault in case of decoding error
140 commit 1c54024165fd5db0e6047f28903274eb27d0980f
141 Author: Even Rouault <even.rouault@spatialys.com>
142 Date: 2020-04-01 20:58:55 +0200
144 opj_decompress: add sanity checks to avoid segfault in case of decoding error
146 Prevent crashes like:
147 opj_decompress -i 0722_5-1_2019.jp2 -o out.ppm -r 4 -t 0
149 where 0722_5-1_2019.jp2 is
150 https://drive.google.com/file/d/1ZxOUZg2-FKjYwa257VFLMpTXRWxEoP0a/view?usp=sharing
152 commit 563ecfb55ca77c0fc5ea19e4885e00f55ec82ca9
153 Author: Even Rouault <even.rouault@spatialys.com>
154 Date: 2020-02-13 09:59:17 +0100
156 opj_compress: improve help message regarding new IMF switch
158 commit 4e5501b3c72a98b3117e68263afb922092c309cf
159 Merge: 2888145 84f3beb
160 Author: Even Rouault <even.rouault@spatialys.com>
161 Date: 2020-02-13 09:54:20 +0100
163 Merge pull request #1235 from rouault/imf
165 Implement writing of IMF profiles
167 commit 84f3bebbff515f2b00ccf0c817930ebb10b91760
168 Author: Even Rouault <even.rouault@spatialys.com>
169 Date: 2020-02-12 15:55:16 +0100
171 Implement writing of IMF profiles
173 Add -IMF switch to opj_compress as well
175 commit fffe32adcb9f41a00805f4120012be9625ba450a
176 Author: Even Rouault <even.rouault@spatialys.com>
177 Date: 2020-02-12 15:55:02 +0100
179 openjpeg.h: fix values of OPJ_PROFILE_IMF_ constants
181 commit 28881453f6b1ae68a357557999498a11a2bc8b7e
182 Merge: 647f9b1 b5cb419
183 Author: Even Rouault <even.rouault@spatialys.com>
184 Date: 2020-02-10 11:20:20 +0100
186 Merge pull request #1234 from rouault/md5_libtiff_4_1
188 tests: add alternate checksums for libtiff 4.1
190 commit b5cb419faff300fdbc0b4e98dab5c9010db6f39d
191 Author: Even Rouault <even.rouault@spatialys.com>
192 Date: 2020-02-07 21:53:10 +0100
194 tests: add alternate checksums for libtiff 4.1
198 libtiff 4.1 slightly modifies the way it generates files. So
199 add the new expected md5sum.
201 Not super elegant solution admitedly.
203 commit 647f9b118d12819c63635eea65909b0e49e0f201
204 Merge: b63a433 05f9b91
205 Author: Even Rouault <even.rouault@spatialys.com>
206 Date: 2020-01-30 13:07:31 +0100
208 Merge pull request #1232 from rouault/fix_1231
210 opj_tcd_init_tile(): avoid integer overflow
212 commit 05f9b91e60debda0e83977e5e63b2e66486f7074
213 Author: Even Rouault <even.rouault@spatialys.com>
214 Date: 2020-01-30 00:59:57 +0100
216 opj_tcd_init_tile(): avoid integer overflow
218 That could lead to later assertion failures.
220 Fixes #1231 / CVE-2020-8112
222 commit b63a433ba168bad5fa10e83de04d6305e6a222e2
223 Author: Max Moroz <dor3s1@gmail.com>
224 Date: 2020-01-13 09:07:54 -0800
226 tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230)
228 This was changed some time ago (https://google.github.io/oss-fuzz/getting-started/new-project-guide/) but the build didn't fail as there is a fallback mechanism. The main advantage of the new approach is that for libFuzzer this produces more performant binaries (as `$LIB_FUZZING_ENGINE` expands into `-fsanitize=fuzzer`, which links libFuzzer from the compiler-rt, allowing better optimization tricks).
