First change on changes-for-afl-tests

author: szukw000 <szukw000@arcor.de> 2017-08-02 17:27:08 +0200
committer: szukw000 <szukw000@arcor.de> 2017-08-02 17:27:08 +0200
commit: 57e36dbfeb57451444c5c20eab66ab0bedd3d3b3 (patch)
tree: 7c05c9f05478db0a96c211b1a0a9478d6cb45a4a /src/bin
parent: 00f45684a8339e69ed55df2397f3c19d09fecaed (diff)
2 files changed, 19 insertions, 4 deletions
diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
index e35bed75..a8e76b66 100644
--- a/src/bin/jp2/converttif.c
+++ b/src/bin/jp2/converttif.c
@@ -42,6 +42,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
+#include <limits.h>
 
 #ifndef OPJ_HAVE_LIBTIFF
 # error OPJ_HAVE_LIBTIFF_NOT_DEFINED
@@ -697,6 +698,12 @@ int imagetotif(opj_image_t * image, const char *outfile)
     TIFFSetField(tif, TIFFTAG_PHOTOMETRIC, tiPhoto);
     TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
 
+    if (width > UINT_MAX/numcomps || width * bps > UINT_MAX/numcomps || width * numcomps > UINT_MAX/sizeof(OPJ_INT32)) {
+        fprintf(stderr, "Buffer overflow\n");
+        TIFFClose(tif);
+        return 1;
+    }
+
     strip_size = TIFFStripSize(tif);
     rowStride = (width * numcomps * bps + 7U) / 8U;
     if (rowStride != strip_size) {
@@ -709,8 +716,9 @@ int imagetotif(opj_image_t * image, const char *outfile)
         TIFFClose(tif);
         return 1;
     }
-    buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(
-                                        OPJ_INT32)));
+
+    buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
+
     if (buffer32s == NULL) {
         _TIFFfree(buf);
         TIFFClose(tif);
@@ -1246,7 +1254,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
     OPJ_INT32* buffer32s = NULL;
     OPJ_INT32* planes[4];
     tmsize_t rowStride;
-
+    
     tif = TIFFOpen(filename, "r");
 
     if (!tif) {
@@ -1445,6 +1453,13 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
         opj_image_destroy(image);
         return NULL;
     }
+    if (tiWidth > UINT_MAX/tiSpp || tiWidth * tiSpp > UINT_MAX/tiBps || tiWidth * tiSpp > UINT_MAX/sizeof(OPJ_INT32)) {
+        fprintf(stderr, "Buffer overflow\n");
+        _TIFFfree(buf);
+        TIFFClose(tif);
+        opj_image_destroy(image);
+        return NULL;
+    }
     rowStride = (tmsize_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
     buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(tiWidth * tiSpp * sizeof(
                                         OPJ_INT32)));
diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
index 65460596..6e15fee4 100644
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -577,7 +577,7 @@ int main(int argc, char *argv[])
         opj_set_warning_handler(l_codec, warning_callback, 00);
         opj_set_error_handler(l_codec, error_callback, 00);
 
-        parameters.dump_state = 1; /* AFL test */
+        parameters.flags |= OPJ_DPARAMETERS_DUMP_FLAG;
 
         /* Setup the decoder decoding parameters using user parameters */
         if (!opj_setup_decoder(l_codec, &parameters)) {
author	szukw000 <szukw000@arcor.de>	2017-08-02 17:27:08 +0200
committer	szukw000 <szukw000@arcor.de>	2017-08-02 17:27:08 +0200
commit	57e36dbfeb57451444c5c20eab66ab0bedd3d3b3 (patch)
tree	7c05c9f05478db0a96c211b1a0a9478d6cb45a4a /src/bin
parent	00f45684a8339e69ed55df2397f3c19d09fecaed (diff)