]>
granicus.if.org Git - openjpeg/log
Even Rouault [Sun, 30 Jul 2017 16:43:25 +0000 (18:43 +0200)]
Avoid heap buffer overflow in function pnmtoimage of convert.c, and unsigned integer overflow in opj_image_create() (CVE-2016-9118, #861)
Even Rouault [Sun, 30 Jul 2017 16:18:59 +0000 (18:18 +0200)]
Fix Doxygen warnings (patch derived from Winfried's doxygen-dif.txt.zip, #849)
Even Rouault [Sun, 30 Jul 2017 15:26:03 +0000 (17:26 +0200)]
j2k.c: remove hardcoded constants related to m_state, and useless FIXME
Even Rouault [Sun, 30 Jul 2017 14:48:15 +0000 (16:48 +0200)]
Avoid p_stream->m_user_data_length >= (OPJ_UINT64)p_stream->m_byte_offset assertion in opj_stream_get_number_byte_left(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2786. Credit to OSS Fuzz
Even Rouault [Sun, 30 Jul 2017 13:35:47 +0000 (15:35 +0200)]
opj_j2k_set_decode_area: replace assertions by runtime checks. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2795. Credit to OSS Fuzz
Even Rouault [Sun, 30 Jul 2017 13:22:24 +0000 (15:22 +0200)]
opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2799. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 19:11:23 +0000 (21:11 +0200)]
src/bin/jpwl/convert.c: fix memleak (fix suggested by maddin200, #631)
Even Rouault [Sat, 29 Jul 2017 17:43:23 +0000 (19:43 +0200)]
Fix warnings in pi.c raised by VS11 analyze (#190)
Even Rouault [Sat, 29 Jul 2017 17:13:49 +0000 (19:13 +0200)]
Fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of Tencent's Xuanwu LAB (#835)
Even Rouault [Sat, 29 Jul 2017 17:03:13 +0000 (19:03 +0200)]
opj_pi_update_decode_poc(): limit layno1 to the number of layers (CVE-2016-1626 and CVE-2016-1628, #850)
This has been recently fixed in a less elegant way per
80818c39f5bfbac37768fcee95b0ffeceaa77264
Even Rouault [Sat, 29 Jul 2017 16:38:16 +0000 (18:38 +0200)]
opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow (#854, CVE-2016-5152)
Fix derived from https://pdfium.googlesource.com/pdfium.git/+/
d8cc503575463ff3d81b22dad292665f2c88911e /third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
Even Rouault [Sat, 29 Jul 2017 15:56:12 +0000 (17:56 +0200)]
color_cielab_to_rgb(): reject images with components of different dimensions to void read heap buffer overflow (#909)
Even Rouault [Sat, 29 Jul 2017 15:51:10 +0000 (17:51 +0200)]
Even Rouault [Sat, 29 Jul 2017 15:28:55 +0000 (17:28 +0200)]
imagetopnm(): make sure the alpha component has same dimension as other components to avoid read heap buffer overflow (#970)
Even Rouault [Sat, 29 Jul 2017 14:34:35 +0000 (16:34 +0200)]
opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 14:29:11 +0000 (16:29 +0200)]
opj_t1_clbl_decode_processor(): avoid undefined behaviour if roishift >= 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2506. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 14:22:36 +0000 (16:22 +0200)]
Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz
Even Rouault [Sat, 29 Jul 2017 13:52:11 +0000 (15:52 +0200)]
opj_pi_next_pcrl(): avoid undefined shift behaviour. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2787. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 20:15:47 +0000 (22:15 +0200)]
opj_int_ceildiv(): fix int32 overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2494. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 20:06:26 +0000 (22:06 +0200)]
opj_tcd_dc_level_shift_decode(): avoid int overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2516. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 19:55:22 +0000 (21:55 +0200)]
Fix null pointer dereference in opj_jp2_apply_pclr(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2558. Credit to OSS Fuzz
Even Rouault [Fri, 28 Jul 2017 19:39:30 +0000 (21:39 +0200)]
Fix null pointer dereference in opj_j2k_add_mct() (#895)
Fixes openjeg-crashes-2017-07-27/issue879-poc1.j2k of #895
Even Rouault [Fri, 28 Jul 2017 19:29:55 +0000 (21:29 +0200)]
Avoid use-after-free when a MCT marker is found after a MCC one (#895)
Fixes openjeg-crashes-2017-07-27/issue880-poc2.j2k of #895
Even Rouault [Thu, 27 Jul 2017 20:29:17 +0000 (22:29 +0200)]
Avoid undefined shift behaviour if bit depth == 32 (#895)
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:003798,op:ext_AO,pos:128.jp2
Even Rouault [Thu, 27 Jul 2017 17:34:54 +0000 (19:34 +0200)]
opj_j2k_update_image_data / opj_tcd_update_tile_data: fix unaligned load/store (#895)
When components don't have the same width, unaligned load/store are possible.