230 I'm also experimenting with dataflow (https://github.com/google/oss-fuzz/issues/1632) on your project, and the dataflow config doesn't have a fallback (as it's a new configuration), therefore I'm proposing a change to migrate from `-lFuzzingEngine` to `$LIB_FUZZING_ENGINE`.
232 commit 46c1eff9e98bbcf794d042f7b2e3d45556e805ce
233 Merge: ac37373 024b840
234 Author: Even Rouault <even.rouault@spatialys.com>
235 Date: 2020-01-11 11:29:11 +0100
237 Merge pull request #1229 from rouault/fix_1228
239 opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
241 commit 024b8407392cb0b82b04b58ed256094ed5799e04
242 Author: Even Rouault <even.rouault@spatialys.com>
243 Date: 2020-01-11 01:51:19 +0100
245 opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
247 commit ac3737372a00b8778b528094dd5bd58a74f67d42
248 Merge: 9701b33 4cb1f66
249 Author: Even Rouault <even.rouault@spatialys.com>
250 Date: 2019-11-17 13:08:41 +0100
252 Merge pull request #1217 from rouault/fix_ossfuzz_18979
254 pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
256 commit 9701b3305db58d35e4446946309f88937e2f5342
257 Author: Robert Ancell <robert.ancell@gmail.com>
258 Date: 2019-11-17 15:09:59 +1300
260 JPWL: convert: Fix buffer overflow reading an image file less than four characters (#1196)
264 commit cb332992a7c84316824b1c4810103ee4f190937c
265 Merge: 5875a6b 016f80a
266 Author: Even Rouault <even.rouault@spatialys.com>
267 Date: 2019-11-17 02:47:26 +0100
269 Merge pull request #1218 from rouault/fix_broken_abi_check
271 abi-check.sh: fix false postive ABI error, and display output error log
273 commit 016f80ae2106c2b1b5bca08a684b0bd082e231e6
274 Author: Even Rouault <even.rouault@spatialys.com>
275 Date: 2019-11-17 01:35:26 +0100
277 abi-check.sh: fix false postive ABI error, and display output error log
279 There is currently a false positive ABI check failure between v2.3.1
280 and current. It disappears when removing the generated reports of v2.3.1
281 and recreating them. It is likely that some tooling has evolved since
282 the initial v2.3.1 report generation.
284 commit 4cb1f663049aab96e122d1ff16f601d0cc0be976
285 Author: Even Rouault <even.rouault@spatialys.com>
286 Date: 2019-11-17 01:18:26 +0100
288 pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
290 commit 5875a6b44618fb7dfd5cd6d742533eaee2014060
291 Author: Even Rouault <even.rouault@spatialys.com>
292 Date: 2019-10-03 11:04:30 +0200
294 opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151)
296 commit e66125fe260deee49fdf6e9978d9bd29871dd5bb
297 Merge: 8db9d25 b275196
298 Author: Even Rouault <even.rouault@spatialys.com>
299 Date: 2019-09-03 17:03:54 +0200
301 Merge pull request #1164 from sebras/master
303 openjp2/j2k: Report error if all wanted components are not decoded.
