Antonin Descampe [Tue, 2 Apr 2019 12:45:15 +0000 (14:45 +0200)]
update token for appveyor auto release
Antonin Descampe [Tue, 2 Apr 2019 12:25:09 +0000 (14:25 +0200)]
update token for automatic release
Antonin Descampe [Tue, 2 Apr 2019 10:08:52 +0000 (12:08 +0200)]
Update for release 2.3.1
Antonin Descampe [Tue, 2 Apr 2019 09:03:16 +0000 (11:03 +0200)]
Update for release 2.3.1
Antonin Descampe [Tue, 2 Apr 2019 09:02:20 +0000 (11:02 +0200)]
update for release 2.3.1
Antonin Descampe [Tue, 2 Apr 2019 09:00:58 +0000 (11:00 +0200)]
Update BUILD version for release 2.3.1
Even Rouault [Fri, 29 Mar 2019 11:25:39 +0000 (12:25 +0100)]
Merge pull request #1188 from rouault/fix_abi_check
abi-check.sh: fix broken download URL
Even Rouault [Fri, 29 Mar 2019 10:53:23 +0000 (11:53 +0100)]
abi-check.sh: fix broken download URL
Even Rouault [Fri, 29 Mar 2019 10:52:38 +0000 (11:52 +0100)]
Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
opj_t1_encode_cblks: fix UBSAN signed integer overflow
Even Rouault [Fri, 29 Mar 2019 10:17:39 +0000 (11:17 +0100)]
opj_t1_encode_cblks: fix UBSAN signed integer overflow
Fixes #1053 / CVE-2018-5727
Note: I don't consider this issue to be a security vulnerability, in
practice.
At least with gcc or clang compilers on x86_64 which generate the same
assembly code with or without that fix.
Even Rouault [Fri, 29 Mar 2019 09:44:35 +0000 (10:44 +0100)]
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
This reverts commit
05be3084460e46282ee63f04c72c451f3271fd28.
This commit doesn't compile due to missing OPJ_UINT64 type
Even Rouault [Fri, 29 Mar 2019 09:40:58 +0000 (10:40 +0100)]
Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
This reverts commit
c277159986c80142180fbe5efb256bbf3bdf3edc.
The commit didn't compile. include_size is not defined in openmj2
Even Rouault [Fri, 21 Dec 2018 15:41:00 +0000 (16:41 +0100)]
Merge pull request #1172 from hlef/master
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
Hugo Lefeuvre [Fri, 14 Dec 2018 03:58:40 +0000 (04:58 +0100)]
convertbmp: detect invalid file dimensions early
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
Fixes #1059 (CVE-2018-6616).
Even Rouault [Fri, 7 Dec 2018 20:27:38 +0000 (21:27 +0100)]
Merge pull request #1168 from Young-X/fix_dev
Fix multiple potential vulnerabilities and bugs
Young Xiao [Wed, 28 Nov 2018 06:44:06 +0000 (14:44 +0800)]
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
and fixes unaligned load
Signed-off-by: Young Xiao <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 09:15:05 +0000 (17:15 +0800)]
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 09:12:06 +0000 (17:12 +0800)]
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 08:24:19 +0000 (16:24 +0800)]
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
opj_get_encoding_parameters
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 08:12:53 +0000 (16:12 +0800)]
[MJ2] Avoid index out of bounds access to pi->include[]
Signed-off-by: Young_X <YangX92@hotmail.com>
Even Rouault [Tue, 27 Nov 2018 23:04:30 +0000 (00:04 +0100)]
Merge pull request #1170 from rouault/fix_color_apply_icc_profile
color_apply_icc_profile: avoid potential heap buffer overflow
Even Rouault [Tue, 27 Nov 2018 22:31:30 +0000 (23:31 +0100)]
color_apply_icc_profile: avoid potential heap buffer overflow
Derived from a patch by Thuan Pham
Young_X [Fri, 23 Nov 2018 07:58:23 +0000 (15:58 +0800)]
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 07:02:26 +0000 (15:02 +0800)]
[JPWL] fix CVE-2018-16375
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 06:47:36 +0000 (14:47 +0800)]
[MJ2] To avoid divisions by zero / undefined behaviour on shift
Signed-off-by: Young_X <YangX92@hotmail.com>
Even Rouault [Fri, 16 Nov 2018 08:42:19 +0000 (09:42 +0100)]
Merge pull request #1160 from hlef/master
jp3d/jpwl convert: fix write stack buffer overflow
ichlubna [Fri, 16 Nov 2018 08:40:31 +0000 (09:40 +0100)]
openjp3d: Int overflow fixed (#1159)
When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
Hugo Lefeuvre [Wed, 7 Nov 2018 17:48:29 +0000 (18:48 +0100)]
jp2: convert: fix null pointer dereference
Tile components in a JP2 image might have null data pointer by defining a
zero component size (for example using large horizontal or vertical
sampling periods). This null data pointer leads to null image component
data pointer, causing crash when dereferenced without != null check in
imagetopnm.
