Even Rouault [Mon, 21 Aug 2017 10:25:38 +0000 (12:25 +0200)]
Add comments for filter_width values
Even Rouault [Sun, 20 Aug 2017 20:02:41 +0000 (22:02 +0200)]
Subtile decoding: only do 9x7 IDWT computations on relevant areas of tile-component buffer.
Even Rouault [Fri, 18 Aug 2017 13:08:51 +0000 (15:08 +0200)]
Subtile decoding: only do 5x3 IDWT computations on relevant areas of tile-component buffer.
This lowers 'bin/opj_decompress -i ../MAPA.jp2 -o out.tif -d 0,0,256,256'
down to 0.860s
Even Rouault [Fri, 18 Aug 2017 10:30:11 +0000 (12:30 +0200)]
test_decode_area: fix to make it work with odd image dimensions
Even Rouault [Thu, 17 Aug 2017 17:18:48 +0000 (19:18 +0200)]
opj_j2k_update_rates(): grow tile size buffer for some situations
Even Rouault [Thu, 17 Aug 2017 14:07:19 +0000 (16:07 +0200)]
Zero-initialize tile buffer regions of skipped code-blocks, so as to make Valgrind happy
Even Rouault [Mon, 14 Aug 2017 11:23:57 +0000 (13:23 +0200)]
Sub-tile decoding: only decode precincts and codeblocks that intersect the window specified in opj_set_decode_area()
Even Rouault [Thu, 17 Aug 2017 17:05:29 +0000 (19:05 +0200)]
Fix -Wconversion warning
Even Rouault [Thu, 17 Aug 2017 15:04:48 +0000 (17:04 +0200)]
bench_dwt.c: fix signedness related warnings
Even Rouault [Thu, 17 Aug 2017 15:02:40 +0000 (17:02 +0200)]
convert.c: fix recently introduced -Wsign-conversion warnings
Even Rouault [Thu, 17 Aug 2017 12:52:10 +0000 (14:52 +0200)]
opj_getopt_long(): avoid infinite loop on invalid or missing value for an option (#736)
Even Rouault [Thu, 17 Aug 2017 10:01:16 +0000 (12:01 +0200)]
opj_decompress_fuzzer.cpp: reject images with too big tiles. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2918. Credit to OSS Fuzz
Even Rouault [Thu, 17 Aug 2017 09:47:40 +0000 (11:47 +0200)]
tgatoimage(): avoid excessive memory allocation attempt, and fixes unaligned load (#995)
Even Rouault [Thu, 17 Aug 2017 09:05:53 +0000 (11:05 +0200)]
Avoid asserting on assert(i == pcol) in opj_jp2_apply_pclr() by adding new check in opj_jp2_check_color(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3068. Credit to OSS Fuzz
Even Rouault [Wed, 16 Aug 2017 16:29:59 +0000 (18:29 +0200)]
opj_t1_encode_cblk(): avoid uint32 overflow when numbps = 0 (which is well defined behaviour, and is properly handled here, but better avoid it to detect real issues)
Even Rouault [Wed, 16 Aug 2017 15:38:47 +0000 (17:38 +0200)]
Fix build issue of JPWL by adding opj_image_data_alloc() and opj_image_data_free() to src/lib/openmj2 (#994)
Even Rouault [Wed, 16 Aug 2017 15:20:29 +0000 (17:20 +0200)]
opj_t2_encode_packet(): fix potential write heap buffer overflow (#992)
Even Rouault [Wed, 16 Aug 2017 15:09:10 +0000 (17:09 +0200)]
opj_j2k_write_sot(): fix potential write heap buffer overflow (#991)
Even Rouault [Wed, 16 Aug 2017 11:36:52 +0000 (13:36 +0200)]
tiftoimage(): fix read heap buffer overflow (#988)
The number of components is given only by TIFFTAG_SAMPLESPERPIXEL / tiSpp.
Querying TIFFTAG_EXTRASAMPLES only give information about which channel is
the alpha channel, but we mostly ignore it for now, so remove that part of the
code.
