OLD | NEW |
1 /* | 1 /* |
2 * The copyright in this software is being made available under the 2-clauses | 2 * The copyright in this software is being made available under the 2-clauses |
3 * BSD License, included below. This software may be subject to other third | 3 * BSD License, included below. This software may be subject to other third |
4 * party and contributor rights, including patent rights, and no such rights | 4 * party and contributor rights, including patent rights, and no such rights |
5 * are granted under this license. | 5 * are granted under this license. |
6 * | 6 * |
7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium | 7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium |
8 * Copyright (c) 2002-2014, Professor Benoit Macq | 8 * Copyright (c) 2002-2014, Professor Benoit Macq |
9 * Copyright (c) 2001-2003, David Janssens | 9 * Copyright (c) 2001-2003, David Janssens |
10 * Copyright (c) 2002-2003, Yannick Verschueren | 10 * Copyright (c) 2002-2003, Yannick Verschueren |
(...skipping 746 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
757 } | 757 } |
758 | 758 |
759 static OPJ_BOOL opj_jp2_check_color(opj_image_t *image, opj_jp2_color_t *color,
opj_event_mgr_t *p_manager) | 759 static OPJ_BOOL opj_jp2_check_color(opj_image_t *image, opj_jp2_color_t *color,
opj_event_mgr_t *p_manager) |
760 { | 760 { |
761 OPJ_UINT16 i; | 761 OPJ_UINT16 i; |
762 | 762 |
763 /* testcase 4149.pdf.SIGSEGV.cf7.3501 */ | 763 /* testcase 4149.pdf.SIGSEGV.cf7.3501 */ |
764 if (color->jp2_cdef) { | 764 if (color->jp2_cdef) { |
765 opj_jp2_cdef_info_t *info = color->jp2_cdef->info; | 765 opj_jp2_cdef_info_t *info = color->jp2_cdef->info; |
766 OPJ_UINT16 n = color->jp2_cdef->n; | 766 OPJ_UINT16 n = color->jp2_cdef->n; |
| 767 OPJ_UINT32 nr_channels = image->numcomps; /* FIXME image->numcom
ps == jp2->numcomps before color is applied ??? */ |
| 768 |
| 769 /* cdef applies to cmap channels if any */ |
| 770 if (color->jp2_pclr && color->jp2_pclr->cmap) { |
| 771 nr_channels = (OPJ_UINT32)color->jp2_pclr->nr_channels; |
| 772 } |
767 | 773 |
768 for (i = 0; i < n; i++) { | 774 for (i = 0; i < n; i++) { |
769 if (info[i].cn >= image->numcomps) { | 775 if (info[i].cn >= image->numcomps) { |
770 opj_event_msg(p_manager, EVT_ERROR, "Invalid com
ponent index %d (>= %d).\n", info[i].cn, image->numcomps); | 776 opj_event_msg(p_manager, EVT_ERROR, "Invalid com
ponent index %d (>= %d).\n", info[i].cn, image->numcomps); |
771 return OPJ_FALSE; | 777 return OPJ_FALSE; |
772 } | 778 } |
773 if (info[i].asoc > 0 && (OPJ_UINT32)(info[i].asoc - 1) >
= image->numcomps) { | 779 if (info[i].asoc > 0 && (OPJ_UINT32)(info[i].asoc - 1) >
= image->numcomps) { |
774 opj_event_msg(p_manager, EVT_ERROR, "Invalid com
ponent index %d (>= %d).\n", info[i].asoc - 1, image->numcomps); | 780 opj_event_msg(p_manager, EVT_ERROR, "Invalid com
ponent index %d (>= %d).\n", info[i].asoc - 1, image->numcomps); |
775 return OPJ_FALSE; | 781 return OPJ_FALSE; |
776 } | 782 } |
777 } | 783 } |
| 784 |
| 785 /* issue 397 */ |
| 786 /* ISO 15444-1 states that if cdef is present, it shall contain
a complete list of channel definitions. */ |