Add != null check.
This commit addresses #1152 (CVE-2018-18088).
Hugo Lefeuvre [Mon, 22 Oct 2018 14:59:41 +0000 (16:59 +0200)]
jp3d/jpwl convert: fix write stack buffer overflow
Missing buffer length formatter in fscanf call might lead to write
stack buffer overflow.
fixes #1044 (CVE-2017-17480)
Stefan Weil [Wed, 31 Oct 2018 19:44:30 +0000 (20:44 +0100)]
Fix some potential overflow issues (#1161)
* Fix some potential overflow issues
Put sizeof to the beginning of the multiplication to enforce that
size_t instead of smaller integer types is used for the calculation.
This fixes warnings from LGTM:
Multiplication result may overflow 'unsigned int'
before it is converted to 'unsigned long'.
It also allows removing some type casts.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Fix code indentation
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Even Rouault [Wed, 31 Oct 2018 19:41:52 +0000 (20:41 +0100)]
Merge pull request #1163 from nforro/memory-and-resource-leaks
Fix several memory and resource leaks
Nikola Forró [Wed, 31 Oct 2018 12:39:05 +0000 (13:39 +0100)]
Fix several memory and resource leaks
Signed-off-by: Nikola Forró <nforro@redhat.com>
Even Rouault [Thu, 18 Oct 2018 09:45:45 +0000 (11:45 +0200)]
opj_thread_pool_setup(): fix infinite waiting if a thread creation failed
Even Rouault [Sat, 22 Sep 2018 21:54:12 +0000 (23:54 +0200)]
Merge pull request #1148 from hlef/master
CVE-2018-5785: fix issues with zero bitmasks
Even Rouault [Sat, 22 Sep 2018 21:47:56 +0000 (23:47 +0200)]
opj_jp2_apply_pclr(): remove useless assert that can trigger on some files (fixes #1125)
Even Rouault [Sat, 22 Sep 2018 21:12:50 +0000 (23:12 +0200)]
Merge branch 'pr1095'
Karol Babioch [Fri, 2 Mar 2018 13:40:58 +0000 (14:40 +0100)]
opj_mj2_extract: Check provided output prefix for length
This uses snprintf() with correct buffer length instead of sprintf(), which
prevents a buffer overflow when providing a long output prefix. Furthermore
the program exits with an error when the provided output prefix is too long.
Fixes #1088.
Even Rouault [Sat, 22 Sep 2018 21:05:54 +0000 (23:05 +0200)]
Merge branch 'pr1107'
szukw000 [Tue, 13 Mar 2018 17:11:54 +0000 (18:11 +0100)]
opj_mj2_extract: Avoid segfault for long filenames
Even Rouault [Sat, 22 Sep 2018 20:59:36 +0000 (22:59 +0200)]
Merge pull request #1136 from reverson/master
Cast on uint ceildiv
Even Rouault [Sat, 22 Sep 2018 20:59:17 +0000 (22:59 +0200)]
Merge pull request #1119 from stweil/ssize_t
Use local type declaration for POSIX standard type only for MS compiler
Even Rouault [Sat, 22 Sep 2018 20:55:33 +0000 (22:55 +0200)]
Merge pull request #1128 from stweil/typos
Fix some typos in code comments and documentation
Even Rouault [Sat, 22 Sep 2018 20:54:51 +0000 (22:54 +0200)]
Merge pull request #1140 from bukatlib/fix_relpath
Relative path to header files is hardcoded in OpenJPEGConfig.cmake.in file
Even Rouault [Sat, 22 Sep 2018 20:47:27 +0000 (22:47 +0200)]
Merge pull request #1141 from szukw000/changes-in-pnmtoimage
Changes in pnmtoimage if image data are missing
Even Rouault [Sat, 22 Sep 2018 20:28:04 +0000 (22:28 +0200)]
Merge pull request #1143 from stweil/format
openjp2/jp2: Fix two format strings
Even Rouault [Sat, 22 Sep 2018 20:27:14 +0000 (22:27 +0200)]
Merge pull request #1149 from rouault/fix_knownfailures
Update knownfailures- files given current configurations
Even Rouault [Sat, 22 Sep 2018 19:56:50 +0000 (21:56 +0200)]
Update knownfailures- files given current configurations
Hugo Lefeuvre [Sat, 22 Sep 2018 18:33:19 +0000 (14:33 -0400)]
convertbmp: fix issues with zero bitmasks
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
with header size <= 56, all bitmask values keep their initialization
value 0. This may lead to various undefined behavior later e.g. when
doing 1 << (l_comp->prec - 1).