Even Rouault [Wed, 16 Aug 2017 11:11:36 +0000 (13:11 +0200)]
imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
Even Rouault [Wed, 16 Aug 2017 10:52:33 +0000 (12:52 +0200)]
opj_t2_encode_packet(): only emit an error about insufficiently large output buffer in FINAL_PASS mode. Fixes (master-only) regression added in
0b4fef6d1901254e41ab74ed681daba477d724c3
Even Rouault [Tue, 15 Aug 2017 09:55:58 +0000 (11:55 +0200)]
Fix assertion in debug mode / heap-based buffer overflow in opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985)
Even Rouault [Mon, 14 Aug 2017 15:28:26 +0000 (17:28 +0200)]
Merge pull request #984 from stweil/const
Use more const qualifiers
Even Rouault [Mon, 14 Aug 2017 15:26:58 +0000 (17:26 +0200)]
bmp_read_info_header(): reject bmp files with biBitCount == 0 (#983)
Even Rouault [Mon, 14 Aug 2017 15:20:37 +0000 (17:20 +0200)]
Encoder: grow buffer size in opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in opj_mqc_flush (#982)
Stefan Weil [Mon, 14 Aug 2017 12:36:06 +0000 (14:36 +0200)]
Use const qualifier for mqc_states
This allows more compiler optimizations.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Stefan Weil [Sun, 13 Aug 2017 20:57:31 +0000 (22:57 +0200)]
Use const qualifier for j2k_prog_order_list
This allows more compiler optimizations.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Even Rouault [Fri, 11 Aug 2017 13:13:35 +0000 (15:13 +0200)]
Merge pull request #980 from szukw000/changes-for-ppc64-converttif
Changes in converttif.c for PPC64
szukw000 [Thu, 10 Aug 2017 22:06:23 +0000 (00:06 +0200)]
Changes in converttif.c for PPC64
Even Rouault [Thu, 10 Aug 2017 14:58:36 +0000 (16:58 +0200)]
Fix argument order in error message of previous commit
Even Rouault [Thu, 10 Aug 2017 14:49:47 +0000 (16:49 +0200)]
Propagate event manager down to opj_t2_encode_packet() and use it to emit an error message when the output buffer is too small
Even Rouault [Thu, 10 Aug 2017 12:43:16 +0000 (14:43 +0200)]
Fix crash on encoding if using opj_set_default_encoder_parameters() without defining tcp_numlayers
Even Rouault [Thu, 10 Aug 2017 10:30:31 +0000 (12:30 +0200)]
Reformat tests/test_tile_encoder.c
Even Rouault [Thu, 10 Aug 2017 09:45:49 +0000 (11:45 +0200)]
Improve doc of opj_tccp_info_t::cblkw and cblkh
Antonin Descampe [Thu, 10 Aug 2017 04:51:16 +0000 (21:51 -0700)]
Comment back previous version in abi-check.sh
Antonin Descampe [Thu, 10 Aug 2017 04:35:30 +0000 (21:35 -0700)]
update abi-check for latest release
Antonin Descampe [Thu, 10 Aug 2017 00:31:50 +0000 (17:31 -0700)]
Preparing Release v2.2.0
Antonin Descampe [Thu, 10 Aug 2017 00:28:17 +0000 (17:28 -0700)]
Preparing Release v2.2.0
Even Rouault [Wed, 9 Aug 2017 23:14:35 +0000 (01:14 +0200)]
.travis.yml: add 'dist: precise' for config that requires it
Even Rouault [Wed, 9 Aug 2017 15:37:05 +0000 (17:37 +0200)]
Remove useless opj_tcd_t::enumcs field added per #975
Even Rouault [Wed, 9 Aug 2017 13:04:29 +0000 (15:04 +0200)]
Doc: fix error in previous commit
Even Rouault [Wed, 9 Aug 2017 12:50:59 +0000 (14:50 +0200)]
tcd.h: doc fixes and improvements
Even Rouault [Wed, 9 Aug 2017 12:13:58 +0000 (14:13 +0200)]
Document qmfbid values
Even Rouault [Wed, 9 Aug 2017 09:34:08 +0000 (11:34 +0200)]
Partial revert BPC related check of #975 (#979)
PR #975 introduced a check that rejects images that have different bit depth/sign
per compoment in SIZ marker if the JP2 IHDR box has BPC != 255
This didn't work properly if decoding a .j2k file since the new bit added in
opj_cp_t wasn't initialized to the right value.