| 787 while (nr_channels > 0) |
| 788 { |
| 789 for(i = 0; i < n; ++i) { |
| 790 if ((OPJ_UINT32)info[i].cn == (nr_channels - 1U)
) { |
| 791 break; |
| 792 } |
| 793 } |
| 794 if (i == n) { |
| 795 opj_event_msg(p_manager, EVT_ERROR, "Incomplete
channel definitions.\n"); |
| 796 return OPJ_FALSE; |
| 797 } |
| 798 --nr_channels; |
| 799 } |
778 } | 800 } |
779 | 801 |
780 /* testcases 451.pdf.SIGSEGV.f4c.3723, 451.pdf.SIGSEGV.5b5.3723 and | 802 /* testcases 451.pdf.SIGSEGV.f4c.3723, 451.pdf.SIGSEGV.5b5.3723 and |
781 66ea31acbb0f23a2bbc91f64d69a03f5_signal_sigsegv_13937c0_7030_5725.pdf
*/ | 803 66ea31acbb0f23a2bbc91f64d69a03f5_signal_sigsegv_13937c0_7030_5725.pdf
*/ |
782 if (color->jp2_pclr && color->jp2_pclr->cmap) { | 804 if (color->jp2_pclr && color->jp2_pclr->cmap) { |
783 OPJ_UINT16 nr_channels = color->jp2_pclr->nr_channels; | 805 OPJ_UINT16 nr_channels = color->jp2_pclr->nr_channels; |
784 opj_jp2_cmap_comp_t *cmap = color->jp2_pclr->cmap; | 806 opj_jp2_cmap_comp_t *cmap = color->jp2_pclr->cmap; |
785 OPJ_BOOL *pcol_usage, is_sane = OPJ_TRUE; | 807 OPJ_BOOL *pcol_usage, is_sane = OPJ_TRUE; |
786 | 808 |
787 /* verify that all original components match an existing one */ | 809 /* verify that all original components match an existing one */ |
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1010 channel_size[i] = (OPJ_BYTE)((l_value & 0x7f) + 1); | 1032 channel_size[i] = (OPJ_BYTE)((l_value & 0x7f) + 1); |
1011 channel_sign[i] = (l_value & 0x80) ? 1 : 0; | 1033 channel_sign[i] = (l_value & 0x80) ? 1 : 0; |
1012 } | 1034 } |
1013 | 1035 |
1014 for(j = 0; j < nr_entries; ++j) { | 1036 for(j = 0; j < nr_entries; ++j) { |
1015 for(i = 0; i < nr_channels; ++i) { | 1037 for(i = 0; i < nr_channels; ++i) { |
1016 OPJ_UINT32 bytes_to_read = (OPJ_UINT32)((channel_size[i]
+7)>>3); | 1038 OPJ_UINT32 bytes_to_read = (OPJ_UINT32)((channel_size[i]
+7)>>3); |
1017 | 1039 |
1018 if (bytes_to_read > sizeof(OPJ_UINT32)) | 1040 if (bytes_to_read > sizeof(OPJ_UINT32)) |
1019 bytes_to_read = sizeof(OPJ_UINT32); | 1041 bytes_to_read = sizeof(OPJ_UINT32); |
1020 » » » if ((ptrdiff_t)p_pclr_header_size < p_pclr_header_data -
orig_header_data + (ptrdiff_t)bytes_to_read) | 1042 » » » if ((ptrdiff_t)p_pclr_header_size < (ptrdiff_t)(p_pclr_h
eader_data - orig_header_data) + (ptrdiff_t)bytes_to_read) |
1021 return OPJ_FALSE; | 1043 return OPJ_FALSE; |
1022 | 1044 |
1023 opj_read_bytes(p_pclr_header_data, &l_value , bytes_to_r
ead); /* Cji */ | 1045 opj_read_bytes(p_pclr_header_data, &l_value , bytes_to_r
ead); /* Cji */ |
1024 p_pclr_header_data += bytes_to_read; | 1046 p_pclr_header_data += bytes_to_read; |
1025 *entries = (OPJ_UINT32) l_value; | 1047 *entries = (OPJ_UINT32) l_value; |
1026 entries++; | 1048 entries++; |
1027 } | 1049 } |
1028 } | 1050 } |
1029 | 1051 |
1030 return OPJ_TRUE; | 1052 return OPJ_TRUE; |
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1273 { | 1295 { |
1274 opj_read_bytes(p_colr_header_data,&l_value,1);
/* icc values */ | 1296 opj_read_bytes(p_colr_header_data,&l_value,1);
/* icc values */ |
1275 ++p_colr_header_data; | 1297 ++p_colr_header_data; |
