[Bf-blender-cvs] [75c9fe4] master: Update bundled openjpeg from 1.5.0 to 1.5.2
Sergey Sharybin
noreply at git.blender.org
Wed Apr 20 11:59:17 CEST 2016
Commit: 75c9fe428fa8ed1dec093de6a7b2dc6ca042f6d6
Author: Sergey Sharybin
Date: Wed Apr 20 10:36:58 2016 +0200
Branches: master
https://developer.blender.org/rB75c9fe428fa8ed1dec093de6a7b2dc6ca042f6d6
Update bundled openjpeg from 1.5.0 to 1.5.2
Solves following issues:
- Quite reasonable amount of paranoid warnings were solved by an upstream
- Upstream seems to have all fixes needed for FreeBSD and OSX already
- Brings all fixes and such from upstream
===================================================================
M extern/libopenjpeg/bio.c
M extern/libopenjpeg/cidx_manager.c
M extern/libopenjpeg/cio.c
M extern/libopenjpeg/cio.h
M extern/libopenjpeg/event.c
M extern/libopenjpeg/image.c
M extern/libopenjpeg/j2k.c
M extern/libopenjpeg/jp2.c
M extern/libopenjpeg/openjpeg.h
M extern/libopenjpeg/opj_config.h
M extern/libopenjpeg/opj_includes.h
M extern/libopenjpeg/opj_malloc.h
D extern/libopenjpeg/patches/fbsd.patch
D extern/libopenjpeg/patches/osx.patch
M extern/libopenjpeg/t1.c
M extern/libopenjpeg/t2.c
M extern/libopenjpeg/tcd.c
===================================================================
diff --git a/extern/libopenjpeg/bio.c b/extern/libopenjpeg/bio.c
index 4c02f46..f04f3e5 100644
--- a/extern/libopenjpeg/bio.c
+++ b/extern/libopenjpeg/bio.c
@@ -42,7 +42,7 @@ Write a bit
@param bio BIO handle
@param b Bit to write (0 or 1)
*/
-static void bio_putbit(opj_bio_t *bio, int b);
+static void bio_putbit(opj_bio_t *bio, unsigned int b);
/**
Read a bit
@param bio BIO handle
@@ -78,7 +78,7 @@ static int bio_byteout(opj_bio_t *bio) {
if (bio->bp >= bio->end) {
return 1;
}
- *bio->bp++ = bio->buf >> 8;
+ *bio->bp++ = (unsigned char)(bio->buf >> 8);
return 0;
}
@@ -92,7 +92,7 @@ static int bio_bytein(opj_bio_t *bio) {
return 0;
}
-static void bio_putbit(opj_bio_t *bio, int b) {
+static void bio_putbit(opj_bio_t *bio, unsigned int b) {
if (bio->ct == 0) {
bio_byteout(bio);
}
@@ -126,7 +126,7 @@ void bio_destroy(opj_bio_t *bio) {
}
int bio_numbytes(opj_bio_t *bio) {
- return (bio->bp - bio->start);
+ return (int)(bio->bp - bio->start);
}
void bio_init_enc(opj_bio_t *bio, unsigned char *bp, int len) {
diff --git a/extern/libopenjpeg/cidx_manager.c b/extern/libopenjpeg/cidx_manager.c
index 6131b93..f3b251f 100644
--- a/extern/libopenjpeg/cidx_manager.c
+++ b/extern/libopenjpeg/cidx_manager.c
@@ -29,8 +29,6 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-#include <stdio.h>
-#include <stdlib.h>
#include "opj_includes.h"
diff --git a/extern/libopenjpeg/cio.c b/extern/libopenjpeg/cio.c
index b8a7ecf..97cccea 100644
--- a/extern/libopenjpeg/cio.c
+++ b/extern/libopenjpeg/cio.c
@@ -30,6 +30,7 @@
*/
#include "opj_includes.h"
+#include <assert.h>
/* ----------------------------------------------------------------------- */
@@ -106,6 +107,7 @@ int OPJ_CALLCONV cio_tell(opj_cio_t *cio) {
* pos : position, in number of bytes, from the beginning of the stream
*/
void OPJ_CALLCONV cio_seek(opj_cio_t *cio, int pos) {
+ assert((cio->start + pos) <= cio->end);
cio->bp = cio->start + pos;
}
@@ -113,6 +115,7 @@ void OPJ_CALLCONV cio_seek(opj_cio_t *cio, int pos) {
* Number of bytes left before the end of the stream.
*/
int cio_numbytesleft(opj_cio_t *cio) {
+ assert((cio->end - cio->bp) >= 0);
return cio->end - cio->bp;
}
@@ -139,6 +142,7 @@ opj_bool cio_byteout(opj_cio_t *cio, unsigned char v) {
* Read a byte.
