Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1156)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/jp2.c

Issue 670813002: Update openjpeg to r2908 (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/j2k.c ('k') | core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * The copyright in this software is being made available under the 2-clauses 2 * The copyright in this software is being made available under the 2-clauses
3 * BSD License, included below. This software may be subject to other third 3 * BSD License, included below. This software may be subject to other third
4 * party and contributor rights, including patent rights, and no such rights 4 * party and contributor rights, including patent rights, and no such rights
5 * are granted under this license. 5 * are granted under this license.
6 * 6 *
7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium 7 * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium
8 * Copyright (c) 2002-2014, Professor Benoit Macq 8 * Copyright (c) 2002-2014, Professor Benoit Macq
9 * Copyright (c) 2001-2003, David Janssens 9 * Copyright (c) 2001-2003, David Janssens
10 * Copyright (c) 2002-2003, Yannick Verschueren 10 * Copyright (c) 2002-2003, Yannick Verschueren
(...skipping 746 matching lines...) Expand 10 before | Expand all | Expand 10 after
757 } 757 }
758 758
759 static OPJ_BOOL opj_jp2_check_color(opj_image_t *image, opj_jp2_color_t *color, opj_event_mgr_t *p_manager) 759 static OPJ_BOOL opj_jp2_check_color(opj_image_t *image, opj_jp2_color_t *color, opj_event_mgr_t *p_manager)
760 { 760 {
761 OPJ_UINT16 i; 761 OPJ_UINT16 i;
762 762
763 /* testcase 4149.pdf.SIGSEGV.cf7.3501 */ 763 /* testcase 4149.pdf.SIGSEGV.cf7.3501 */
764 if (color->jp2_cdef) { 764 if (color->jp2_cdef) {
765 opj_jp2_cdef_info_t *info = color->jp2_cdef->info; 765 opj_jp2_cdef_info_t *info = color->jp2_cdef->info;
766 OPJ_UINT16 n = color->jp2_cdef->n; 766 OPJ_UINT16 n = color->jp2_cdef->n;
767 OPJ_UINT32 nr_channels = image->numcomps; /* FIXME image->numcom ps == jp2->numcomps before color is applied ??? */
768
769 /* cdef applies to cmap channels if any */
770 if (color->jp2_pclr && color->jp2_pclr->cmap) {
771 nr_channels = (OPJ_UINT32)color->jp2_pclr->nr_channels;
772 }
767 773
768 for (i = 0; i < n; i++) { 774 for (i = 0; i < n; i++) {
769 if (info[i].cn >= image->numcomps) { 775 if (info[i].cn >= image->numcomps) {
770 opj_event_msg(p_manager, EVT_ERROR, "Invalid com ponent index %d (>= %d).\n", info[i].cn, image->numcomps); 776 opj_event_msg(p_manager, EVT_ERROR, "Invalid com ponent index %d (>= %d).\n", info[i].cn, image->numcomps);
771 return OPJ_FALSE; 777 return OPJ_FALSE;
772 } 778 }
773 if (info[i].asoc > 0 && (OPJ_UINT32)(info[i].asoc - 1) > = image->numcomps) { 779 if (info[i].asoc > 0 && (OPJ_UINT32)(info[i].asoc - 1) > = image->numcomps) {
774 opj_event_msg(p_manager, EVT_ERROR, "Invalid com ponent index %d (>= %d).\n", info[i].asoc - 1, image->numcomps); 780 opj_event_msg(p_manager, EVT_ERROR, "Invalid com ponent index %d (>= %d).\n", info[i].asoc - 1, image->numcomps);