For clarity, tThis new bit has also been renamed to allow_different_bit_depth_sign
But looking closer at the code, it seems we were already tolerant to inconsistencies.
For example we parsed a JP2 BPCC box even if BPC != 255 (just a warning is emitted)
So failing hard in opj_j2k_read_siz() wouldn't be very inconsistent, and that
alone cannot protect against other issues, so just emit a warning if BPC != 255
and the SIZ marker contains different bit depth/sign per component.
Note: we could also check that the content of JP2 BPCC box is consistant with the one
of the SIZ marker.
Even Rouault [Wed, 9 Aug 2017 08:03:59 +0000 (10:03 +0200)]
opj_decompress: document -quiet option, and remove spurious newline output
Even Rouault [Wed, 9 Aug 2017 07:50:39 +0000 (09:50 +0200)]
src/bin/jpwl/convert.c pgxtoimage(): add missing fclose() (#977)
Even Rouault [Wed, 9 Aug 2017 07:42:30 +0000 (09:42 +0200)]
imagetobmp: avoid shift by -1 (relates to #811)
Antonin Descampe [Wed, 9 Aug 2017 01:05:37 +0000 (18:05 -0700)]
Fix remaining warning
format specifier mismatch in #975
Antonin Descampe [Tue, 8 Aug 2017 23:51:54 +0000 (16:51 -0700)]
Merge pull request #975 from szukw000/changes-for-afl-tests
Catch images broken by AFL
Even Rouault [Mon, 7 Aug 2017 18:17:36 +0000 (20:17 +0200)]
Merge pull request #968 from rouault/reduce_memory_decoding
Reduce memory decoding
Even Rouault [Thu, 6 Jul 2017 17:34:21 +0000 (19:34 +0200)]
Slight improvement in management of code block chunks
Instead of having the chunk array at the segment level, we can move it down to
the codeblock itself since segments are filled in sequential order.
Limit the number of memory allocation, and decrease slightly the memory usage.
On MAPA_005.jp2
n4:
1871312549 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
n1:
1610689344 0x4E781E7: opj_aligned_malloc (opj_malloc.c:61)
n1:
1610689344 0x4E71D1B: opj_alloc_tile_component_data (tcd.c:676)
n1:
1610689344 0x4E726CF: opj_tcd_init_decode_tile (tcd.c:816)
n1:
1610689344 0x4E4BE39: opj_j2k_read_tile_header (j2k.c:8617)
n1:
1610689344 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348)
n1:
1610689344 0x4E4E3CE: opj_j2k_decode (j2k.c:7846)
n1:
1610689344 0x4E53002: opj_jp2_decode (jp2.c:1564)
n0:
1610689344 0x40374E: main (opj_decompress.c:1459)
n1:
219232541 0x4E4BC50: opj_j2k_read_tile_header (j2k.c:4683)
n1:
219232541 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348)
n1:
219232541 0x4E4E3CE: opj_j2k_decode (j2k.c:7846)
n1:
219232541 0x4E53002: opj_jp2_decode (jp2.c:1564)
n0:
219232541 0x40374E: main (opj_decompress.c:1459)
n1:
23893200 0x4E72735: opj_tcd_init_decode_tile (tcd.c:1225)
n1:
23893200 0x4E4BE39: opj_j2k_read_tile_header (j2k.c:8617)
n1:
23893200 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348)
n1:
23893200 0x4E4E3CE: opj_j2k_decode (j2k.c:7846)
n1:
23893200 0x4E53002: opj_jp2_decode (jp2.c:1564)
n0:
23893200 0x40374E: main (opj_decompress.c:1459)
n0:
17497464 in 52 places, all below massif's threshold (1.00%)
Even Rouault [Thu, 6 Jul 2017 14:11:11 +0000 (16:11 +0200)]
Decoding: do not allocate memory for the codestream of each codeblock
Currently we allocate at least 8192 bytes for each codeblock, and copy
the relevant parts of the codestream in that per-codeblock buffer as we
decode packets.