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:001342,op:flip4,pos:162.jp2 of #895
Even Rouault [Thu, 27 Jul 2017 17:22:14 +0000 (19:22 +0200)]
opj_pi_next_rpcl / opj_pi_next_pcrl / opj_pi_next_cprl: avoid int overflow (#895)
Fixes int overflow on openjeg-crashes-2017-07-27/id:000000,sig:08,src:000879,op:flip2,pos:128.jp2
Even Rouault [Thu, 27 Jul 2017 16:51:51 +0000 (18:51 +0200)]
opj_jp2_check_color(): replace assertion regarding mtyp by runtime check (#672, #895)
Fixes test case openjeg-crashes-2017-07-27/id:000000,sig:06,src:000001,op:flip1,pos:808.jp2
of #895
Even Rouault [Wed, 26 Jul 2017 21:25:38 +0000 (23:25 +0200)]
Avoids undefined shift behaviour in m_dc_level_shift computation
Fixes warning found on clusterfuzz-testcase-minimized-
5146316340461568
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2495
Credit to OSS Fuzz
Even Rouault [Wed, 26 Jul 2017 20:53:59 +0000 (22:53 +0200)]
Fix various undefined shift behaviour in pi.c
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2496
Credit to OSS Fuzz
Even Rouault [Wed, 26 Jul 2017 20:22:44 +0000 (22:22 +0200)]
Avoid potential undefined shift behaviour in opj_bio_read() from opj_t2_read_packet_header()
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2485
Credit to OSS Fuzz
Even Rouault [Wed, 26 Jul 2017 20:05:32 +0000 (22:05 +0200)]
Merge pull request #800 from rouault/tier1_optimizations_multithreading_pterm_check
Implement predictive termination check
Even Rouault [Wed, 26 Jul 2017 19:39:50 +0000 (21:39 +0200)]
T1 decoder: check code stream errors when predictable termination is enabled and emit a warning when errors are found
Even Rouault [Wed, 26 Jul 2017 19:06:38 +0000 (21:06 +0200)]
Spelling fixes (patch by ka7, #890, rebased on top of master)
Even Rouault [Wed, 26 Jul 2017 19:04:01 +0000 (21:04 +0200)]
Reformat src/bin/wx/OPJViewer/source/OPJThreads.cpp src/bin/wx/OPJViewer/source/imagjpeg2000.cpp wrapping/java/openjp2/JavaOpenJPEG.c
Even Rouault [Wed, 26 Jul 2017 18:13:09 +0000 (20:13 +0200)]
opj_decompress: fix null pointer dereference on comps[].data on id_000167,sig_11,src_006079,op_havoc,rep_4 (#939)
Even Rouault [Wed, 26 Jul 2017 17:49:38 +0000 (19:49 +0200)]
Fix assertion / memory leak in opj_j2k_merge_ppt() on corrupted images (#939)
Fixes issue on id:000020,sig:06,src:001958,op:flip4,pos:149 that has two
SOT markers for the same tile with the same tile part number, causing
opj_j2k_merge_ppt() to be called several times.