775 return OPJ_FALSE; 781 return OPJ_FALSE;
776 } 782 }
777 } 783 }
784
785 /* issue 397 */
786 /* ISO 15444-1 states that if cdef is present, it shall contain a complete list of channel definitions. */
787 while (nr_channels > 0)
788 {
789 for(i = 0; i < n; ++i) {
790 if ((OPJ_UINT32)info[i].cn == (nr_channels - 1U) ) {
791 break;
792 }
793 }
794 if (i == n) {
795 opj_event_msg(p_manager, EVT_ERROR, "Incomplete channel definitions.\n");
796 return OPJ_FALSE;
797 }
798 --nr_channels;
799 }
778 } 800 }
779 801
780 /* testcases 451.pdf.SIGSEGV.f4c.3723, 451.pdf.SIGSEGV.5b5.3723 and 802 /* testcases 451.pdf.SIGSEGV.f4c.3723, 451.pdf.SIGSEGV.5b5.3723 and
781 66ea31acbb0f23a2bbc91f64d69a03f5_signal_sigsegv_13937c0_7030_5725.pdf */ 803 66ea31acbb0f23a2bbc91f64d69a03f5_signal_sigsegv_13937c0_7030_5725.pdf */
782 if (color->jp2_pclr && color->jp2_pclr->cmap) { 804 if (color->jp2_pclr && color->jp2_pclr->cmap) {
783 OPJ_UINT16 nr_channels = color->jp2_pclr->nr_channels; 805 OPJ_UINT16 nr_channels = color->jp2_pclr->nr_channels;
784 opj_jp2_cmap_comp_t *cmap = color->jp2_pclr->cmap; 806 opj_jp2_cmap_comp_t *cmap = color->jp2_pclr->cmap;
785 OPJ_BOOL *pcol_usage, is_sane = OPJ_TRUE; 807 OPJ_BOOL *pcol_usage, is_sane = OPJ_TRUE;
786 808
787 /* verify that all original components match an existing one */ 809 /* verify that all original components match an existing one */
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after
1010 channel_size[i] = (OPJ_BYTE)((l_value & 0x7f) + 1); 1032 channel_size[i] = (OPJ_BYTE)((l_value & 0x7f) + 1);
1011 channel_sign[i] = (l_value & 0x80) ? 1 : 0; 1033 channel_sign[i] = (l_value & 0x80) ? 1 : 0;
1012 } 1034 }
1013 1035
1014 for(j = 0; j < nr_entries; ++j) { 1036 for(j = 0; j < nr_entries; ++j) {
1015 for(i = 0; i < nr_channels; ++i) { 1037 for(i = 0; i < nr_channels; ++i) {
1016 OPJ_UINT32 bytes_to_read = (OPJ_UINT32)((channel_size[i] +7)>>3); 1038 OPJ_UINT32 bytes_to_read = (OPJ_UINT32)((channel_size[i] +7)>>3);
1017 1039
1018 if (bytes_to_read > sizeof(OPJ_UINT32)) 1040 if (bytes_to_read > sizeof(OPJ_UINT32))
1019 bytes_to_read = sizeof(OPJ_UINT32); 1041 bytes_to_read = sizeof(OPJ_UINT32);
1020 » » » if ((ptrdiff_t)p_pclr_header_size < p_pclr_header_data - orig_header_data + (ptrdiff_t)bytes_to_read) 1042 » » » if ((ptrdiff_t)p_pclr_header_size < (ptrdiff_t)(p_pclr_h eader_data - orig_header_data) + (ptrdiff_t)bytes_to_read)
1021 return OPJ_FALSE; 1043 return OPJ_FALSE;
1022 1044
1023 opj_read_bytes(p_pclr_header_data, &l_value , bytes_to_r ead); /* Cji */ 1045 opj_read_bytes(p_pclr_header_data, &l_value , bytes_to_r ead); /* Cji */
1024 p_pclr_header_data += bytes_to_read; 1046 p_pclr_header_data += bytes_to_read;
1025 *entries = (OPJ_UINT32) l_value; 1047 *entries = (OPJ_UINT32) l_value;
1026 entries++; 1048 entries++;
1027 } 1049 }
1028 } 1050 }
1029 1051
1030 return OPJ_TRUE; 1052 return OPJ_TRUE;
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after
1273 { 1295 {
1274 opj_read_bytes(p_colr_header_data,&l_value,1); /* icc values */ 1296 opj_read_bytes(p_colr_header_data,&l_value,1); /* icc values */
