From 57e36dbfeb57451444c5c20eab66ab0bedd3d3b3 Mon Sep 17 00:00:00 2001 From: szukw000 Date: Wed, 2 Aug 2017 17:27:08 +0200 Subject: [PATCH] First change on changes-for-afl-tests --- src/bin/jp2/converttif.c | 21 ++++++- src/bin/jp2/opj_dump.c | 2 +- src/lib/openjp2/j2k.c | 124 ++----------------------------------- src/lib/openjp2/j2k.h | 10 +-- src/lib/openjp2/jp2.c | 12 ++-- src/lib/openjp2/jp2.h | 4 +- src/lib/openjp2/openjpeg.h | 2 +- 7 files changed, 39 insertions(+), 136 deletions(-) diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c index e35bed75..a8e76b66 100644 --- a/src/bin/jp2/converttif.c +++ b/src/bin/jp2/converttif.c @@ -42,6 +42,7 @@ #include #include #include +#include #ifndef OPJ_HAVE_LIBTIFF # error OPJ_HAVE_LIBTIFF_NOT_DEFINED @@ -697,6 +698,12 @@ int imagetotif(opj_image_t * image, const char *outfile) TIFFSetField(tif, TIFFTAG_PHOTOMETRIC, tiPhoto); TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); + if (width > UINT_MAX/numcomps || width * bps > UINT_MAX/numcomps || width * numcomps > UINT_MAX/sizeof(OPJ_INT32)) { + fprintf(stderr, "Buffer overflow\n"); + TIFFClose(tif); + return 1; + } + strip_size = TIFFStripSize(tif); rowStride = (width * numcomps * bps + 7U) / 8U; if (rowStride != strip_size) { @@ -709,8 +716,9 @@ int imagetotif(opj_image_t * image, const char *outfile) TIFFClose(tif); return 1; } - buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof( - OPJ_INT32))); + + buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); + if (buffer32s == NULL) { _TIFFfree(buf); TIFFClose(tif); @@ -1246,7 +1254,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) OPJ_INT32* buffer32s = NULL; OPJ_INT32* planes[4]; tmsize_t rowStride; - + tif = TIFFOpen(filename, "r"); if (!tif) { @@ -1445,6 +1453,13 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) opj_image_destroy(image); return NULL; } + if (tiWidth > UINT_MAX/tiSpp || tiWidth * tiSpp > UINT_MAX/tiBps || tiWidth * tiSpp > UINT_MAX/sizeof(OPJ_INT32)) { + fprintf(stderr, "Buffer overflow\n"); + _TIFFfree(buf); + TIFFClose(tif); + opj_image_destroy(image); + return NULL; + } rowStride = (tmsize_t)((tiWidth * tiSpp * tiBps + 7U) / 8U); buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(tiWidth * tiSpp * sizeof( OPJ_INT32))); diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c index 65460596..6e15fee4 100644 --- a/src/bin/jp2/opj_dump.c +++ b/src/bin/jp2/opj_dump.c @@ -577,7 +577,7 @@ int main(int argc, char *argv[]) opj_set_warning_handler(l_codec, warning_callback, 00); opj_set_error_handler(l_codec, error_callback, 00); - parameters.dump_state = 1; /* AFL test */ + parameters.flags |= OPJ_DPARAMETERS_DUMP_FLAG; /* Setup the decoder decoding parameters using user parameters */ if (!opj_setup_decoder(l_codec, ¶meters)) { diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index 7e3c518a..8daf9be8 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, return OPJ_FALSE; } if (!p_j2k->dump_state) { - OPJ_UINT32 siz_w, siz_h; /* AFL test */ + OPJ_UINT32 siz_w, siz_h; siz_w = l_image->x1 - l_image->x0; siz_h = l_image->y1 - l_image->y0; @@ -2236,11 +2236,11 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, l_img_comp->sgnd = tmp >> 7; if (p_j2k->dump_state == 0) { - if (i == 0) { /* AFL test */ + if (i == 0) { l_prec0 = l_img_comp->prec; l_sgnd0 = l_img_comp->sgnd; } else if (l_cp->bpc_is_255 == 0 - && (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {/* AFL test */ + && (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) { opj_event_msg(p_manager, EVT_ERROR, "Invalid precision and/or sgnd values for comp[%d]:\n" " [0] prec(%d) sgnd(%d) [%d] prec(%d) sgnd(%d)\n", i, l_prec0, l_sgnd0, @@ -2305,120 +2305,8 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, l_cp->m_specific_param.m_dec.m_reduce; /* reducing factor per component */ ++l_img_comp; } - if (!p_j2k->dump_state) { - switch (p_j2k->enumcs) { /* AFL tests */ - int ok, sycc; - - case 12: /* CMYK */ - if (l_image->numcomps == 4 /* cnf. color.c, line 879 */ - && l_image->comps[0].dx == l_image->comps[1].dx - && l_image->comps[0].dx == l_image->comps[2].dx - && l_image->comps[0].dx == l_image->comps[3].dx - && l_image->comps[0].dy == l_image->comps[1].dy - && l_image->comps[0].dy == l_image->comps[2].dy - && l_image->comps[0].dy == l_image->comps[3].dy) { - break; - } - opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 12(i.e. CMYK)\n"); - return OPJ_FALSE; - - case 16: /* sRGB */ - if (l_image->numcomps < 3) { - break; /* GRAY, GRAYA */ - } - - if (l_image->numcomps == 3 /* RGB */ - && l_image->comps[0].dx == l_image->comps[1].dx - && l_image->comps[0].dx == l_image->comps[2].dx - && l_image->comps[0].dy == l_image->comps[1].dy - && l_image->comps[0].dy == l_image->comps[2].dy - && l_image->comps[0].prec == l_image->comps[1].prec - && l_image->comps[0].prec == l_image->comps[2].prec - && l_image->comps[0].sgnd == l_image->comps[1].sgnd - && l_image->comps[0].sgnd == l_image->comps[2].sgnd) { - break; - } - if (l_image->numcomps == 4 /* RGBA */ - && l_image->comps[0].dx == l_image->comps[3].dx - && l_image->comps[0].dy == l_image->comps[3].dy - && l_image->comps[0].prec == l_image->comps[3].prec - && l_image->comps[0].sgnd == l_image->comps[3].sgnd) { - break; - } - opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 16(i.e. sRGB)\n"); - return OPJ_FALSE; - - case 18: /* sYCC */ - sycc = 0; - ok = (l_image->numcomps > 2); /* cnf. color.c, line 319 */ - - if (ok) { - sycc = /* sycc420 */ - ((l_image->comps[0].dx == 1) - && (l_image->comps[1].dx == 2) - && (l_image->comps[2].dx == 2) - && (l_image->comps[0].dy == 1) - && (l_image->comps[1].dy == 2) - && (l_image->comps[2].dy == 2)) - || /* sycc422 */ - ((l_image->comps[0].dx == 1) - && (l_image->comps[1].dx == 2) - && (l_image->comps[2].dx == 2) - && (l_image->comps[0].dy == 1) - && (l_image->comps[1].dy == 1) - && (l_image->comps[2].dy == 1)) - || /* sycc444 */ - ((l_image->comps[0].dx == 1) - && (l_image->comps[1].dx == 1) - && (l_image->comps[2].dx == 1) - && (l_image->comps[0].dy == 1) - && (l_image->comps[1].dy == 1) - && (l_image->comps[2].dy == 1)); - } - if (ok && sycc) { - break; - } - - opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 18(i.e. sYCC)\n"); - return OPJ_FALSE; - - case 24: /* e-sYCC */ - if (l_image->numcomps > 2 /* cnf. color.c, line 938 */ - && l_image->comps[0].dx == l_image->comps[1].dx - && l_image->comps[0].dx == l_image->comps[2].dx - && l_image->comps[0].dy == l_image->comps[1].dy - && l_image->comps[0].dy == l_image->comps[2].dy) { - break; - } - - opj_event_msg(p_manager, EVT_ERROR, - "wrong values for enumcs 24(i.e. e-sYCC)\n"); - return OPJ_FALSE; - - case 14: /* CIELAB */ - if (l_image->numcomps != 3) { - opj_event_msg(p_manager, EVT_ERROR, - "wrong