305 commit 8db9d25dcf360528fd1e094e4f9274c0635e90cc
306 Author: Even Rouault <even.rouault@spatialys.com>
307 Date: 2019-06-15 09:55:16 +0200
309 opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)
311 commit f4d65783593fd0490e0fdb9f323f2d5aff81a21d
312 Author: Even Rouault <even.rouault@spatialys.com>
313 Date: 2019-05-26 11:06:01 +0200
315 test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)
317 commit 9b7620ee7a3d72bfcdbebd78e607c5ee8aa7fade
318 Merge: 4f447c6 3aef207
319 Author: Even Rouault <even.rouault@spatialys.com>
320 Date: 2019-04-26 19:52:52 +0200
322 Merge pull request #1185 from Young-X/fix
324 Fix several potential vulnerabilities
326 commit 4f447c6e18444a4182f7844d25033861eee8df55
327 Merge: 5dd75f6 a94cfbd
328 Author: Even Rouault <even.rouault@spatialys.com>
329 Date: 2019-04-25 15:32:22 +0200
331 Merge pull request #1192 from rouault/poc_fixes
333 compression: emit POC marker when only one single POC is requested (f…
335 commit a94cfbd5334922ca5b63cfac9d2e5e0ec98155be
336 Author: Even Rouault <even.rouault@spatialys.com>
337 Date: 2019-04-25 14:07:46 +0200
339 Change opj_j2k_check_poc_val() to take into account tile number
341 commit bdec5ae2723369be5abba7aaae398aa4ae3225cc
342 Author: Even Rouault <even.rouault@spatialys.com>
343 Date: 2019-04-25 01:29:38 +0200
345 Add test for previous commit
347 commit 6423163141412cb93364de4e33d90bcffefa0885
348 Author: Even Rouault <even.rouault@spatialys.com>
349 Date: 2019-04-25 01:27:02 +0200
351 Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
353 commit b86717fdd36b628ea7ecb5c24f7a086bf5bcd3a7
354 Author: Even Rouault <even.rouault@spatialys.com>
355 Date: 2019-04-25 00:40:04 +0200
357 Add test for previous commit
359 commit 23883458b9de2c57fc1890b42efbd0832c8fbe3b
360 Author: Even Rouault <even.rouault@spatialys.com>
361 Date: 2019-04-25 00:34:44 +0200
363 opj_j2k_check_poc_val(): prevent potential write outside of allocated array
365 commit 6589c609f6d6b3743715fceefbdac6e4ecb76aee
366 Author: Even Rouault <even.rouault@spatialys.com>
367 Date: 2019-04-25 00:28:05 +0200
369 opj_j2k_check_poc_val(): fix starting index for checking layer dimension
371 The standard mandates that the layer index always starts at zero for every
374 commit 1e3a57563defb6aa7cf24ffd2394d4a820e13bda
375 Author: Even Rouault <even.rouault@spatialys.com>
376 Date: 2019-04-25 00:17:13 +0200
378 compression: emit POC marker when only one single POC is requested (fixes #1191)
380 commit 5dd75f62e20efff9f094fd1dbd0d4d00e8b37689
381 Author: Even Rouault <even.rouault@spatialys.com>
382 Date: 2019-04-23 16:52:21 +0200
384 j2k.c: use correct naming convention for total_data_size variable
386 commit 3aef207f90e937d4931daf6d411e092f76d82e66
387 Author: Young Xiao <YangX92@hotmail.com>
388 Date: 2019-03-16 20:09:59 +0800
390 bmp_read_rle4_data(): avoid potential infinite loop
392 commit 21399f6b7d318fcdf4406d5e88723c4922202aa3
393 Author: Young Xiao <YangX92@hotmail.com>
394 Date: 2019-03-16 19:57:27 +0800
396 convertbmp: detect invalid file dimensions early
398 width/length dimensions read from bmp headers are not necessarily
399 valid. For instance they may have been maliciously set to very large
400 values with the intention to cause DoS (large memory allocation, stack
401 overflow). In these cases we want to detect the invalid size as early
404 This commit introduces a counter which verifies that the number of
405 written bytes corresponds to the advertized width/length.