1275 ++p_colr_header_data; 1297 ++p_colr_header_data;
1276 jp2->color.icc_profile_buf[it_icc_value] = (OPJ_BYTE) l_ value; 1298 jp2->color.icc_profile_buf[it_icc_value] = (OPJ_BYTE) l_ value;
1277 } 1299 }
1278 1300
1279 jp2->color.jp2_has_colr = 1; 1301 jp2->color.jp2_has_colr = 1;
1280 } 1302 }
1281 else if (jp2->meth > 2) 1303 else if (jp2->meth > 2)
1282 { 1304 {
1283 /*» ISO/IEC 15444-1:2004 (E), Table I.9 Legal METH values: 1305 /*» ISO/IEC 15444-1:2004 (E), Table I.9 Legal METH values:
1284 conforming JP2 reader shall ignore the entire Colour Specification box.* / 1306 conforming JP2 reader shall ignore the entire Colour Specification box.* /
1285 opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular value (%d), " 1307 opj_event_msg(p_manager, EVT_INFO, "COLR BOX meth value is not a regular value (%d), "
1286 "so we will ignore the entire Colour Specification box. \n", jp2->me th); 1308 "so we will ignore the entire Colour Specification box. \n", jp2->me th);
1287 } 1309 }
1288 return OPJ_TRUE; 1310 return OPJ_TRUE;
1289 } 1311 }
1290 1312
1291 OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2, 1313 OPJ_BOOL opj_jp2_decode(opj_jp2_t *jp2,
1292 opj_stream_private_t *p_stream, 1314 opj_stream_private_t *p_stream,
1293 opj_image_t* p_image, 1315 opj_image_t* p_image,
(...skipping 542 matching lines...) Expand 10 before | Expand all | Expand 10 after
1836 opj_free(l_current_data); 1858 opj_free(l_current_data);
1837 return OPJ_FALSE; 1859 return OPJ_FALSE;
1838 } 1860 }
1839 } 1861 }
1840 else if (box.length == 0) { 1862 else if (box.length == 0) {
1841 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o f undefined sizes\n"); 1863 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o f undefined sizes\n");
1842 opj_free(l_current_data); 1864 opj_free(l_current_data);
1843 return OPJ_FALSE; 1865 return OPJ_FALSE;
1844 } 1866 }
1845 /* testcase 1851.pdf.SIGSEGV.ce9.948 */ 1867 /* testcase 1851.pdf.SIGSEGV.ce9.948 */
1846 » » else if»(box.length < l_nb_bytes_read) { 1868 else if (box.length < l_nb_bytes_read) {
1847 opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d (%x)\n", box.length, box.type); 1869 opj_event_msg(p_manager, EVT_ERROR, "invalid box size %d (%x)\n", box.length, box.type);
1848 opj_free(l_current_data); 1870 opj_free(l_current_data);
1849 return OPJ_FALSE; 1871 return OPJ_FALSE;
1850 } 1872 }
1851 1873
1852 l_current_handler = opj_jp2_find_handler(box.type); 1874 l_current_handler = opj_jp2_find_handler(box.type);
1853 l_current_data_size = box.length - l_nb_bytes_read; 1875 l_current_data_size = box.length - l_nb_bytes_read;
1854 1876
1855 if (l_current_handler != 00) { 1877 if (l_current_handler != 00) {
1878 if ((OPJ_OFF_T)l_current_data_size > opj_stream_get_numb er_byte_left(stream)) {
1879 /* do not even try to malloc if we can't read */
1880 opj_event_msg(p_manager, EVT_ERROR, "Invalid box size %d for box '%c%c%c%c'. Need %d bytes, %d bytes remaining \n", box.length, (OPJ_BYTE)(box.type>>24), (OPJ_BYTE)(box.type>>16), (OPJ_BYTE)(box.type>>8), (OP J_BYTE)(box.type>>0), l_current_data_size, (OPJ_UINT32)opj_stream_get_number_byt e_left(stream));