*/
unsigned char cio_bytein(opj_cio_t *cio) {
+ assert(cio->bp >= cio->start);
if (cio->bp >= cio->end) {
opj_event_msg(cio->cinfo, EVT_ERROR, "read error: passed the end of the codestream (start = %d, current = %d, end = %d\n", cio->start, cio->bp, cio->end);
return 0;
@@ -152,7 +156,7 @@ unsigned char cio_bytein(opj_cio_t *cio) {
* v : value to write
* n : number of bytes to write
*/
-unsigned int cio_write(opj_cio_t *cio, unsigned long long int v, int n) {
+unsigned int cio_write(opj_cio_t *cio, unsigned int64 v, int n) {
int i;
for (i = n - 1; i >= 0; i--) {
if( !cio_byteout(cio, (unsigned char) ((v >> (i << 3)) & 0xff)) )
@@ -173,7 +177,7 @@ unsigned int cio_read(opj_cio_t *cio, int n) {
unsigned int v;
v = 0;
for (i = n - 1; i >= 0; i--) {
- v += cio_bytein(cio) << (i << 3);
+ v += (unsigned int)cio_bytein(cio) << (i << 3);
}
return v;
}
@@ -184,6 +188,10 @@ unsigned int cio_read(opj_cio_t *cio, int n) {
* n : number of bytes to skip
*/
void cio_skip(opj_cio_t *cio, int n) {
+ assert((cio->bp + n) >= cio->bp);
+ if (((cio->bp + n) < cio->start) || ((cio->bp + n) > cio->end)) {
+ assert(0);
+ }
cio->bp += n;
}
diff --git a/extern/libopenjpeg/cio.h b/extern/libopenjpeg/cio.h
index ce1a13e..e627431 100644
--- a/extern/libopenjpeg/cio.h
+++ b/extern/libopenjpeg/cio.h
@@ -31,6 +31,13 @@
#ifndef __CIO_H
#define __CIO_H
+
+#if defined(_MSC_VER) || defined(__BORLANDC__)
+#define int64 __int64
+#else
+#define int64 long long
+#endif
+
/**
@file cio.h
@brief Implementation of a byte input-output process (CIO)
@@ -63,7 +70,7 @@ Write some bytes
@param n Number of bytes to write
@return Returns the number of bytes written or 0 if an error occured
*/
-unsigned int cio_write(opj_cio_t *cio, unsigned long long int v, int n);
+unsigned int cio_write(opj_cio_t *cio, unsigned int64 v, int n);
/**
Read some bytes
@param cio CIO handle
diff --git a/extern/libopenjpeg/event.c b/extern/libopenjpeg/event.c
index 0dc22f1..38db33a 100644
--- a/extern/libopenjpeg/event.c
+++ b/extern/libopenjpeg/event.c
@@ -103,18 +103,17 @@ opj_bool opj_event_msg(opj_common_ptr cinfo, int event_type, const char *fmt, ..
va_list arg;
int str_length/*, i, j*/; /* UniPG */
char message[MSG_SIZE];
- memset(message, 0, MSG_SIZE);
/* initialize the optional parameter list */
va_start(arg, fmt);
- /* check the length of the format string */
- str_length = (strlen(fmt) > MSG_SIZE) ? MSG_SIZE : strlen(fmt);
/* parse the format string and put the result in 'message' */
- vsprintf(message, fmt, arg); /* UniPG */
+ str_length = vsnprintf(message, MSG_SIZE, fmt, arg); /* UniPG */
/* deinitialize the optional parameter list */
va_end(arg);
/* output the message to the user program */
- msg_handler(message, cinfo->client_data);
+ if( str_length > -1 && str_length < MSG_SIZE )
+ msg_handler(message, cinfo->client_data);
+ else return OPJ_FALSE;
}
return OPJ_TRUE;
diff --git a/extern/libopenjpeg/image.c b/extern/libopenjpeg/image.c
index 7c1e7f7..579fd73 100644
--- a/extern/libopenjpeg/image.c
+++ b/extern/libopenjpeg/image.c
@@ -40,7 +40,7 @@ opj_image_t* OPJ_CALLCONV opj_image_create(int numcmpts, opj_image_cmptparm_t *c
image->color_space = clrspc;
image->numcomps = numcmpts;
/* allocate memory for the per-component information */
- image->comps = (opj_image_comp_t*)opj_malloc(image->numcomps * sizeof(opj_image_comp_t));
+ image->comps = (opj_image_comp_t*)opj_calloc(1,image->numcomps * sizeof(opj_image_comp_t));
if(!image->comps) {
fprintf(stderr,"Unable to allocate memory for image.\n");
opj_image_destroy(image);
@@ -86,3 +86,4 @@ void OPJ_CALLCONV opj_image_destroy(opj_image_t *image) {
opj_free(image);
}
}
+
diff --git a/extern/libopenjpeg/j2k.c b/extern/libopenjpeg/j2k.c
index d34c75f..93e5c9e 100644
--- a/extern/libopenjpeg/j2k.c
+++ b/extern/libopenjpeg/j2k.c
@@ -32,6 +32,7 @@
*/
#include "opj_includes.h"
+#include <assert.h>
