core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c - Issue 589243004: Update openjpeg

Side by Side Diff: core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c

Issue 589243004: Update openjpeg (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Merge security fixes from openjpeg r2883 Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t1.c ('K') | « core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t1.c ('k') | core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/tcd.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * The copyright in this software is being made available under the 2-clauses	2 * The copyright in this software is being made available under the 2-clauses

3 * BSD License, included below. This software may be subject to other third	3 * BSD License, included below. This software may be subject to other third

4 * party and contributor rights, including patent rights, and no such rights	4 * party and contributor rights, including patent rights, and no such rights

5 * are granted under this license.	5 * are granted under this license.

6 *	6 *

7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium	7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium

8 * Copyright (c) 2002-2014, Professor Benoit Macq	8 * Copyright (c) 2002-2014, Professor Benoit Macq

9 * Copyright (c) 2001-2003, David Janssens	9 * Copyright (c) 2001-2003, David Janssens

10 * Copyright (c) 2002-2003, Yannick Verschueren	10 * Copyright (c) 2002-2003, Yannick Verschueren

(...skipping 581 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
592 cblk = &prc->cblks.enc[cblkno];	592 cblk = &prc->cblks.enc[cblkno];

593	593

594 cblk->numpasses = 0;	594 cblk->numpasses = 0;

595 opj_tgt_setvalue(prc->imsbtree, cblkno, band->nu mbps - (OPJ_INT32)cblk->numbps);	595 opj_tgt_setvalue(prc->imsbtree, cblkno, band->nu mbps - (OPJ_INT32)cblk->numbps);

596 }	596 }

597 ++band;	597 ++band;

598 }	598 }

599 }	599 }

600	600

601 bio = opj_bio_create();	601 bio = opj_bio_create();

	602 if (!bio) {

	603 /* FIXME event manager error callback */

	604 return OPJ_FALSE;

	605 }

602 opj_bio_init_enc(bio, c, length);	606 opj_bio_init_enc(bio, c, length);

603 opj_bio_write(bio, 1, 1); /* Empty header bit */	607 opj_bio_write(bio, 1, 1); /* Empty header bit */

604	608

605 /* Writing Packet header */	609 /* Writing Packet header */

606 band = res->bands;	610 band = res->bands;

607 for (bandno = 0; bandno < res->numbands; ++bandno) {	611 for (bandno = 0; bandno < res->numbands; ++bandno) {

608 opj_tcd_precinct_t *prc = &band->precincts[precno];	612 opj_tcd_precinct_t *prc = &band->precincts[precno];

609	613

610 l_nb_blocks = prc->cw * prc->ch;	614 l_nb_blocks = prc->cw * prc->ch;

611 cblk = prc->cblks.enc;	615 cblk = prc->cblks.enc;

(...skipping 510 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1122 else {	1126 else {

1123 l_seg = &l_cblk->segs[l_cblk->numsegs - 1];	1127 l_seg = &l_cblk->segs[l_cblk->numsegs - 1];

1124	1128

1125 if (l_seg->numpasses == l_seg->maxpasses) {	1129 if (l_seg->numpasses == l_seg->maxpasses) {

1126 ++l_seg;	1130 ++l_seg;

1127 ++l_cblk->numsegs;	1131 ++l_cblk->numsegs;

1128 }	1132 }

1129 }	1133 }

1130	1134

1131 do {	1135 do {

1132 if (l_current_data + l_seg->newlen > p_src_data + p_max_length) {	1136 /* Check possible overflow (on l_current_data on ly, assumes input args already checked) then size */

	1137 if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen ) < (OPJ_SIZE_T)l_current_data) \|\| (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
	Tom Sepez 2014/09/24 22:33:55 This check doesn't quite do what we want, and may This check doesn't quite do what we want, and may be removed by an aggressive optimizer. We're doing pointer artithmetic (where overflow is undefined) and then casting to unsigned rather than casting to unsigned (where overflow is defined) and then doing unsigned arithmetic. [You also would be better off using uintptr_t or your equivalent instead of size_t, for the sake of strict correctness.] you mean: if (((OPJ_SIZE_T)l_current_data) + ((OPJ_SIZE_T)l_seg->newline)) < ...
1133 fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",	1138 fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",

1134 l_seg->newlen, p_max_length, cbl kno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);	1139 l_seg->newlen, p_max_length, cbl kno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);

1135 return OPJ_FALSE;	1140 return OPJ_FALSE;

1136 }	1141 }

1137	1142

1138 #ifdef USE_JPWL	1143 #ifdef USE_JPWL

1139 /* we need here a j2k handle to verify if making a check to	1144 /* we need here a j2k handle to verify if making a check to

1140 the validity of cblocks parameters is selected from user (-W) */	1145 the validity of cblocks parameters is selected from user (-W) */

1141	1146

1142 /* let's check that we are not exceeding */	1147 /* let's check that we are not exceeding */

(...skipping 192 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1335 seg->maxpasses = 10;	1340 seg->maxpasses = 10;

1336 } else {	1341 } else {

1337 seg->maxpasses = (((seg - 1)->maxpasses == 1) \|\| ((seg - 1)->maxpasses == 10)) ? 2 : 1;	1342 seg->maxpasses = (((seg - 1)->maxpasses == 1) \|\| ((seg - 1)->maxpasses == 10)) ? 2 : 1;

1338 }	1343 }

1339 } else {	1344 } else {

1340 seg->maxpasses = 109;	1345 seg->maxpasses = 109;

1341 }	1346 }

1342	1347

1343 return OPJ_TRUE;	1348 return OPJ_TRUE;

1344 }	1349 }

OLD	NEW