407 See commit 8ee335227bbc for details.
409 Signed-off-by: Young Xiao <YangX92@hotmail.com>
411 commit d0dd894ae24d0f2f09072adf1b966033dd64672d
412 Author: Antonin Descampe <antonin@gmail.com>
413 Date: 2019-04-02 15:37:38 +0200
415 Comment back opj_previous_version in abi_check.sh
417 commit 291e45bb045e63334729ad9a894595f8e1e2b2c7
418 Author: Antonin Descampe <antonin@gmail.com>
419 Date: 2019-04-02 15:12:59 +0200
421 Update version number for automatic abi check
423 commit 57096325457f96d8cd07bd3af04fe81d7a2ba788
424 Author: Antonin Descampe <antonin@gmail.com>
425 Date: 2019-04-02 14:45:15 +0200
427 update token for appveyor auto release
429 commit 8b9a89bc2e61652d30bbc56673f8f03ef464430f
430 Author: Antonin Descampe <antonin@gmail.com>
431 Date: 2019-04-02 14:25:09 +0200
433 update token for automatic release
435 commit d1d422c126cbc2a5435340bd85f4b52ff0477101
436 Author: Antonin Descampe <antonin@gmail.com>
437 Date: 2019-04-02 12:08:52 +0200
439 Update for release 2.3.1
441 commit d3b0b8927acf2e050a6379320d36fc3bb3751fe3
442 Author: Antonin Descampe <info@openjpeg.org>
443 Date: 2019-04-02 11:03:16 +0200
445 Update for release 2.3.1
447 commit c7798bb0c636c89ab7f0bab4d89e7f0136e0e55a
448 Author: Antonin Descampe <info@openjpeg.org>
449 Date: 2019-04-02 11:02:20 +0200
451 update for release 2.3.1
453 commit 8196ab531e79602fe3c947d09d3240c25c358731
454 Author: Antonin Descampe <info@openjpeg.org>
455 Date: 2019-04-02 11:00:58 +0200
457 Update BUILD version for release 2.3.1
459 commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
460 Merge: d6b8aed 5151426
461 Author: Even Rouault <even.rouault@mines-paris.org>
462 Date: 2019-03-29 12:25:39 +0100
464 Merge pull request #1188 from rouault/fix_abi_check
466 abi-check.sh: fix broken download URL
468 commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
469 Author: Even Rouault <even.rouault@spatialys.com>
470 Date: 2019-03-29 11:53:23 +0100
472 abi-check.sh: fix broken download URL
474 commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
475 Merge: 25b815d a1d32a5
476 Author: Even Rouault <even.rouault@mines-paris.org>
477 Date: 2019-03-29 11:52:38 +0100
479 Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
481 opj_t1_encode_cblks: fix UBSAN signed integer overflow
483 commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
484 Author: Even Rouault <even.rouault@spatialys.com>
485 Date: 2019-03-29 11:17:39 +0100
487 opj_t1_encode_cblks: fix UBSAN signed integer overflow
489 Fixes #1053 / CVE-2018-5727
491 Note: I don't consider this issue to be a security vulnerability, in
493 At least with gcc or clang compilers on x86_64 which generate the same
494 assembly code with or without that fix.
496 commit 25b815dc460dbf9def7e6b822c8998727094f85a
497 Author: Even Rouault <even.rouault@spatialys.com>
498 Date: 2019-03-29 10:44:35 +0100
500 Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
502 This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
504 This commit doesn't compile due to missing OPJ_UINT64 type
506 commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
507 Author: Even Rouault <even.rouault@spatialys.com>
508 Date: 2019-03-29 10:40:58 +0100
510 Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
512 This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
514 The commit didn't compile. include_size is not defined in openmj2
516 commit b2751967ecabf8d8856e85ab91e25d4f235e2eb3
517 Author: Sebastian Rasmussen <sebras@gmail.com>
518 Date: 2018-10-31 20:22:11 +0100
520 openjp2/j2k: Report error if all wanted components are not decoded.
522 Previously the caller had to check whether each component data had
523 been decoded. This means duplicating the checking in every user of
524 openjpeg which is unnecessary. If the caller wantes to decode all
525 or a set of, or a specific component then openjpeg ought to error
526 out if it was unable to do so.