Even Rouault [Wed, 26 Jul 2017 16:05:56 +0000 (18:05 +0200)]
Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl, opj_pi_next_cprl (#938)
Fixes crash on id_000004,sig_06,src_000679,op_arith8,pos_49,val_-17
Even Rouault [Wed, 26 Jul 2017 10:24:26 +0000 (12:24 +0200)]
Avoid index out of bounds access to pi->include[] (#938)
Fix id:000098,sig:11,src:005411,op:havoc,rep:2 test case
Even Rouault [Wed, 26 Jul 2017 09:30:56 +0000 (11:30 +0200)]
Avoid division by zero in opj_pi_next_rpcl, opj_pi_next_pcrl and opj_pi_next_cprl (#938)
Fixes issues with id:000026,sig:08,src:002419,op:int32,pos:60,val:+32 and
id:000019,sig:08,src:001098,op:flip1,pos:49
Even Rouault [Thu, 13 Jul 2017 11:33:21 +0000 (13:33 +0200)]
Merge pull request #969 from jeroen/staticlibs
install static libraries
Jeroen [Thu, 13 Jul 2017 09:34:15 +0000 (11:34 +0200)]
install static libraries
Even Rouault [Thu, 6 Jul 2017 10:11:37 +0000 (12:11 +0200)]
Comment fix
Even Rouault [Wed, 5 Jul 2017 19:33:42 +0000 (21:33 +0200)]
Remove unused m_DA_x0, m_DA_y0, m_DA_x1, m_DA_y1 members from opj_j2k_dec structure
Even Rouault [Mon, 3 Jul 2017 12:14:03 +0000 (14:14 +0200)]
Add tests/fuzzers for OSS Fuzz (#965)
Even Rouault [Mon, 3 Jul 2017 12:33:57 +0000 (14:33 +0200)]
opj_j2k_read_header_procedure(): validate marker size to avoid excessive memory allocation attempt
Even Rouault [Mon, 3 Jul 2017 10:03:29 +0000 (12:03 +0200)]
Merge pull request #954 from jeroen/static
build both shared and static library
Even Rouault [Sat, 1 Jul 2017 11:51:52 +0000 (13:51 +0200)]
Merge pull request #964 from rouault/remove_useless_knownfailures
Remove useless knownfailures (since LAZY encoding is fixed)
Even Rouault [Sat, 1 Jul 2017 10:54:39 +0000 (12:54 +0200)]
Merge pull request #963 from rouault/travis_avx2
Enable AVX2 at runtime on Travis-CI and AppVeyor
Even Rouault [Sat, 1 Jul 2017 02:15:36 +0000 (04:15 +0200)]
Add tools/travis-ci/knownfailures-Ubuntu14.04-clang3.8.0-x86_64-Release-3rdP.txt (copied from knownfailures-Ubuntu12.04-clang3.9.0-x86_64-Release-3rdP.txt)
Even Rouault [Sat, 1 Jul 2017 00:53:55 +0000 (02:53 +0200)]
appveyor.yml: add a /arch:AVX2 config on Windows
Try running the tests if the CPU supports AVX2.
Even Rouault [Sat, 1 Jul 2017 02:24:46 +0000 (04:24 +0200)]
Remove useless knownfailures (since LAZY encoding is fixed)
Even Rouault [Fri, 30 Jun 2017 23:46:55 +0000 (01:46 +0200)]
.travis.yml: try to run tests in -mavx2 mode if the CPU supports it
And modify settings so as to hae a AVX2 compatible CPU
Even Rouault [Thu, 29 Jun 2017 22:03:05 +0000 (00:03 +0200)]
IDWT 5x3: fix bug in AVX2 implementation (#953, #957)
Even Rouault [Mon, 26 Jun 2017 11:13:26 +0000 (13:13 +0200)]
INSTALL.md: add section discussing how to enable CPU specific optimizations
Even Rouault [Mon, 26 Jun 2017 10:45:34 +0000 (12:45 +0200)]
Merge pull request #957 from rouault/idwt_53_improvements
IDWT 5x3 single-pass lifting and SSE2/AVX2 implementation
Even Rouault [Wed, 21 Jun 2017 11:20:35 +0000 (13:20 +0200)]
Style fix
Even Rouault [Wed, 21 Jun 2017 10:54:40 +0000 (12:54 +0200)]
Fix mingw related warnings
Even Rouault [Wed, 21 Jun 2017 10:49:01 +0000 (12:49 +0200)]
Fix clang warning about extraneous parentheses
Even Rouault [Wed, 21 Jun 2017 10:28:51 +0000 (12:28 +0200)]
.travis.yml: add a configuration to test compilation of AVX2 (but disable tests since Travis doesn't have AVX2 compatible machines)
Even Rouault [Wed, 21 Jun 2017 10:12:58 +0000 (12:12 +0200)]
IDWT 5x3: generalize SSE2 version for AVX2
Thanks to our macros that abstract SSE use, the functions can use
AVX2 when available (at compile time)
This brings an extra 23% speed improvement on bench_dwt in 64bit builds
with AVX2 compared to SSE2.