As the whole codestream for the tile is ingested in memory and alive
during the decoding, we can directly point to it instead of copying. But
to do that, we need an intermediate concept, a 'chunk' of code-stream segment,
given that segments may be made of data at different places in the code-stream
when quality layers are used.
With that change, the decoding of MAPA_005.jp2 goes down from the previous
improvement of 2.7 GB down to 1.9 GB.
New profile:
n4:
1885648469 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
n1:
1610689344 0x4E78287: opj_aligned_malloc (opj_malloc.c:61)
n1:
1610689344 0x4E71D7B: opj_alloc_tile_component_data (tcd.c:676)
n1:
1610689344 0x4E7272C: opj_tcd_init_decode_tile (tcd.c:816)
n1:
1610689344 0x4E4BDD9: opj_j2k_read_tile_header (j2k.c:8618)
n1:
1610689344 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349)
n1:
1610689344 0x4E4E36E: opj_j2k_decode (j2k.c:7847)
n1:
1610689344 0x4E52FA2: opj_jp2_decode (jp2.c:1564)
n0:
1610689344 0x40374E: main (opj_decompress.c:1459)
n1:
219232541 0x4E4BBF0: opj_j2k_read_tile_header (j2k.c:4685)
n1:
219232541 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349)
n1:
219232541 0x4E4E36E: opj_j2k_decode (j2k.c:7847)
n1:
219232541 0x4E52FA2: opj_jp2_decode (jp2.c:1564)
n0:
219232541 0x40374E: main (opj_decompress.c:1459)
n1:
39822000 0x4E727A9: opj_tcd_init_decode_tile (tcd.c:1219)
n1:
39822000 0x4E4BDD9: opj_j2k_read_tile_header (j2k.c:8618)
n1:
39822000 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349)
n1:
39822000 0x4E4E36E: opj_j2k_decode (j2k.c:7847)
n1:
39822000 0x4E52FA2: opj_jp2_decode (jp2.c:1564)
n0:
39822000 0x40374E: main (opj_decompress.c:1459)
n0:
15904584 in 52 places, all below massif's threshold (1.00%)
Even Rouault [Thu, 6 Jul 2017 11:23:29 +0000 (13:23 +0200)]
Add documentation for magic values in the code
Even Rouault [Thu, 6 Jul 2017 00:17:26 +0000 (02:17 +0200)]
opj_jp2_apply_pclr() also needs to use opj_image_data_alloc/opj_image_data_free
Even Rouault [Thu, 6 Jul 2017 00:02:25 +0000 (02:02 +0200)]
Complementary fix to previous commit
Even Rouault [Wed, 5 Jul 2017 23:47:40 +0000 (01:47 +0200)]
Add opj_image_data_alloc() / opj_image_data_free()
As bin/common/color.c used to directly call malloc()/free(), we need
to export functions dedicated to allocating/freeing image component data.
Even Rouault [Wed, 5 Jul 2017 23:05:24 +0000 (01:05 +0200)]
Fix crash on Windows due to
b7594c0fcb9dd3aa6356d72c4a525d76168da689
b7594c0fcb9dd3aa6356d72c4a525d76168da689 may put opj_tcd_tilecomp_t->data
allocated by opj_alloc_tile_component_data() as the image->comps[].data. As
opj_alloc_tile_component_data() use opj_aligned_malloc() we must be sure to
ue opj_alined_malloc()/_free() in all places where we alloc/free
image->comps[].data.
Note: this might have some compatibility impact in case user code does itself
the allocation/free of image->comps[].data
Even Rouault [Wed, 5 Jul 2017 21:48:28 +0000 (23:48 +0200)]
Decrease memory consumption for whole image single tile decoding.
We can use the same buffer for the tile decoding and the final image, and
save the intermediate buffer to transfer between those.