1881 opj_free(l_current_data);
1882 return OPJ_FALSE;
1883 }
1856 if (l_current_data_size > l_last_data_size) { 1884 if (l_current_data_size > l_last_data_size) {
1857 OPJ_BYTE* new_current_data = (OPJ_BYTE*)opj_real loc(l_current_data,l_current_data_size); 1885 OPJ_BYTE* new_current_data = (OPJ_BYTE*)opj_real loc(l_current_data,l_current_data_size);
1858 if (!new_current_data) { 1886 if (!new_current_data) {
1859 opj_free(l_current_data); 1887 opj_free(l_current_data);
1860 opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to ha ndle jpeg2000 box\n"); 1888 opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to ha ndle jpeg2000 box\n");
1861 return OPJ_FALSE; 1889 return OPJ_FALSE;
1862 } 1890 }
1863 l_current_data = new_current_data; 1891 l_current_data = new_current_data;
1864 l_last_data_size = l_current_data_size; 1892 l_last_data_size = l_current_data_size;
1865 } 1893 }
(...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after
2157 */ 2185 */
2158 static OPJ_BOOL opj_jp2_read_jp2h( opj_jp2_t *jp2, 2186 static OPJ_BOOL opj_jp2_read_jp2h( opj_jp2_t *jp2,
2159 OPJ_BYTE *p_header_data, 2187 OPJ_BYTE *p_header_data,
2160 OPJ_UINT32 p_header_size, 2188 OPJ_UINT32 p_header_size,
2161 opj_event_mgr_t * p_manager 2189 opj_event_mgr_t * p_manager
2162 ) 2190 )
2163 { 2191 {
2164 OPJ_UINT32 l_box_size=0, l_current_data_size = 0; 2192 OPJ_UINT32 l_box_size=0, l_current_data_size = 0;
2165 opj_jp2_box_t box; 2193 opj_jp2_box_t box;
2166 const opj_jp2_header_handler_t * l_current_handler; 2194 const opj_jp2_header_handler_t * l_current_handler;
2195 OPJ_BOOL l_has_ihdr = 0;
2167 2196
2168 /* preconditions */ 2197 /* preconditions */
2169 assert(p_header_data != 00); 2198 assert(p_header_data != 00);
2170 assert(jp2 != 00); 2199 assert(jp2 != 00);
2171 assert(p_manager != 00); 2200 assert(p_manager != 00);
2172 2201
2173 /* make sure the box is well placed */ 2202 /* make sure the box is well placed */
2174 if ((jp2->jp2_state & JP2_STATE_FILE_TYPE) != JP2_STATE_FILE_TYPE ) { 2203 if ((jp2->jp2_state & JP2_STATE_FILE_TYPE) != JP2_STATE_FILE_TYPE ) {
2175 opj_event_msg(p_manager, EVT_ERROR, "The box must be the first box in the file.\n"); 2204 opj_event_msg(p_manager, EVT_ERROR, "The box must be the first box in the file.\n");
2176 return OPJ_FALSE; 2205 return OPJ_FALSE;
(...skipping 20 matching lines...) Expand all
2197 2226
2198 if (l_current_handler != 00) { 2227 if (l_current_handler != 00) {
2199 if (! l_current_handler->handler(jp2,p_header_data,l_cur rent_data_size,p_manager)) { 2228 if (! l_current_handler->handler(jp2,p_header_data,l_cur rent_data_size,p_manager)) {
2200 return OPJ_FALSE; 2229 return OPJ_FALSE;
2201 } 2230 }
2202 } 2231 }
2203 else { 2232 else {
2204 jp2->jp2_img_state |= JP2_IMG_STATE_UNKNOWN; 2233 jp2->jp2_img_state |= JP2_IMG_STATE_UNKNOWN;
2205 } 2234 }
2206 2235
2236 if (box.type == JP2_IHDR) {
2237 l_has_ihdr = 1;