1276 jp2->color.icc_profile_buf[it_icc_value] = (OPJ_BYTE) l_
value; | 1298 jp2->color.icc_profile_buf[it_icc_value] = (OPJ_BYTE) l_
value; |
1277 } | 1299 } |
1278 | 1300 |
1279 jp2->color.jp2_has_colr = 1; | 1301 jp2->color.jp2_has_colr = 1; |
1280 } | 1302 } |
1281 else if (jp2->meth > 2) | 1303 else if (jp2->meth > 2) |
1282 { | 1304 { |
1283 /*» ISO/IEC 15444-1:2004 (E), Table I.9 Legal METH values: | 1305 /*» ISO/IEC 15444-1:2004 (E), Table I.9 Legal METH values: |
1284 conforming JP2 reader shall ignore the entire Colour Specification box.*
/ | 1306 conforming JP2 reader shall ignore the entire Colour Specification box.*
/ |
1285 opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular
value (%d), " | 1307 opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular
value (%d), " |
1286 "so we will ignore the entire Colour Specification box. \n", jp2->me
th); | 1308 "so we will ignore the entire Colour Specification box. \n", jp2->me
th); |
1287 } | 1309 } |
1288 return OPJ_TRUE; | 1310 return OPJ_TRUE; |
1289 } | 1311 } |
1290 | 1312 |
1291 OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2, | 1313 OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2, |
1292 opj_stream_private_t *p_stream, | 1314 opj_stream_private_t *p_stream, |
1293 opj_image_t* p_image, | 1315 opj_image_t* p_image, |
(...skipping 542 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1836 opj_free(l_current_data); | 1858 opj_free(l_current_data); |
1837 return OPJ_FALSE; | 1859 return OPJ_FALSE; |
1838 } | 1860 } |
1839 } | 1861 } |
1840 else if (box.length == 0) { | 1862 else if (box.length == 0) { |
1841 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o
f undefined sizes\n"); | 1863 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o
f undefined sizes\n"); |
1842 opj_free(l_current_data); | 1864 opj_free(l_current_data); |
1843 return OPJ_FALSE; | 1865 return OPJ_FALSE; |
1844 } | 1866 } |
1845 /* testcase 1851.pdf.SIGSEGV.ce9.948 */ | 1867 /* testcase 1851.pdf.SIGSEGV.ce9.948 */ |
1846 » » else if»(box.length < l_nb_bytes_read) { | 1868 else if (box.length < l_nb_bytes_read) { |
1847 opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d
(%x)\n", box.length, box.type); | 1869 opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d
(%x)\n", box.length, box.type); |
1848 opj_free(l_current_data); | 1870 opj_free(l_current_data); |
1849 return OPJ_FALSE; | 1871 return OPJ_FALSE; |
1850 } | 1872 } |
1851 | 1873 |
1852 l_current_handler = opj_jp2_find_handler(box.type); | 1874 l_current_handler = opj_jp2_find_handler(box.type); |
1853 l_current_data_size = box.length - l_nb_bytes_read; | 1875 l_current_data_size = box.length - l_nb_bytes_read; |
1854 | 1876 |
1855 if (l_current_handler != 00) { | 1877 if (l_current_handler != 00) { |
| 1878 if ((OPJ_OFF_T)l_current_data_size > opj_stream_get_numb
er_byte_left(stream)) { |
| 1879 /* do not even try to malloc if we can't read */ |
| 1880 opj_event_msg(p_manager, EVT_ERROR, "Invalid box
size %d for box '%c%c%c%c'. Need %d bytes, %d bytes remaining \n", box.length,
(OPJ_BYTE)(box.type>>24), (OPJ_BYTE)(box.type>>16), (OPJ_BYTE)(box.type>>8), (OP
