| Index: core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c
|
| diff --git a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c
|
| index de054acc545155409d58de65294899841510bab8..f2a7c9a57cbd659b127a3bc75bcc409327436619 100644
|
| --- a/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c
|
| +++ b/core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c
|
| @@ -218,7 +218,7 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2,
|
| opj_image_t *l_image = p_t2->image;
|
| opj_cp_t *l_cp = p_t2->cp;
|
| opj_tcp_t *l_tcp = &l_cp->tcps[p_tile_no];
|
| - OPJ_UINT32 pocno = l_cp->m_specific_param.m_enc.m_cinema == OPJ_CINEMA4K_24? 2: 1;
|
| + OPJ_UINT32 pocno = (l_cp->rsiz == OPJ_PROFILE_CINEMA_4K)? 2: 1;
|
| OPJ_UINT32 l_max_comp = l_cp->m_specific_param.m_enc.m_max_comp_size > 0 ? l_image->numcomps : 1;
|
| OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1;
|
|
|
| @@ -477,11 +477,10 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2,
|
| opj_t2_t* opj_t2_create(opj_image_t *p_image, opj_cp_t *p_cp)
|
| {
|
| /* create the t2 structure */
|
| - opj_t2_t *l_t2 = (opj_t2_t*)opj_malloc(sizeof(opj_t2_t));
|
| + opj_t2_t *l_t2 = (opj_t2_t*)opj_calloc(1,sizeof(opj_t2_t));
|
| if (!l_t2) {
|
| return NULL;
|
| }
|
| - memset(l_t2,0,sizeof(opj_t2_t));
|
|
|
| l_t2->image = p_image;
|
| l_t2->cp = p_cp;
|
| @@ -599,6 +598,10 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno,
|
| }
|
|
|
| bio = opj_bio_create();
|
| + if (!bio) {
|
| + /* FIXME event manager error callback */
|
| + return OPJ_FALSE;
|
| + }
|
| opj_bio_init_enc(bio, c, length);
|
| opj_bio_write(bio, 1, 1); /* Empty header bit */
|
|
|
| @@ -863,11 +866,10 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
|
| if (p_tcp->csty & J2K_CP_CSTY_SOP) {
|
| if (p_max_length < 6) {
|
| /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Not enough space for expected SOP marker\n"); */
|
| - printf("Not enough space for expected SOP marker\n");
|
| + fprintf(stderr, "Not enough space for expected SOP marker\n");
|
| } else if ((*l_current_data) != 0xff || (*(l_current_data + 1) != 0x91)) {
|
| /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Expected SOP marker\n"); */
|
| - printf("Expected SOP marker\n");
|
| - fprintf(stderr, "Error : expected SOP marker\n");
|
| + fprintf(stderr, "Warning: expected SOP marker\n");
|
| } else {
|
| l_current_data += 6;
|
| }
|
| @@ -917,7 +919,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
|
|
|
| /* EPH markers */
|
| if (p_tcp->csty & J2K_CP_CSTY_EPH) {
|
| - if (p_max_length < 2) {
|
| + if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
|
| fprintf(stderr, "Not enough space for expected EPH marker\n");
|
| } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
|
| fprintf(stderr, "Error : expected EPH marker\n");
|
| @@ -1045,7 +1047,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
|
|
|
| /* EPH markers */
|
| if (p_tcp->csty & J2K_CP_CSTY_EPH) {
|
| - if (p_max_length < 2) {
|
| + if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
|
| fprintf(stderr, "Not enough space for expected EPH marker\n");
|
| } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
|
| /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */
|
| @@ -1129,7 +1131,8 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2,
|
| }
|
|
|
| do {
|
| - if (l_current_data + l_seg->newlen > p_src_data + p_max_length) {
|
| + /* Check possible overflow (on l_current_data only, assumes input args already checked) then size */
|
| + if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
|
| fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
|
| l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
|
| return OPJ_FALSE;
|
| @@ -1154,11 +1157,18 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2,
|
| };
|
|
|
| #endif /* USE_JPWL */
|
| + /* Check possible overflow on size */
|
| + if ((l_cblk->data_current_size + l_seg->newlen) < l_cblk->data_current_size) {
|
| + fprintf(stderr, "read: segment too long (%d) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
|
| + l_seg->newlen, l_cblk->data_current_size, 0xFFFFFFFF - l_seg->newlen, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
|
| + return OPJ_FALSE;
|
| + }
|
| /* Check if the cblk->data have allocated enough memory */
|
| if ((l_cblk->data_current_size + l_seg->newlen) > l_cblk->data_max_size) {
|
| OPJ_BYTE* new_cblk_data = (OPJ_BYTE*) opj_realloc(l_cblk->data, l_cblk->data_current_size + l_seg->newlen);
|
| if(! new_cblk_data) {
|
| opj_free(l_cblk->data);
|
| + l_cblk->data = NULL;
|
| l_cblk->data_max_size = 0;
|
| /* opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to realloc code block cata!\n"); */
|
| return OPJ_FALSE;
|
| @@ -1197,6 +1207,7 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2,
|
|
|
| *(p_data_read) = (OPJ_UINT32)(l_current_data - p_src_data);
|
|
|
| +
|
| return OPJ_TRUE;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 589243004:
Update openjpeg (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master