/** @defgroup J2K J2K - JPEG-2000 codestream reader/writer */
/*@{*/
@@ -404,6 +405,7 @@ static void j2k_write_siz(opj_j2k_t *j2k) {
static void j2k_read_siz(opj_j2k_t *j2k) {
int len, i;
+ int n_comps;
opj_cio_t *cio = j2k->cio;
opj_image_t *image = j2k->image;
@@ -422,12 +424,33 @@ static void j2k_read_siz(opj_j2k_t *j2k) {
if ((image->x0<0)||(image->x1<0)||(image->y0<0)||(image->y1<0)) {
opj_event_msg(j2k->cinfo, EVT_ERROR,
- "%s: invalid image size (x0:%d, x1:%d, y0:%d, y1:%d)\n",
+ "invalid image size (x0:%d, x1:%d, y0:%d, y1:%d)\n",
image->x0,image->x1,image->y0,image->y1);
return;
}
+ n_comps = (len - 36 - 2 ) / 3;
+ assert( (len - 36 - 2 ) % 3 == 0 );
image->numcomps = cio_read(cio, 2); /* Csiz */
+ assert( n_comps == image->numcomps );
+ (void)n_comps;
+
+ /* testcase 4035.pdf.SIGSEGV.d8b.3375 */
+ if (image->x0 > image->x1 || image->y0 > image->y1) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "Error with SIZ marker: negative image size (%d x %d)\n", image->x1 - image->x0, image->y1 - image->y0);
+ return;
+ }
+ /* testcase 2539.pdf.SIGFPE.706.1712 (also 3622.pdf.SIGFPE.706.2916 and 4008.pdf.SIGFPE.706.3345 and maybe more) */
+ if (!(cp->tdx * cp->tdy)) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "Error with SIZ marker: invalid tile size (tdx: %d, tdy: %d)\n", cp->tdx, cp->tdy);
+ return;
+ }
+
+ /* testcase 1610.pdf.SIGSEGV.59c.681 */
+ if (((int64)image->x1) * ((int64)image->y1) != (image->x1 * image->y1)) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "Prevent buffer overflow (x1: %d, y1: %d)\n", image->x1, image->y1);
+ return;
+ }
#ifdef USE_JPWL
if (j2k->cp->correct) {
@@ -466,11 +489,19 @@ static void j2k_read_siz(opj_j2k_t *j2k) {
/* update components number in the jpwl_exp_comps filed */
cp->exp_comps = image->numcomps;
}
+#else
+ (void)len;
#endif /* USE_JPWL */
+ /* prevent division by zero */
+ if (!(cp->tdx * cp->tdy)) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "invalid tile size (tdx: %d, tdy: %d)\n", cp->tdx, cp->tdy);
+ return;
+ }
+
image->comps = (opj_image_comp_t*) opj_calloc(image->numcomps, sizeof(opj_image_comp_t));
for (i = 0; i < image->numcomps; i++) {
- int tmp, w, h;
+ int tmp;
tmp = cio_read(cio, 1); /* Ssiz_i */
image->comps[i].prec = (tmp & 0x7f) + 1;
image->comps[i].sgnd = tmp >> 7;
@@ -506,9 +537,11 @@ static void j2k_read_siz(opj_j2k_t *j2k) {
}
#endif /* USE_JPWL */
- /* TODO: unused ? */
- w = int_ceildiv(image->x1 - image->x0, image->comps[i].dx);
- h = int_ceildiv(image->y1 - image->y0, image->comps[i].dy);
+ /* prevent division by zero */
+ if (!(image->comps[i].dx * image->comps[i].dy)) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "JPWL: invalid component size (dx: %d, dy: %d)\n", image->comps[i].dx, image->comps[i].dy);
+ return;
+ }
image->comps[i].resno_decoded = 0; /* number of resolution decoded */
image->comps[i].factor = cp->reduce; /* reducing factor per component */
@@ -517,6 +550,15 @@ static void j2k_read_siz(opj_j2k_t *j2k) {
cp->tw = int_ceildiv(image->x1 - cp->tx0, cp->tdx);
cp->th = int_ceildiv(image->y1 - cp->ty0, cp->tdy);
+ /* gdal_fuzzer_check_number_of_tiles.jp2 */
+ if (cp->tw == 0 || cp->th == 0 || cp->tw > 65535 / cp->th) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR,
+ "Invalid number of tiles : %u x %u (maximum fixed by jpeg2000 norm is 65535 tiles)\n",
+ cp->tw, cp->th);
+ return;
+ }
+
+
#ifdef USE_JPWL
if (j2k->cp->correct) {
/* if JPWL is on, we check whether TX errors have damaged
@@ -558,7 +600,17 @@ static void j2k_read_siz(opj_j2k_t *j2k) {
#endif /* USE_JPWL */
cp->tcps = (opj_tcp_t*) opj_calloc(cp->tw * cp->th, sizeof(opj_tcp_t));
+ if (cp->tcps == NULL)
+ {
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "Out of memory\n");
+ return;
+ }
@@ Diff output truncated at 10240 characters. @@
More information about the Bf-blender-cvs
mailing list