530 commit 51f097e6d5754ddae93e716276fe8176b44ec548
531 Merge: e7640f5 8ee3352
532 Author: Even Rouault <even.rouault@mines-paris.org>
533 Date: 2018-12-21 16:41:00 +0100
535 Merge pull request #1172 from hlef/master
537 convertbmp: detect invalid file dimensions early (CVE-2018-6616)
539 commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
540 Author: Hugo Lefeuvre <hle@debian.org>
541 Date: 2018-12-14 04:58:40 +0100
543 convertbmp: detect invalid file dimensions early
545 width/length dimensions read from bmp headers are not necessarily
546 valid. For instance they may have been maliciously set to very large
547 values with the intention to cause DoS (large memory allocation, stack
548 overflow). In these cases we want to detect the invalid size as early
551 This commit introduces a counter which verifies that the number of
552 written bytes corresponds to the advertized width/length.
554 Fixes #1059 (CVE-2018-6616).
556 commit e7640f58f122d1228f3d750864543ad4703e18fc
557 Merge: e0f5212 05be308
558 Author: Even Rouault <even.rouault@mines-paris.org>
559 Date: 2018-12-07 21:27:38 +0100
561 Merge pull request #1168 from Young-X/fix_dev
563 Fix multiple potential vulnerabilities and bugs
565 commit 05be3084460e46282ee63f04c72c451f3271fd28
566 Author: Young Xiao <YangX92@hotmail.com>
567 Date: 2018-11-28 14:44:06 +0800
569 [JPWL] tgatoimage(): avoid excessive memory allocation attempt,
570 and fixes unaligned load
572 Signed-off-by: Young Xiao <YangX92@hotmail.com>
574 commit bd88611ed9ad7144ec4f3de54790cd848175891b
575 Author: Young_X <YangX92@hotmail.com>
576 Date: 2018-11-23 17:15:05 +0800
578 [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
580 Signed-off-by: Young_X <YangX92@hotmail.com>
582 commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
583 Author: Young_X <YangX92@hotmail.com>
584 Date: 2018-11-23 17:12:06 +0800
586 [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
588 Signed-off-by: Young_X <YangX92@hotmail.com>
590 commit c58df149900df862806d0e892859b41115875845
591 Author: Young_X <YangX92@hotmail.com>
592 Date: 2018-11-23 16:24:19 +0800
594 [OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
595 opj_get_encoding_parameters
597 Signed-off-by: Young_X <YangX92@hotmail.com>
599 commit c277159986c80142180fbe5efb256bbf3bdf3edc
600 Author: Young_X <YangX92@hotmail.com>
601 Date: 2018-11-23 16:12:53 +0800
603 [MJ2] Avoid index out of bounds access to pi->include[]
605 Signed-off-by: Young_X <YangX92@hotmail.com>
607 commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
608 Merge: 92023cd 2e5ab1d
609 Author: Even Rouault <even.rouault@mines-paris.org>
610 Date: 2018-11-28 00:04:30 +0100
612 Merge pull request #1170 from rouault/fix_color_apply_icc_profile
614 color_apply_icc_profile: avoid potential heap buffer overflow
616 commit 2e5ab1d9987831c981ff05862e8ccf1381ed58ea
617 Author: Even Rouault <even.rouault@spatialys.com>
618 Date: 2018-11-27 23:31:30 +0100
620 color_apply_icc_profile: avoid potential heap buffer overflow
622 Derived from a patch by Thuan Pham
624 commit 46822d0eddc3324b2a056bc60ffa997027bebd66
625 Author: Young_X <YangX92@hotmail.com>
626 Date: 2018-11-23 15:58:23 +0800
628 [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
630 Signed-off-by: Young_X <YangX92@hotmail.com>
632 commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
633 Author: Young_X <YangX92@hotmail.com>
634 Date: 2018-11-23 15:02:26 +0800
636 [JPWL] fix CVE-2018-16375
638 Signed-off-by: Young_X <YangX92@hotmail.com>
640 commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
641 Author: Young_X <YangX92@hotmail.com>
642 Date: 2018-11-23 14:47:36 +0800
644 [MJ2] To avoid divisions by zero / undefined behaviour on shift
646 Signed-off-by: Young_X <YangX92@hotmail.com>
648 commit 92023cd6c377e0384a7725949b25655d4d94dced
