X-Git-Url: https://main.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Flib%2Fopenjp2%2Fjp2.c;h=a607c8a944b5b8a973c4d3e977ea90609d00140a;hb=319fc971fef8a1e1c1c543506c26805873e3f258;hp=fea34771b8438d32db7636a20dfaf4bb362c6b58;hpb=9f78c6895318be2906c93cc25e68dd1c09a1c6fe;p=openjpeg.git diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c index fea34771..a607c8a9 100644 --- a/src/lib/openjp2/jp2.c +++ b/src/lib/openjp2/jp2.c @@ -482,12 +482,16 @@ static OPJ_BOOL opj_jp2_read_boxhdr(opj_jp2_box_t *box, opj_read_bytes(l_data_header+4,&(box->type), 4); if(box->length == 0)/* last box */ - { + { const OPJ_OFF_T bleft = opj_stream_get_number_byte_left(cio); - box->length = (OPJ_UINT32)bleft; - assert( (OPJ_OFF_T)box->length == bleft ); - return OPJ_TRUE; + if (bleft > (OPJ_OFF_T)(0xFFFFFFFFU - 8U)) { + opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box sizes higher than 2^32\n"); + return OPJ_FALSE; } + box->length = (OPJ_UINT32)bleft + 8U; + assert( (OPJ_OFF_T)box->length == bleft + 8 ); + return OPJ_TRUE; + } /* do we have a "special very large box ?" */ /* read then the XLBox */ @@ -642,12 +646,13 @@ static OPJ_BYTE * opj_jp2_write_bpcc( opj_jp2_t *jp2, { OPJ_UINT32 i; /* room for 8 bytes for box and 1 byte for each component */ - OPJ_UINT32 l_bpcc_size = 8 + jp2->numcomps; + OPJ_UINT32 l_bpcc_size; OPJ_BYTE * l_bpcc_data,* l_current_bpcc_ptr; /* preconditions */ assert(jp2 != 00); assert(p_nb_bytes_written != 00); + l_bpcc_size = 8 + jp2->numcomps; l_bpcc_data = (OPJ_BYTE *) opj_calloc(1,l_bpcc_size); if (l_bpcc_data == 00) { @@ -1400,6 +1405,10 @@ static OPJ_BOOL opj_jp2_read_colr( opj_jp2_t *jp2, OPJ_UINT32 rl, ol, ra, oa, rb, ob, il; cielab = (OPJ_UINT32*)opj_malloc(9 * sizeof(OPJ_UINT32)); + if(cielab == NULL){ + opj_event_msg(p_manager, EVT_ERROR, "Not enough memory for cielab\n"); + return OPJ_FALSE; + } cielab[0] = 14; /* enumcs */ /* default values */ @@ -1635,7 +1644,7 @@ static OPJ_BOOL opj_jp2_write_ftyp(opj_jp2_t *jp2, opj_event_mgr_t * p_manager ) { OPJ_UINT32 i; - OPJ_UINT32 l_ftyp_size = 16 + 4 * jp2->numcl; + OPJ_UINT32 l_ftyp_size; OPJ_BYTE * l_ftyp_data, * l_current_data_ptr; OPJ_BOOL l_result; @@ -1643,6 +1652,7 @@ static OPJ_BOOL opj_jp2_write_ftyp(opj_jp2_t *jp2, assert(cio != 00); assert(jp2 != 00); assert(p_manager != 00); + l_ftyp_size = 16 + 4 * jp2->numcl; l_ftyp_data = (OPJ_BYTE *) opj_calloc(1,l_ftyp_size); @@ -2112,7 +2122,7 @@ static OPJ_BOOL opj_jp2_read_header_procedure( opj_jp2_t *jp2, if (box.type == JP2_JP2C) { if (jp2->jp2_state & JP2_STATE_HEADER) { jp2->jp2_state |= JP2_STATE_CODESTREAM; - opj_free(l_current_data); + opj_free(l_current_data); return OPJ_TRUE; } else { @@ -2127,7 +2137,7 @@ static OPJ_BOOL opj_jp2_read_header_procedure( opj_jp2_t *jp2, return OPJ_FALSE; } /* testcase 1851.pdf.SIGSEGV.ce9.948 */ - else if (box.length < l_nb_bytes_read) { + else if (box.length < l_nb_bytes_read) { opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d (%x)\n", box.length, box.type); opj_free(l_current_data); return OPJ_FALSE; @@ -2184,16 +2194,16 @@ static OPJ_BOOL opj_jp2_read_header_procedure( opj_jp2_t *jp2, } } else { - if (!(jp2->jp2_state & JP2_STATE_SIGNATURE)) { - opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: first box must be JPEG 2000 signature box\n"); - opj_free(l_current_data); - return OPJ_FALSE; - } - if (!(jp2->jp2_state & JP2_STATE_FILE_TYPE)) { - opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: second box must be file type box\n"); - opj_free(l_current_data); - return OPJ_FALSE; - } + if (!(jp2->jp2_state & JP2_STATE_SIGNATURE)) { + opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: first box must be JPEG 2000 signature box\n"); + opj_free(l_current_data); + return OPJ_FALSE; + } + if (!(jp2->jp2_state & JP2_STATE_FILE_TYPE)) { + opj_event_msg(p_manager, EVT_ERROR, "Malformed JP2 file format: second box must be file type box\n"); + opj_free(l_current_data); + return OPJ_FALSE; + } jp2->jp2_state |= JP2_STATE_UNKNOWN; if (opj_stream_skip(stream,l_current_data_size,p_manager) != l_current_data_size) { opj_event_msg(p_manager, EVT_ERROR, "Problem with skipping JPEG2000 box, stream error\n");