This issue does not affect files with bit count 16 because of a check
added in
16240e2 which sets default values to the color masks if they
are all 0.
This commit adds similar checks for the 32 bit case.
Also, if a BMP file declares compression 3 with header size >= 56 and
intentional 0 bitmasks, the same issue will be triggered in both the
16 and 32 bit count case.
This commit adds checks to bmp_read_info_header() rejecting BMP files
with "intentional" 0 bitmasks. These checks might be removed in the
future when proper handling of zero bitmasks will be available in
openjpeg2.
fixes #1057 (CVE-2018-5785)
Stefan Weil [Wed, 5 Sep 2018 19:51:30 +0000 (21:51 +0200)]
openjp2/jp2: Fix two format strings
Compiler warnings:
src/lib/openjp2/jp2.c:1008:35: warning:
too many arguments for format [-Wformat-extra-args]
src/lib/openjp2/j2k.c:1928:73: warning:
format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘OPJ_OFF_T {aka long int}’ [-Wformat=]
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Stefan Weil [Mon, 30 Jul 2018 19:04:28 +0000 (21:04 +0200)]
Fix some typos in code comments and documentation
All typos were found by Codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
szukw000 [Fri, 31 Aug 2018 14:24:41 +0000 (16:24 +0200)]
Changes in pnmtoimage if image data are missing
Libor Bukata [Fri, 31 Aug 2018 10:57:40 +0000 (12:57 +0200)]
The change makes a relative path to header files
always correct regardless of the number of sub-
directories in OPENJPEG_INSTALL_PACKAGE_DIR variable.
Robert Everson [Mon, 27 Aug 2018 22:28:53 +0000 (15:28 -0700)]
Cast on uint ceildiv
Even Rouault [Sat, 11 Aug 2018 21:35:35 +0000 (23:35 +0200)]
Merge pull request #1133 from robe2/robe2-pkgconfig-instructions
Add -DBUILD_PKGCONFIG_FILES to install instructions
Regina Obe [Sat, 11 Aug 2018 20:59:30 +0000 (16:59 -0400)]
Add -DBUILD_PKGCONFIG_FILES to install instructions
Building under msys/mingw doesn't automatically install the pkg config files needed to build GDAL and other libraries
Even Rouault [Wed, 20 Jun 2018 14:26:24 +0000 (16:26 +0200)]
Merge pull request #1121 from rouault/fix_tnsot_zero
Fix regression in reading files with TNsot == 0 (refs #1120)
Even Rouault [Wed, 20 Jun 2018 13:06:16 +0000 (15:06 +0200)]
Add test cases for https://github.com/uclouvain/openjpeg/issues/1120 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785
Even Rouault [Wed, 20 Jun 2018 12:54:09 +0000 (14:54 +0200)]
Avoid assertion when running opj_j2k_merge_ppt() several time due to
e6674f7ed66abdb32a0be5944f618722b6a7b5d5 revert. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785
Even Rouault [Wed, 20 Jun 2018 12:38:41 +0000 (14:38 +0200)]
Revert "Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz" (fixes #1120)
This reverts commit
9906fbf737692486cebabe98169988d818e2e66a.
which broke decoding of images where TNsot == 0
Stefan Weil [Mon, 18 Jun 2018 12:06:25 +0000 (14:06 +0200)]
Use local type declaration for POSIX standard type only for MS compiler
ssize_t is a POSIX type which is declared in POSIX include files.