649 Merge: c196b23 cab352e
650 Author: Even Rouault <even.rouault@mines-paris.org>
651 Date: 2018-11-16 09:42:19 +0100
653 Merge pull request #1160 from hlef/master
655 jp3d/jpwl convert: fix write stack buffer overflow
657 commit c196b23b90321b5c7e3238294607a2e8626c503f
658 Author: ichlubna <43234438+ichlubna@users.noreply.github.com>
659 Date: 2018-11-16 09:40:31 +0100
661 openjp3d: Int overflow fixed (#1159)
663 When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
665 commit cab352e249ed3372dd9355c85e837613fff98fa2
666 Author: Hugo Lefeuvre <hle@debian.org>
667 Date: 2018-11-07 18:48:29 +0100
669 jp2: convert: fix null pointer dereference
671 Tile components in a JP2 image might have null data pointer by defining a
672 zero component size (for example using large horizontal or vertical
673 sampling periods). This null data pointer leads to null image component
674 data pointer, causing crash when dereferenced without != null check in
679 This commit addresses #1152 (CVE-2018-18088).
681 commit 0bc90e4062a5f9258c91eca018c019b179066c62
682 Author: Hugo Lefeuvre <hle@debian.org>
683 Date: 2018-10-22 16:59:41 +0200
685 jp3d/jpwl convert: fix write stack buffer overflow
687 Missing buffer length formatter in fscanf call might lead to write
688 stack buffer overflow.
690 fixes #1044 (CVE-2017-17480)
692 commit 948332e6ed17565100d1df5f6fdbf66865218e36
693 Author: Stefan Weil <sw@weilnetz.de>
694 Date: 2018-10-31 20:44:30 +0100
696 Fix some potential overflow issues (#1161)
698 * Fix some potential overflow issues
700 Put sizeof to the beginning of the multiplication to enforce that
701 size_t instead of smaller integer types is used for the calculation.
703 This fixes warnings from LGTM:
705 Multiplication result may overflow 'unsigned int'
706 before it is converted to 'unsigned long'.
708 It also allows removing some type casts.
710 Signed-off-by: Stefan Weil <sw@weilnetz.de>
712 * Fix code indentation
714 Signed-off-by: Stefan Weil <sw@weilnetz.de>
716 commit e52909f4c7896c5efff3340d707c12d0df55d3f9
717 Merge: cd900d9 943db0f
718 Author: Even Rouault <even.rouault@mines-paris.org>
719 Date: 2018-10-31 20:41:52 +0100
721 Merge pull request #1163 from nforro/memory-and-resource-leaks
723 Fix several memory and resource leaks
725 commit 943db0f1c28ca6a7df6d18483f97166a03be9bf7
726 Author: Nikola Forró <nforro@redhat.com>
727 Date: 2018-10-31 13:39:05 +0100
729 Fix several memory and resource leaks
731 Signed-off-by: Nikola Forró <nforro@redhat.com>
733 commit cd900d96618ab77e79812db654731dd6b5fc7bd8
734 Author: Even Rouault <even.rouault@spatialys.com>
735 Date: 2018-10-18 11:45:45 +0200
737 opj_thread_pool_setup(): fix infinite waiting if a thread creation failed
739 commit 0e6a5553cfef21b764d289585af2c6934a95456b
740 Merge: 8fc09e5 ca16fe5
741 Author: Even Rouault <even.rouault@mines-paris.org>
742 Date: 2018-09-22 23:54:12 +0200
744 Merge pull request #1148 from hlef/master
746 CVE-2018-5785: fix issues with zero bitmasks
748 commit 8fc09e50e557fa6af4c099b9c6d36bb1071ee1ed
749 Author: Even Rouault <even.rouault@spatialys.com>
750 Date: 2018-09-22 23:47:56 +0200
752 opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125)
754 commit aaf48ee6bae91032f025f9ac11592c4085a0d96b
755 Merge: ee827ad cc38247
756 Author: Even Rouault <even.rouault@spatialys.com>
757 Date: 2018-09-22 23:12:50 +0200
759 Merge branch 'pr1095'
761 commit cc3824767bde397fedb8a1ae4786a222ba860c8d
762 Author: Karol Babioch <kbabioch@suse.de>
763 Date: 2018-03-02 14:40:58 +0100
765 opj_mj2_extract: Check provided output prefix for length
767 This uses snprintf() with correct buffer length instead of sprintf(), which
768 prevents a buffer overflow when providing a long output prefix. Furthermore
769 the program exits with an error when the provided output prefix is too long.