Even Rouault [Tue, 20 Jun 2017 23:07:56 +0000 (01:07 +0200)]
dwt.c: small cleanup
Even Rouault [Tue, 20 Jun 2017 16:24:21 +0000 (18:24 +0200)]
Enable __SSE__ / __SSE2__ with Visual Studio
Even Rouault [Tue, 20 Jun 2017 15:56:25 +0000 (17:56 +0200)]
Improve performance of inverse DWT 5x3 (#953)
* Use single-pass lifting inverse wavelet transform.
* For vertical pass, use SSE2 when available so as to process 8 columns
in parallel. This is the most beneficial improvement, since the
vertical pass involves a lot of cache trashing.
With the bench_dwt utility with default arguments (16383x16383 image),
time goes from 4.064 s to 1.212 s.
Even Rouault [Tue, 20 Jun 2017 15:56:19 +0000 (17:56 +0200)]
Add bench_dwt program (compiled only if BUILD_BENCH_DWT=ON)
Even Rouault [Sat, 17 Jun 2017 22:49:20 +0000 (00:49 +0200)]
Merge pull request #955 from rouault/remove_opj_nosanitize
Remove OPJ_NOSANITIZE in opj_bio_read() and opj_bio_write() (#761)
Even Rouault [Sat, 17 Jun 2017 17:15:00 +0000 (19:15 +0200)]
Remove OPJ_NOSANITIZE in opj_bio_read() and opj_bio_write() (#761)
Commit
29313eb5 introduced those flags to avoid issues with
-fsanitize=unsigned-integer-overflow
However it is better just to rewrite the loop to avoid such condition
to occur.
Even Rouault [Sat, 17 Jun 2017 14:37:56 +0000 (16:37 +0200)]
Fix astyle issue
Even Rouault [Sat, 17 Jun 2017 12:10:15 +0000 (14:10 +0200)]
Fix warning about unused arguments
Even Rouault [Sat, 17 Jun 2017 12:09:31 +0000 (14:09 +0200)]
Fix warnings with recent GCC versions
Jeroen Ooms [Fri, 16 Jun 2017 11:58:25 +0000 (13:58 +0200)]
only build both static and dynamic on non-windows
Jeroen Ooms [Fri, 16 Jun 2017 11:27:19 +0000 (13:27 +0200)]
build both shared and static library
Antonin Descampe [Wed, 14 Jun 2017 15:23:06 +0000 (17:23 +0200)]
Merge pull request #928 from RussellMcOrmond/master
Quiet mode for opj_decompress via -quiet long parameter.
Even Rouault [Tue, 13 Jun 2017 10:09:52 +0000 (12:09 +0200)]
Merge branch 't1_flag_optimizations'
Even Rouault [Mon, 12 Jun 2017 16:15:23 +0000 (17:15 +0100)]
Packet header writing: set empty packet header bit to 0 when appropriate (small optimization)
Even Rouault [Mon, 12 Jun 2017 10:23:55 +0000 (11:23 +0100)]
Encoder: fix packet writing of empty sub-bands (#891, #892)
There are situations where, given a tile size, at a resolution level,
there are sub-bands with x0==x1 or y0==y1, that consequently don't have any
valid codeblocks, but the other sub-bands may be non-empty.
Given that we recycle the memory from one tile to another one, those
ghost codeblocks might be non-0 and thus candidate for packet inclusion.
Even Rouault [Fri, 9 Jun 2017 08:47:13 +0000 (10:47 +0200)]
T1: fix BYPASS/LAZY, TERMALL/RESTART and PTERM/ERTERM encoding modes. (#674)
There were a number of defects regarding when and how the termination of
passes had to done and the computation of their rate.
Even Rouault [Fri, 2 Jun 2017 17:22:15 +0000 (19:22 +0200)]
opj_t1_dec_sigpass_raw/opj_t1_dec_refpass_raw: harmonize style with mqc methods
Even Rouault [Fri, 2 Jun 2017 14:49:26 +0000 (16:49 +0200)]
MQC/RAW decoder: use an artificial 0xFF 0xFF terminating marker.