Mingw-w64 provides it also for Windows.
Use the local declaration only with MS compilers.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Even Rouault [Sat, 16 Jun 2018 14:17:58 +0000 (16:17 +0200)]
opj_compress: try to make help message of -c switch clearer (fixes #1117)
Even Rouault [Mon, 12 Mar 2018 13:24:20 +0000 (14:24 +0100)]
opj_compress: fix help message regarding default precinct size
Even Rouault [Sun, 4 Mar 2018 22:54:09 +0000 (23:54 +0100)]
Merge pull request #1104 from rouault/macos_fix
Fix Mac builds
Even Rouault [Sun, 4 Mar 2018 22:27:44 +0000 (23:27 +0100)]
Fix Mac builds
Even Rouault [Sun, 4 Mar 2018 22:19:59 +0000 (23:19 +0100)]
Merge pull request #1062 from radarhere/master
Fixed typos
Even Rouault [Sun, 4 Mar 2018 22:16:04 +0000 (23:16 +0100)]
Merge pull request #1094 from kbabioch/fix/missing-format-string-parameter
mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
Even Rouault [Sun, 4 Mar 2018 22:13:45 +0000 (23:13 +0100)]
Merge pull request #1096 from kbabioch/fix/opj_mj2_extract-help
opj_mj2_extract: Rename output_location to output_prefix
Even Rouault [Sun, 4 Mar 2018 22:10:48 +0000 (23:10 +0100)]
Merge pull request #1101 from kbabioch/fix/jp3d-sprintf-overflow
jp3d: Replace sprintf() by snprintf() in volumetobin()
Karol Babioch [Sat, 3 Mar 2018 09:10:32 +0000 (10:10 +0100)]
jp3d: Replace sprintf() by snprintf() in volumetobin()
This replaces the unsafe sprintf() invocation by the safer snprintf()
one, with the correct buffer size to prevent buffer overflows.
This fixes #1085.
Karol Babioch [Fri, 2 Mar 2018 14:19:19 +0000 (15:19 +0100)]
opj_mj2_extract: Rename output_location to output_prefix
This renames the argument in the help output, as the latter better describes
the the purpose of this argument.
Karol Babioch [Fri, 2 Mar 2018 13:03:03 +0000 (14:03 +0100)]
mj2: Add missing variable to format string in fprintf() invocation in meta_out.c
This adds the appropriate variables to the invocation of fprintf(). They were
specified in the format string, but were missing in the actual call. This
fixes #1074 and #1075.
Even Rouault [Sun, 25 Feb 2018 18:59:18 +0000 (19:59 +0100)]
Merge pull request #1090 from stweil/utf8
Convert files to UTF-8 encoding
Even Rouault [Sun, 25 Feb 2018 18:20:38 +0000 (19:20 +0100)]
.travis.yml: temporarily disable OPJ_CI_ASAN=1 (refs #1091)
Stefan Weil [Sat, 24 Feb 2018 13:55:33 +0000 (14:55 +0100)]
openjp3d: Convert ISO-8859 to UTF-8
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Stefan Weil [Sat, 24 Feb 2018 13:51:28 +0000 (14:51 +0100)]
jp3d: Convert ISO-8859 to UTF-8
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Even Rouault [Sun, 25 Feb 2018 17:21:23 +0000 (18:21 +0100)]
Merge pull request #1080 from setharnold/patch-1
fix unchecked integer multiplication overflow
Even Rouault [Sun, 18 Feb 2018 13:38:16 +0000 (14:38 +0100)]
bench_dwt: fix wrong index in iteration (issue found by Fethi Migaou)
setharnold [Thu, 15 Feb 2018 01:46:38 +0000 (17:46 -0800)]
fix unchecked integer multiplication overflow
Hello, this fixes an unchecked integer multiplication overflow. Thanks.
Even Rouault [Sun, 11 Feb 2018 12:31:04 +0000 (13:31 +0100)]
Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions. Credit to Google Autofuzz project for providing test case
Andrew Murray [Fri, 9 Feb 2018 10:02:25 +0000 (21:02 +1100)]
Fixed typos
Even Rouault [Mon, 5 Feb 2018 16:31:49 +0000 (17:31 +0100)]
Merge pull request #1055 from ideasman42/patch-1
Note that seek uses SEEK_SET behavior.