J_BYTE)(box.type>>0), l_current_data_size, (OPJ_UINT32)opj_stream_get_number_byt
e_left(stream)); |
| 1881 opj_free(l_current_data); |
| 1882 return OPJ_FALSE; |
| 1883 } |
1856 if (l_current_data_size > l_last_data_size) { | 1884 if (l_current_data_size > l_last_data_size) { |
1857 OPJ_BYTE* new_current_data = (OPJ_BYTE*)opj_real
loc(l_current_data,l_current_data_size); | 1885 OPJ_BYTE* new_current_data = (OPJ_BYTE*)opj_real
loc(l_current_data,l_current_data_size); |
1858 if (!new_current_data) { | 1886 if (!new_current_data) { |
1859 opj_free(l_current_data); | 1887 opj_free(l_current_data); |
1860 opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to ha
ndle jpeg2000 box\n"); | 1888 opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to ha
ndle jpeg2000 box\n"); |
1861 return OPJ_FALSE; | 1889 return OPJ_FALSE; |
1862 } | 1890 } |
1863 l_current_data = new_current_data; | 1891 l_current_data = new_current_data; |
1864 l_last_data_size = l_current_data_size; | 1892 l_last_data_size = l_current_data_size; |
1865 } | 1893 } |
(...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2157 */ | 2185 */ |
2158 static OPJ_BOOL opj_jp2_read_jp2h( opj_jp2_t *jp2, | 2186 static OPJ_BOOL opj_jp2_read_jp2h( opj_jp2_t *jp2, |
2159 OPJ_BYTE *p_header_data, | 2187 OPJ_BYTE *p_header_data, |
2160 OPJ_UINT32 p_header_size, | 2188 OPJ_UINT32 p_header_size, |
2161 opj_event_mgr_t * p_manager | 2189 opj_event_mgr_t * p_manager |
2162 ) | 2190 ) |
2163 { | 2191 { |
2164 OPJ_UINT32 l_box_size=0, l_current_data_size = 0; | 2192 OPJ_UINT32 l_box_size=0, l_current_data_size = 0; |
2165 opj_jp2_box_t box; | 2193 opj_jp2_box_t box; |
2166 const opj_jp2_header_handler_t * l_current_handler; | 2194 const opj_jp2_header_handler_t * l_current_handler; |
| 2195 OPJ_BOOL l_has_ihdr = 0; |
2167 | 2196 |
2168 /* preconditions */ | 2197 /* preconditions */ |
2169 assert(p_header_data != 00); | 2198 assert(p_header_data != 00); |
2170 assert(jp2 != 00); | 2199 assert(jp2 != 00); |
2171 assert(p_manager != 00); | 2200 assert(p_manager != 00); |
2172 | 2201 |
2173 /* make sure the box is well placed */ | 2202 /* make sure the box is well placed */ |
2174 if ((jp2->jp2_state & JP2_STATE_FILE_TYPE) != JP2_STATE_FILE_TYPE ) { | 2203 if ((jp2->jp2_state & JP2_STATE_FILE_TYPE) != JP2_STATE_FILE_TYPE ) { |
2175 opj_event_msg(p_manager, EVT_ERROR, "The box must be the first
box in the file.\n"); | 2204 opj_event_msg(p_manager, EVT_ERROR, "The box must be the first
box in the file.\n"); |
2176 return OPJ_FALSE; | 2205 return OPJ_FALSE; |
(...skipping 20 matching lines...) Expand all Loading... |
2197 | 2226 |
2198 if (l_current_handler != 00) { | 2227 if (l_current_handler != 00) { |
2199 if (! l_current_handler->handler(jp2,p_header_data,l_cur
rent_data_size,p_manager)) { | 2228 if (! l_current_handler->handler(jp2,p_header_data,l_cur
rent_data_size,p_manager)) { |
2200 return OPJ_FALSE; | 2229 return OPJ_FALSE; |
2201 } | 2230 } |
2202 } | 2231 } |
2203 else { | 2232 else { |
2204 jp2->jp2_img_state |= JP2_IMG_STATE_UNKNOWN; | 2233 jp2->jp2_img_state |= JP2_IMG_STATE_UNKNOWN; |
2205 } | 2234 } |
2206 | 2235 |