Effect on the decoding of MAPA (9944 x 13498 x 3 components of size byte)
Peak memory from 4.5 GB to 2.7 GB
Now:
n5:
2699708767 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
n1:
1610689344 0x4E77E07: opj_aligned_malloc (opj_malloc.c:61) <-- final image
n1:
1610689344 0x4E7195B: opj_alloc_tile_component_data (tcd.c:676)
n1:
1610689344 0x4E722D2: opj_tcd_init_decode_tile (tcd.c:816)
n1:
1610689344 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
n1:
1610689344 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
n1:
1610689344 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
n1:
1610689344 0x4E52E42: opj_jp2_decode (jp2.c:1564)
n0:
1610689344 0x40369E: main (opj_decompress.c:1459)
n1:
815554560 0x4E72231: opj_tcd_init_decode_tile (tcd.c:1217) <-- working memory for code blocks: 9944*13498/64/64*8192*3
n1:
815554560 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
n1:
815554560 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
n1:
815554560 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
n1:
815554560 0x4E52E42: opj_jp2_decode (jp2.c:1564)
n0:
815554560 0x40369E: main (opj_decompress.c:1459)
n1:
219758391 0x4E4C0BF: opj_j2k_read_tile_header (j2k.c:4661) <-- ingestion of code stream
n1:
219758391 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
n1:
219758391 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
n1:
219758391 0x4E52E42: opj_jp2_decode (jp2.c:1564)
n0:
219758391 0x40369E: main (opj_decompress.c:1459)
n1:
39822000 0x4E7224F: opj_tcd_init_decode_tile (tcd.c:1224) <-- OPJ_J2K_DEFAULT_NB_SEGS*sizeof(opj_tcd_seg_t) per codeblock
n1:
39822000 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
n1:
39822000 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324)
n1:
39822000 0x4E4E20E: opj_j2k_decode (j2k.c:7826)
n1:
39822000 0x4E52E42: opj_jp2_decode (jp2.c:1564)
n0:
39822000 0x40369E: main (opj_decompress.c:1459)
n0:
13884472 in 49 places, all below massif's threshold (1.00%)
Before:
n5:
4493329848 (heap allocation functions) malloc/new/new[], --alloc-fns, etc.
n2:
1610709160 0x4E77C87: opj_aligned_malloc (opj_malloc.c:61)
n1:
1610689344 0x4E717DB: opj_alloc_tile_component_data (tcd.c:676)
n1:
1610689344 0x4E72152: opj_tcd_init_decode_tile (tcd.c:816)
n1:
1610689344 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
n1:
1610689344 0x4E4C64A: opj_j2k_decode_tiles (j2k.c:10318)
n1:
1610689344 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
n1:
1610689344 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
n0:
1610689344 0x40369E: main (opj_decompress.c:1459)
n0: 19816 in 2 places, all below massif's threshold (1.00%)
n1:
1610689344 0x4E43F36: opj_j2k_update_image_data.isra.7 (j2k.c:8743)
n1:
1610689344 0x4E4C5C1: opj_j2k_decode_tiles (j2k.c:10358)
n1:
1610689344 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
n1:
1610689344 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
n0:
1610689344 0x40369E: main (opj_decompress.c:1459)
n1:
815554560 0x4E720B1: opj_tcd_init_decode_tile (tcd.c:1217)
n1:
815554560 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597)
n1:
815554560 0x4E4C64A: opj_j2k_decode_tiles (j2k.c:10318)
n1:
815554560 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
n1:
815554560 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
n0:
815554560 0x40369E: main (opj_decompress.c:1459)
n1:
402672336 0x4E4C545: opj_j2k_decode_tiles (j2k.c:10336)
n1:
402672336 0x4E4E08E: opj_j2k_decode (j2k.c:7826)
n1:
402672336 0x4E52CC2: opj_jp2_decode (jp2.c:1564)
n0:
402672336 0x40369E: main (opj_decompress.c:1459)
n0:
53704448 in 58 places, all below massif's threshold (1.00%)