Campbell Barton [Thu, 18 Jan 2018 04:16:03 +0000 (15:16 +1100)]
Note that seek uses SEEK_SET behavior.
Even Rouault [Mon, 8 Jan 2018 08:38:44 +0000 (09:38 +0100)]
opj_t2_encode_packet(): disable setting empty packet header bit to 1 when there is an empty packet
This effectively reverts commit
2609fb8077125b5b31f1bcc2f98c12ff1e6572d7
since it has been reported that
such packets cause decoding issues with cinema J2K hardware
decoders: https://groups.google.com/forum/#!topic/openjpeg/M7M_fLX_Bco
Even Rouault [Sun, 7 Jan 2018 16:49:37 +0000 (17:49 +0100)]
Merge pull request #1047 from stweil/coverity
Fix resource leak (CID 179466)
Even Rouault [Sun, 7 Jan 2018 16:49:08 +0000 (17:49 +0100)]
Merge pull request #1050 from szukw000/changes-for-obsolete-doxygen-tags
Some Doxygen tags are removed
Even Rouault [Sun, 7 Jan 2018 16:45:53 +0000 (17:45 +0100)]
Add known failure for Windows VC10 i386 target (refs #1043)
szukw000 [Sun, 7 Jan 2018 16:11:09 +0000 (17:11 +0100)]
Some Doxygen tags are removed
Stefan Weil [Fri, 15 Dec 2017 15:49:33 +0000 (16:49 +0100)]
Fix resource leak (CID 179466)
Coverity report:
CID 179466 (#1 of 1): Resource leak (RESOURCE_LEAK)
93. leaked_storage: Variable name going out of scope leaks the storage it points to.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Even Rouault [Thu, 30 Nov 2017 14:39:45 +0000 (15:39 +0100)]
Add known failure for i386 target (refs #1043)
Even Rouault [Thu, 30 Nov 2017 13:48:34 +0000 (14:48 +0100)]
opj_j2k_read_cod: remove check for 'No more than one COD marker per tile' (fixes #1043)
This check was added per https://github.com/uclouvain/openjpeg/commit/
daed8cc9195555e101ab708a501af2dfe6d5e001
to fix https://github.com/uclouvain/openjpeg/issues/476 , but it does not seem
to be necessary with latest master (issue476.jp2 doesn't cause memory issues),
and breaks reading legit files.
Even Rouault [Thu, 30 Nov 2017 13:26:17 +0000 (14:26 +0100)]
Fix typo in comments
Even Rouault [Tue, 14 Nov 2017 11:28:44 +0000 (12:28 +0100)]
Merge pull request #1042 from radarhere/cmake
Changed cmake version test to allow for cmake 2.8.11.x
Andrew Murray [Tue, 14 Nov 2017 10:45:09 +0000 (21:45 +1100)]
Changed cmake version test to allow for cmake 2.8.11.x
Even Rouault [Fri, 20 Oct 2017 19:59:14 +0000 (21:59 +0200)]
Merge pull request #1037 from gfiumara/master
Add missing fclose() statement in error condition.
Gregory Fiumara [Fri, 20 Oct 2017 19:31:45 +0000 (15:31 -0400)]
Add missing fclose() statement in error condition.
Even Rouault [Sat, 14 Oct 2017 20:42:12 +0000 (22:42 +0200)]
CMakeLists.txt: turn BUILD_PKGCONFIG_FILES ON by default on Windows if compiler is GCC
Even Rouault [Wed, 11 Oct 2017 23:16:23 +0000 (01:16 +0200)]
opj_j2k_set_threads(): add sanity check to error out if called after opj_read_header()
Even Rouault [Wed, 11 Oct 2017 23:05:04 +0000 (01:05 +0200)]
Improve doc of opj_codec_set_threads()
Even Rouault [Mon, 9 Oct 2017 09:40:43 +0000 (11:40 +0200)]
Unix build: fix regression of 2.3.0 where a shared-only or static-only build lacks the installation target for the library (#1019, fixes regression introduced by
3dfc6ca2bcf06fd1adb6b6b4cecc6c092f08ba0b)
Even Rouault [Fri, 6 Oct 2017 17:25:07 +0000 (19:25 +0200)]
opj_decompress -h: document -threads ALL_CPUS
projects / openjpeg.git / log