773 commit ee827ad3f32469d4854b2da71c9703a2af359f9f
774 Merge: 5d94bcd 1eb9a57
775 Author: Even Rouault <even.rouault@spatialys.com>
776 Date: 2018-09-22 23:05:54 +0200
778 Merge branch 'pr1107'
780 commit 1eb9a57ac1216209a4d9adf87bc47ba19810d3b3
781 Author: szukw000 <szukw000@arcor.de>
782 Date: 2018-03-13 18:11:54 +0100
784 opj_mj2_extract: Avoid segfault for long filenames
786 commit 5d94bcd89c6e281614955c56cbfebb11b866a9dd
787 Merge: b54c06f 0fa7ebe
788 Author: Even Rouault <even.rouault@mines-paris.org>
789 Date: 2018-09-22 22:59:36 +0200
791 Merge pull request #1136 from reverson/master
795 commit b54c06fb350d318c8e74755710b3480eae3b9911
796 Merge: 17bbb0e 4aaf52e
797 Author: Even Rouault <even.rouault@mines-paris.org>
798 Date: 2018-09-22 22:59:17 +0200
800 Merge pull request #1119 from stweil/ssize_t
802 Use local type declaration for POSIX standard type only for MS compiler
804 commit 17bbb0e23ff03bb722914841a9b962b21fe7a310
805 Merge: ccc4441 3d6ffaf
806 Author: Even Rouault <even.rouault@mines-paris.org>
807 Date: 2018-09-22 22:55:33 +0200
809 Merge pull request #1128 from stweil/typos
811 Fix some typos in code comments and documentation
813 commit ccc4441aeb7bf4928e55bd543fab8de662f6d5e7
814 Merge: c6ee006 24fd3ce
815 Author: Even Rouault <even.rouault@mines-paris.org>
816 Date: 2018-09-22 22:54:51 +0200
818 Merge pull request #1140 from bukatlib/fix_relpath
820 Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file
822 commit c6ee006250b093f443e226288c6c866c5ebe12f5
823 Merge: 2d28610 98363e2
824 Author: Even Rouault <even.rouault@mines-paris.org>
825 Date: 2018-09-22 22:47:27 +0200
827 Merge pull request #1141 from szukw000/changes-in-pnmtoimage
829 Changes in pnmtoimage if image data are missing
831 commit 2d2861036cfb68560e0cf21340760781ea78595d
832 Merge: 1b9a81d 31a03b3
833 Author: Even Rouault <even.rouault@mines-paris.org>
834 Date: 2018-09-22 22:28:04 +0200
836 Merge pull request #1143 from stweil/format
838 openjp2/jp2: Fix two format strings
840 commit 1b9a81dff7c22ed0cb22bf1033e6dfee1292da31
841 Merge: 9d1a9dc c28ed52
842 Author: Even Rouault <even.rouault@mines-paris.org>
843 Date: 2018-09-22 22:27:14 +0200
845 Merge pull request #1149 from rouault/fix_knownfailures
847 Update knownfailures- files given current configurations
849 commit c28ed521633c074f1e4891208028fe97f7602a14
850 Author: Even Rouault <even.rouault@spatialys.com>
851 Date: 2018-09-22 21:56:50 +0200
853 Update knownfailures- files given current configurations
855 commit ca16fe55014c57090dd97369256c7657aeb25975
856 Author: Hugo Lefeuvre <hle@debian.org>
857 Date: 2018-09-22 14:33:19 -0400
859 convertbmp: fix issues with zero bitmasks
861 In the case where a BMP file declares compression 3 (BI_BITFIELDS)
862 with header size <= 56, all bitmask values keep their initialization
863 value 0. This may lead to various undefined behavior later e.g. when
864 doing 1 << (l_comp->prec - 1).