| 2236 if (box.type == JP2_IHDR) { |
| 2237 l_has_ihdr = 1; |
| 2238 } |
| 2239 |
2207 p_header_data += l_current_data_size; | 2240 p_header_data += l_current_data_size; |
2208 p_header_size -= box.length; | 2241 p_header_size -= box.length; |
2209 } | 2242 } |
2210 | 2243 |
| 2244 if (l_has_ihdr == 0) { |
| 2245 opj_event_msg(p_manager, EVT_ERROR, "Stream error while reading
JP2 Header box: no 'ihdr' box.\n"); |
| 2246 return OPJ_FALSE; |
| 2247 } |
| 2248 |
2211 jp2->jp2_state |= JP2_STATE_HEADER; | 2249 jp2->jp2_state |= JP2_STATE_HEADER; |
2212 | 2250 |
2213 return OPJ_TRUE; | 2251 return OPJ_TRUE; |
2214 } | 2252 } |
2215 | 2253 |
2216 OPJ_BOOL opj_jp2_read_boxhdr_char( opj_jp2_box_t *box, | 2254 OPJ_BOOL opj_jp2_read_boxhdr_char( opj_jp2_box_t *box, |
2217 OPJ_BYTE * p_data, | 2255 OPJ_BYTE * p_data, |
2218 OPJ_UINT32 * p_number_bytes_read, | 2256 OPJ_UINT32 * p_number_bytes_read, |
2219 OPJ_UINT32 p_box_max_size, | 2257 OPJ_UINT32 p_box_max_size, |
2220 opj_event_mgr_t * p_manager | 2258 opj_event_mgr_t * p_manager |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2269 | 2307 |
2270 if (box->length == 0) { | 2308 if (box->length == 0) { |
2271 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o
f undefined sizes\n"); | 2309 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o
f undefined sizes\n"); |
2272 return OPJ_FALSE; | 2310 return OPJ_FALSE; |
2273 } | 2311 } |
2274 } | 2312 } |
2275 else if (box->length == 0) { | 2313 else if (box->length == 0) { |
2276 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box of undefi
ned sizes\n"); | 2314 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box of undefi
ned sizes\n"); |
2277 return OPJ_FALSE; | 2315 return OPJ_FALSE; |
2278 } | 2316 } |
2279 | 2317 » if (box->length < *p_number_bytes_read) { |
| 2318 » » opj_event_msg(p_manager, EVT_ERROR, "Box length is inconsistent.
\n"); |
| 2319 » » return OPJ_FALSE; |
| 2320 » } |
2280 return OPJ_TRUE; | 2321 return OPJ_TRUE; |
2281 } | 2322 } |
2282 | 2323 |
2283 OPJ_BOOL opj_jp2_read_header( opj_stream_private_t *p_stream, | 2324 OPJ_BOOL opj_jp2_read_header( opj_stream_private_t *p_stream, |
2284 opj_jp2_t *jp2, | 2325 opj_jp2_t *jp2, |
2285 opj_image_t ** p_image, | 2326 opj_image_t ** p_image, |
2286 opj_event_mgr_t * p_manager | 2327 opj_event_mgr_t * p_manager |
2287 ) | 2328 ) |
2288 { | 2329 { |
2289 /* preconditions */ | 2330 /* preconditions */ |
(...skipping 489 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2779 len = opj_stream_tell(cio)-lenp; | 2820 len = opj_stream_tell(cio)-lenp; |
2780 opj_stream_skip(cio, lenp, p_manager); | 2821 opj_stream_skip(cio, lenp, p_manager); |
2781 opj_write_bytes(l_data_header,len,4);/* L */ | 2822 opj_write_bytes(l_data_header,len,4);/* L */ |
2782 opj_stream_write_data(cio,l_data_header,4,p_manager); | 2823 opj_stream_write_data(cio,l_data_header,4,p_manager); |
2783 opj_stream_seek(cio, lenp+len,p_manager); | 2824 opj_stream_seek(cio, lenp+len,p_manager); |
2784 | 2825 |
2785 return len; | 2826 return len; |
2786 } | 2827 } |
2787 #endif | 2828 #endif |
2788 #endif /* USE_JPIP */ | 2829 #endif /* USE_JPIP */ |
OLD | NEW |