szukw000 [Mon, 7 Aug 2017 14:44:28 +0000 (16:44 +0200)]
Changes for converttif.c to fix tsize_t
Even Rouault [Fri, 4 Aug 2017 16:01:29 +0000 (18:01 +0200)]
opj_j2k_read_sot(): check current TPSot number regarding previous (non-zero) TNsot to avoid opj_j2k_merge_ppt() to be called several times. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2851. Credit to OSS Fuzz
szukw000 [Wed, 2 Aug 2017 15:27:08 +0000 (17:27 +0200)]
First change on changes-for-afl-tests
Antonin Descampe [Wed, 2 Aug 2017 15:07:29 +0000 (17:07 +0200)]
Update abi-check to take into account new defaults for "add" git command
Antonin Descampe [Wed, 2 Aug 2017 14:50:11 +0000 (16:50 +0200)]
WIP: fix abi-check and automatic upload
Even Rouault [Mon, 31 Jul 2017 15:35:10 +0000 (17:35 +0200)]
src/bin/jpwl/convert.c: add missing fclose() in error code path (suggested by maddin200, #976)
szukw000 [Mon, 31 Jul 2017 11:58:08 +0000 (13:58 +0200)]
Catch images broken by AFL
Even Rouault [Sun, 30 Jul 2017 17:46:52 +0000 (19:46 +0200)]
src/lib/openjp2/*.h: use OPJ_ prefix for inclusion guards instead of reserved __ (#587)
Even Rouault [Sun, 30 Jul 2017 17:27:01 +0000 (19:27 +0200)]
opj_event_msg(): force zero termination of buffer
Even Rouault [Sun, 30 Jul 2017 17:26:47 +0000 (19:26 +0200)]
Even Rouault [Sun, 30 Jul 2017 17:07:16 +0000 (19:07 +0200)]
Test return value of opj_j2k_setup_decoding_tile() (commit https://github.com/uclouvain/openjpeg/pull/561/commits/
ec31fa0c7f1ff8979312c07296cba41584c458a0 by ak-dxdy, #561)
Even Rouault [Sun, 30 Jul 2017 16:46:34 +0000 (18:46 +0200)]
Fix warnings in USE_JPIP compilation mode
Even Rouault [Sun, 30 Jul 2017 16:43:25 +0000 (18:43 +0200)]
Avoid heap buffer overflow in function pnmtoimage of convert.c, and unsigned integer overflow in opj_image_create() (CVE-2016-9118, #861)
Even Rouault [Sun, 30 Jul 2017 16:18:59 +0000 (18:18 +0200)]
Fix Doxygen warnings (patch derived from Winfried's doxygen-dif.txt.zip, #849)
Even Rouault [Sun, 30 Jul 2017 15:26:03 +0000 (17:26 +0200)]
j2k.c: remove hardcoded constants related to m_state, and useless FIXME
Even Rouault [Sun, 30 Jul 2017 14:48:15 +0000 (16:48 +0200)]
Avoid p_stream->m_user_data_length >= (OPJ_UINT64)p_stream->m_byte_offset assertion in opj_stream_get_number_byte_left(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2786. Credit to OSS Fuzz
Even Rouault [Sun, 30 Jul 2017 13:35:47 +0000 (15:35 +0200)]
opj_j2k_set_decode_area: replace assertions by runtime checks. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2795. Credit to OSS Fuzz
Even Rouault [Sun, 30 Jul 2017 13:22:24 +0000 (15:22 +0200)]
opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2799. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 19:11:23 +0000 (21:11 +0200)]
src/bin/jpwl/convert.c: fix memleak (fix suggested by maddin200, #631)
Even Rouault [Sat, 29 Jul 2017 17:43:23 +0000 (19:43 +0200)]
Fix warnings in pi.c raised by VS11 analyze (#190)
Even Rouault [Sat, 29 Jul 2017 17:13:49 +0000 (19:13 +0200)]
Fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of Tencent's Xuanwu LAB (#835)
Even Rouault [Sat, 29 Jul 2017 17:03:13 +0000 (19:03 +0200)]
opj_pi_update_decode_poc(): limit layno1 to the number of layers (CVE-2016-1626 and CVE-2016-1628, #850)
This has been recently fixed in a less elegant way per
80818c39f5bfbac37768fcee95b0ffeceaa77264
Even Rouault [Sat, 29 Jul 2017 16:38:16 +0000 (18:38 +0200)]
opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow (#854, CVE-2016-5152)
Fix derived from https://pdfium.googlesource.com/pdfium.git/+/
d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