2238 }
2239
2207 p_header_data += l_current_data_size; 2240 p_header_data += l_current_data_size;
2208 p_header_size -= box.length; 2241 p_header_size -= box.length;
2209 } 2242 }
2210 2243
2244 if (l_has_ihdr == 0) {
2245 opj_event_msg(p_manager, EVT_ERROR, "Stream error while reading JP2 Header box: no 'ihdr' box.\n");
2246 return OPJ_FALSE;
2247 }
2248
2211 jp2->jp2_state |= JP2_STATE_HEADER; 2249 jp2->jp2_state |= JP2_STATE_HEADER;
2212 2250
2213 return OPJ_TRUE; 2251 return OPJ_TRUE;
2214 } 2252 }
2215 2253
2216 OPJ_BOOL opj_jp2_read_boxhdr_char( opj_jp2_box_t *box, 2254 OPJ_BOOL opj_jp2_read_boxhdr_char( opj_jp2_box_t *box,
2217 OPJ_BYTE * p_data, 2255 OPJ_BYTE * p_data,
2218 OPJ_UINT32 * p_number_bytes_read, 2256 OPJ_UINT32 * p_number_bytes_read,
2219 OPJ_UINT32 p_box_max_size, 2257 OPJ_UINT32 p_box_max_size,
2220 opj_event_mgr_t * p_manager 2258 opj_event_mgr_t * p_manager
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
2269 2307
2270 if (box->length == 0) { 2308 if (box->length == 0) {
2271 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o f undefined sizes\n"); 2309 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box o f undefined sizes\n");
2272 return OPJ_FALSE; 2310 return OPJ_FALSE;
2273 } 2311 }
2274 } 2312 }
2275 else if (box->length == 0) { 2313 else if (box->length == 0) {
2276 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box of undefi ned sizes\n"); 2314 opj_event_msg(p_manager, EVT_ERROR, "Cannot handle box of undefi ned sizes\n");
2277 return OPJ_FALSE; 2315 return OPJ_FALSE;
2278 } 2316 }
2279 2317 » if (box->length < *p_number_bytes_read) {
2318 » » opj_event_msg(p_manager, EVT_ERROR, "Box length is inconsistent. \n");
2319 » » return OPJ_FALSE;
2320 » }
2280 return OPJ_TRUE; 2321 return OPJ_TRUE;
2281 } 2322 }
2282 2323
2283 OPJ_BOOL opj_jp2_read_header( opj_stream_private_t *p_stream, 2324 OPJ_BOOL opj_jp2_read_header( opj_stream_private_t *p_stream,
2284 opj_jp2_t *jp2, 2325 opj_jp2_t *jp2,
2285 opj_image_t ** p_image, 2326 opj_image_t ** p_image,
2286 opj_event_mgr_t * p_manager 2327 opj_event_mgr_t * p_manager
2287 ) 2328 )
2288 { 2329 {
2289 /* preconditions */ 2330 /* preconditions */
(...skipping 489 matching lines...) Expand 10 before | Expand all | Expand 10 after
2779 len = opj_stream_tell(cio)-lenp; 2820 len = opj_stream_tell(cio)-lenp;
2780 opj_stream_skip(cio, lenp, p_manager); 2821 opj_stream_skip(cio, lenp, p_manager);
2781 opj_write_bytes(l_data_header,len,4);/* L */ 2822 opj_write_bytes(l_data_header,len,4);/* L */
2782 opj_stream_write_data(cio,l_data_header,4,p_manager); 2823 opj_stream_write_data(cio,l_data_header,4,p_manager);
2783 opj_stream_seek(cio, lenp+len,p_manager); 2824 opj_stream_seek(cio, lenp+len,p_manager);
2784 2825
2785 return len; 2826 return len;
2786 } 2827 }
2787 #endif 2828 #endif
2788 #endif /* USE_JPIP */ 2829 #endif /* USE_JPIP */
OLDNEW
« no previous file with comments | « core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/j2k.c ('k') | core/src/fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698