values for enumcs 14(i.e. CIElab)\n"); - return OPJ_FALSE; - } - break; - - case 17: /* GRAY */ - if (l_image->comps[0].dx == 1 - && l_image->comps[0].dy == 1) { - break; - } - opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs %u\n", - p_j2k->enumcs); - return OPJ_FALSE; - - default: - break; - - }/* switch() */ - } /* p_j2k->dump */ - if (l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */ + if (l_cp->tdx == 0 || l_cp->tdy == 0) { return OPJ_FALSE; } @@ -6460,7 +6348,7 @@ void opj_j2k_setup_decoder(opj_j2k_t *j2k, opj_dparameters_t *parameters) j2k->m_cp.m_specific_param.m_dec.m_layer = parameters->cp_layer; j2k->m_cp.m_specific_param.m_dec.m_reduce = parameters->cp_reduce; - j2k->dump_state = parameters->dump_state; + j2k->dump_state = (parameters->flags & OPJ_DPARAMETERS_DUMP_FLAG); #ifdef USE_JPWL j2k->m_cp.correct = parameters->jpwl_correct; j2k->m_cp.exp_comps = parameters->jpwl_exp_comps; @@ -8851,7 +8739,7 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k, opj_event_msg(p_manager, EVT_ERROR, "Failed to decode.\n"); return OPJ_FALSE; } - p_j2k->m_tcd->enumcs = p_j2k->enumcs; /* AFL test */ + p_j2k->m_tcd->enumcs = p_j2k->enumcs; if (! opj_tcd_update_tile_data(p_j2k->m_tcd, p_data, p_data_size)) { return OPJ_FALSE; diff --git a/src/lib/openjp2/j2k.h b/src/lib/openjp2/j2k.h index 6b08b1c0..eeef6a9e 100644 --- a/src/lib/openjp2/j2k.h +++ b/src/lib/openjp2/j2k.h @@ -446,7 +446,7 @@ typedef struct opj_cp { OPJ_BITFIELD ppm : 1; /** tells if the parameter is a coding or decoding one */ OPJ_BITFIELD m_is_decoder : 1; - OPJ_BITFIELD bpc_is_255 : 1; /* for AFL test */ + OPJ_BITFIELD bpc_is_255 : 1; /* <IPR), 1); /* IPR */ ++ p_image_header_data; - jp2->j2k->m_cp.bpc_is_255 = (jp2->bpc == 255); /* For AFL test */ - jp2->j2k->ihdr_w = jp2->w; /* For AFL test */ - jp2->j2k->ihdr_h = jp2->h; /* For AFL test */ - jp2->has_ihdr = 1; /* For AFL test */ + jp2->j2k->m_cp.bpc_is_255 = (jp2->bpc == 255); + jp2->j2k->ihdr_w = jp2->w; + jp2->j2k->ihdr_h = jp2->h; + jp2->has_ihdr = 1; return OPJ_TRUE; } @@ -2847,11 +2847,11 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream, if (! opj_jp2_exec(jp2, jp2->m_procedure_list, p_stream, p_manager)) { return OPJ_FALSE; } - if (jp2->has_jp2h == 0) { /* AFL test */ + if (jp2->has_jp2h == 0) { opj_event_msg(p_manager, EVT_ERROR, "JP2H box missing. Required.\n"); return OPJ_FALSE; } - if (jp2->has_ihdr == 0) { /* AFL test */ + if (jp2->has_ihdr == 0) { opj_event_msg(p_manager, EVT_ERROR, "IHDR box_missing. Required.\n"); return OPJ_FALSE; } diff --git a/src/lib/openjp2/jp2.h b/src/lib/openjp2/jp2.h index aaff1609..3ff66ebe 100644 --- a/src/lib/openjp2/jp2.h +++ b/src/lib/openjp2/jp2.h @@ -187,8 +187,8 @@ typedef struct opj_jp2 { opj_jp2_color_t color; OPJ_BOOL ignore_pclr_cmap_cdef; - OPJ_BYTE has_jp2h; /* for AFL test */ - OPJ_BYTE has_ihdr; /* for AFL test */ + OPJ_BYTE has_jp2h; + OPJ_BYTE has_ihdr; } opj_jp2_t; diff --git a/src/lib/openjp2/openjpeg.h b/src/lib/openjp2/openjpeg.h index 8b580503..e0064f74 100644 --- a/src/lib/openjp2/openjpeg.h +++ b/src/lib/openjp2/openjpeg.h @@ -501,6 +501,7 @@ typedef struct opj_cparameters { } opj_cparameters_t; #define OPJ_DPARAMETERS_IGNORE_PCLR_CMAP_CDEF_FLAG 0x0001 +#define OPJ_DPARAMETERS_DUMP_FLAG 0x0002 /** * Decompression parameters @@ -564,7 +565,6 @@ typedef struct opj_dparameters { /* <