This saves comparing the current pointer with the end of buffer pointer.
This results at least in tiny speed improvement for raw decoding, and
smaller code size for MQC as well.
This kills the remains of the raw.h/.c files that were only used for
decoding. Encoding using the mqc structure already.
Even Rouault [Fri, 2 Jun 2017 12:32:12 +0000 (14:32 +0200)]
Fix documentation of opj_t1_decode_cblks()
Even Rouault [Fri, 2 Jun 2017 12:25:57 +0000 (14:25 +0200)]
Simplify VSC handling: instead of masking out bits when reading the 4th row.
Do not set them when updating flags of the 1st row
Even Rouault [Fri, 2 Jun 2017 09:52:16 +0000 (11:52 +0200)]
Force inlining of mqc decoding and pass steps through heavy use of macros, so as to get better register allocation
Even Rouault [Fri, 2 Jun 2017 07:36:25 +0000 (09:36 +0200)]
t1_generate_luts.c: fix compiler warnings
Even Rouault [Thu, 1 Jun 2017 17:42:03 +0000 (19:42 +0200)]
Optimize opj_t1_update_flags()
Even Rouault [Thu, 1 Jun 2017 15:02:50 +0000 (17:02 +0200)]
T1: remove use of neghalf variable. It is useless since bpno is always > 0
Even Rouault [Thu, 1 Jun 2017 09:15:25 +0000 (11:15 +0200)]
T1: avoid pointer indirection for mqc and raw members of opj_t1_t
Even Rouault [Thu, 1 Jun 2017 08:23:30 +0000 (10:23 +0200)]
T1: remove flags_stride variable from opj_t1_t
Even Rouault [Wed, 31 May 2017 17:45:03 +0000 (19:45 +0200)]
Inline opj_raw_decode()
Even Rouault [Wed, 31 May 2017 15:15:27 +0000 (17:15 +0200)]
T1: loop unrolling in dec_sigpass_raw and dec_refpass_raw
Even Rouault [Wed, 31 May 2017 12:35:56 +0000 (14:35 +0200)]
T1: Transpose coder optimizations to decoder, and cleanup code
Even Rouault [Tue, 23 May 2017 12:55:45 +0000 (14:55 +0200)]
Fix compiler warnings
Even Rouault [Tue, 23 May 2017 11:02:24 +0000 (13:02 +0200)]
Factor index computation for lut_enc_ctxno_sc and lut_enc_spb
Even Rouault [Mon, 22 May 2017 22:40:30 +0000 (00:40 +0200)]
Optimize a bit opj_t1_enc_clnpass()
Even Rouault [Mon, 22 May 2017 21:30:30 +0000 (23:30 +0200)]
T1: remove unused code in decoder
Even Rouault [Mon, 22 May 2017 16:42:46 +0000 (18:42 +0200)]
T1: fix VSC mode in encoder
Even Rouault [Sat, 20 May 2017 12:05:07 +0000 (14:05 +0200)]
T1: use more compact flags to optimize cache usage in encoder passes. (#172)
Ported from Carl Hetherington work (actually through Matthieu Darbois's port
on top of OpenJPEG 2.1.0)
Can reduce total encoding time by 10-15%
WARNING: VSC mode is not implemented, and so is a temporary regression
that must be fixed.
Even Rouault [Tue, 23 May 2017 14:15:55 +0000 (16:15 +0200)]
Merge pull request #936 from rouault/master_warnings
CMake: add stronger warnings for openjp2 lib/bin by default, and error out on declaration-after-statement
Even Rouault [Tue, 23 May 2017 13:12:19 +0000 (15:12 +0200)]
CMake: add stronger warnings for openjp2 lib/bin by default, and error out on declaration-after-statement
And remove occurences of unused arguments in src/lib/openjp2
Even Rouault [Tue, 23 May 2017 12:49:38 +0000 (14:49 +0200)]
Merge pull request #935 from rouault/add_compress_vsc_test
Tests: test opj_compress in VSC mode (related to #172)
Even Rouault [Tue, 23 May 2017 11:46:04 +0000 (13:46 +0200)]
Tests: test opj_compress in VSC mode (related to #172)
Even Rouault [Tue, 23 May 2017 11:54:28 +0000 (13:54 +0200)]
t1.c: fix compiler warnings