Even Rouault [Sat, 29 Jul 2017 15:56:12 +0000 (17:56 +0200)]
color_cielab_to_rgb(): reject images with components of different dimensions to void read heap buffer overflow (#909)
Even Rouault [Sat, 29 Jul 2017 15:51:10 +0000 (17:51 +0200)]
Even Rouault [Sat, 29 Jul 2017 15:28:55 +0000 (17:28 +0200)]
imagetopnm(): make sure the alpha component has same dimension as other components to avoid read heap buffer overflow (#970)
Even Rouault [Sat, 29 Jul 2017 14:34:35 +0000 (16:34 +0200)]
opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 14:29:11 +0000 (16:29 +0200)]
opj_t1_clbl_decode_processor(): avoid undefined behaviour if roishift >= 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2506. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 14:22:36 +0000 (16:22 +0200)]
Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 13:52:11 +0000 (15:52 +0200)]
opj_pi_next_pcrl(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2787. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 20:15:47 +0000 (22:15 +0200)]
opj_int_ceildiv(): fix int32 overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2494. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 20:06:26 +0000 (22:06 +0200)]
opj_tcd_dc_level_shift_decode(): avoid int overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2516. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 19:55:22 +0000 (21:55 +0200)]
Fix null pointer dereference in opj_jp2_apply_pclr(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2558. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 19:39:30 +0000 (21:39 +0200)]
Fix null pointer dereference in opj_j2k_add_mct() (#895)
Fixes openjeg-crashes-2017-07-27/issue879-poc1.j2k of #895
Even Rouault [Fri, 28 Jul 2017 19:29:55 +0000 (21:29 +0200)]
Avoid use-after-free when a MCT marker is found after a MCC one (#895)
Fixes openjeg-crashes-2017-07-27/issue880-poc2.j2k of #895
Even Rouault [Thu, 27 Jul 2017 20:29:17 +0000 (22:29 +0200)]
Avoid undefined shift behaviour if bit depth == 32 (#895)
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:003798,op:ext_AO,pos:128.jp2
Even Rouault [Thu, 27 Jul 2017 17:34:54 +0000 (19:34 +0200)]
opj_j2k_update_image_data / opj_tcd_update_tile_data: fix unaligned load/store (#895)
When components don't have the same width, unaligned load/store are possible.
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:001342,op:flip4,pos:162.jp2 of #895
Even Rouault [Thu, 27 Jul 2017 17:22:14 +0000 (19:22 +0200)]
opj_pi_next_rpcl / opj_pi_next_pcrl / opj_pi_next_cprl: avoid int overflow (#895)
Fixes int overflow on openjeg-crashes-2017-07-27/id:000000,sig:08,src:000879,op:flip2,pos:128.jp2
Even Rouault [Thu, 27 Jul 2017 16:51:51 +0000 (18:51 +0200)]
opj_jp2_check_color(): replace assertion regarding mtyp by runtime check (#672, #895)
Fixes test case openjeg-crashes-2017-07-27/id:000000,sig:06,src:000001,op:flip1,pos:808.jp2
of #895
Even Rouault [Wed, 26 Jul 2017 21:25:38 +0000 (23:25 +0200)]
Avoids undefined shift behaviour in m_dc_level_shift computation
Fixes warning found on clusterfuzz-testcase-minimized-
5146316340461568
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2495
Credit to OSS Fuzz
Even Rouault [Wed, 26 Jul 2017 20:53:59 +0000 (22:53 +0200)]
Fix various undefined shift behaviour in pi.c
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2496
Credit to OSS Fuzz
Even Rouault [Wed, 26 Jul 2017 20:22:44 +0000 (22:22 +0200)]
Avoid potential undefined shift behaviour in opj_bio_read() from opj_t2_read_packet_header()
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2485
Credit to OSS Fuzz
projects / openjpeg.git / log