866 This issue does not affect files with bit count 16 because of a check
867 added in 16240e2 which sets default values to the color masks if they
870 This commit adds similar checks for the 32 bit case.
872 Also, if a BMP file declares compression 3 with header size >= 56 and
873 intentional 0 bitmasks, the same issue will be triggered in both the
874 16 and 32 bit count case.
876 This commit adds checks to bmp_read_info_header() rejecting BMP files
877 with "intentional" 0 bitmasks. These checks might be removed in the
878 future when proper handling of zero bitmasks will be available in
881 fixes #1057 (CVE-2018-5785)
883 commit 31a03b390a77bfbe4b0f140121d1296acb611f76
884 Author: Stefan Weil <sw@weilnetz.de>
885 Date: 2018-09-05 21:51:30 +0200
887 openjp2/jp2: Fix two format strings
891 src/lib/openjp2/jp2.c:1008:35: warning:
892 too many arguments for format [-Wformat-extra-args]
893 src/lib/openjp2/j2k.c:1928:73: warning:
894 format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘OPJ_OFF_T {aka long int}’ [-Wformat=]
896 Signed-off-by: Stefan Weil <sw@weilnetz.de>
898 commit 3d6ffaf3f3463b62830f88f50a8c1b510f555eb5
899 Author: Stefan Weil <sw@weilnetz.de>
900 Date: 2018-07-30 21:04:28 +0200
902 Fix some typos in code comments and documentation
904 All typos were found by Codespell.
906 Signed-off-by: Stefan Weil <sw@weilnetz.de>
908 commit 98363e244e027c731f73ee8239d3c19451a9153b
909 Author: szukw000 <szukw000@arcor.de>
910 Date: 2018-08-31 16:24:41 +0200
912 Changes in pnmtoimage if image data are missing
914 commit 24fd3ce777a64b8b315cfe1ee642ec7b1cc6aa97
915 Author: Libor Bukata <libor.bukata@oracle.com>
916 Date: 2018-08-31 12:57:40 +0200
918 The change makes a relative path to header files
919 always correct regardless of the number of sub-
920 directories in OPENJPEG_INSTALL_PACKAGE_DIR variable.
922 commit 0fa7ebe2540990f590c2247b3505ac1dc84b6eec
923 Author: Robert Everson <robert@reverson.net>
924 Date: 2018-08-27 15:28:53 -0700
928 commit 9d1a9dc20dd5155bab977a4f53d05c4bbd66533a
929 Merge: d2205ba 56f23b2
930 Author: Even Rouault <even.rouault@mines-paris.org>
931 Date: 2018-08-11 23:35:35 +0200
933 Merge pull request #1133 from robe2/robe2-pkgconfig-instructions
935 Add -DBUILD_PKGCONFIG_FILES to install instructions
937 commit 56f23b29a075467fc2377ba086c0263a3eb70fe6
938 Author: Regina Obe <lr@pcorp.us>
939 Date: 2018-08-11 16:59:30 -0400
941 Add -DBUILD_PKGCONFIG_FILES to install instructions
943 Building under msys/mingw doesn't automatically install the pkg config files needed to build GDAL and other libraries