Catch images broken by AFL

6 files changed, 135 insertions, 35 deletions

diff --git a/src/bin/common/color.c b/src/bin/common/color.c
index 8bb96043..598dc8e6 100644
--- a/src/bin/common/color.c
+++ b/src/bin/common/color.c
@@ -486,6 +486,34 @@ void color_apply_icc_profile(opj_image_t *image)
     prec = (int)image->comps[0].prec;
 
     if (out_space == cmsSigRgbData) { /* enumCS 16 */
+        unsigned int i, nr_comp = image->numcomps;
+
+        if (nr_comp > 4) {
+            nr_comp = 4;
+        }
+        for (i = 1; i < nr_comp; ++i) { /* AFL test */
+            if (image->comps[0].dx != image->comps[i].dx) {
+                break;
+            }
+
+            if (image->comps[0].dy != image->comps[i].dy) {
+                break;
+            }
+
+            if (image->comps[0].prec != image->comps[i].prec) {
+                break;
+            }
+
+            if (image->comps[0].sgnd != image->comps[i].sgnd) {
+                break;
+            }
+
+        }
+        if (i != nr_comp) {
+            cmsCloseProfile(in_prof);
+            return;
+        }
+
         if (prec <= 8) {
             in_type = TYPE_RGB_8;
             out_type = TYPE_RGB_8;
diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
index 492911c9..e2e16027 100644
--- a/src/bin/jp2/convert.c
+++ b/src/bin/jp2/convert.c
@@ -959,10 +959,11 @@ int imagetotga(opj_image_t * image, const char *outfile)
     for (i = 0; i < image->numcomps - 1; i++) {
         if ((image->comps[0].dx != image->comps[i + 1].dx)
                 || (image->comps[0].dy != image->comps[i + 1].dy)
-                || (image->comps[0].prec != image->comps[i + 1].prec)) {
+                || (image->comps[0].prec != image->comps[i + 1].prec)
+                || (image->comps[0].sgnd != image->comps[i + 1].sgnd)) {
             fclose(fdest);
             fprintf(stderr,
-                    "Unable to create a tga file with such J2K image charateristics.");
+                    "Unable to create a tga file with such J2K image charateristics.\n");
             return 1;
         }
     }
@@ -2343,7 +2344,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile,
 {
     FILE *rawFile = NULL;
     size_t res;
-    unsigned int compno;
+    unsigned int compno, numcomps;
     int w, h, fails;
     int line, row, curr, mask;
     int *ptr;
@@ -2355,6 +2356,33 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile,
         return 1;
     }
 
+    numcomps = image->numcomps;
+
+    if (numcomps > 4) {
+        numcomps = 4;
+    }
+
+    for (compno = 1; compno < numcomps; ++compno) {
+        if (image->comps[0].dx != image->comps[compno].dx) {
+            break;
+        }
+        if (image->comps[0].dy != image->comps[compno].dy) {
+            break;
+        }
+        if (image->comps[0].prec != image->comps[compno].prec) {
+            break;
+        }
+        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
+            break;
+        }
+    }
+    if (compno != numcomps) {
+        fprintf(stderr,
+                "imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
+        fprintf(stderr, "\tAborting\n");
+        return 1;
+    }
+
     rawFile = fopen(outfile, "wb");
     if (!rawFile) {
         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
@@ -2466,7 +2494,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile,
                 }
             }
         } else if (image->comps[compno].prec <= 32) {
-            fprintf(stderr, "More than 16 bits per component no handled yet\n");
+            fprintf(stderr, "More than 16 bits per component not handled yet\n");
             goto fin;
         } else {
             fprintf(stderr, "Error: invalid precision: %d\n", image->comps[compno].prec);
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index 5152ca6f..a636ddc5 100644
--- a/src/bin/jp2/convertbmp.c
+++ b/src/bin/jp2/convertbmp.c
@@ -832,7 +832,8 @@ int imagetobmp(opj_image_t * image, const char *outfile)
     int adjustR, adjustG, adjustB;
 
     if (image->comps[0].prec < 8) {
-        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
+        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n",
+                image->comps[0].prec);
         return 1;
     }
     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
@@ -840,7 +841,9 @@ int imagetobmp(opj_image_t * image, const char *outfile)
             && image->comps[0].dy == image->comps[1].dy
             && image->comps[1].dy == image->comps[2].dy
             && image->comps[0].prec == image->comps[1].prec
-            && image->comps[1].prec == image->comps[2].prec) {
+            && image->comps[1].prec == image->comps[2].prec
+            && image->comps[0].sgnd == image->comps[1].sgnd
+            && image->comps[1].sgnd == image->comps[2].sgnd) {
 
         /* -->> -->> -->> -->>
         24 bits color
@@ -974,6 +977,10 @@ int imagetobmp(opj_image_t * image, const char *outfile)
             fprintf(stderr, "ERROR -> failed to open %s for writing\n", outfile);
             return 1;
         }
+        if (image->numcomps > 1) {
+            fprintf(stderr, "imagetobmp: only first component of %d is used.\n",
+                    image->numcomps);
+        }
         w = (int)image->comps[0].w;
         h = (int)image->comps[0].h;
 
diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
index c4eba4b7..e35bed75 100644
--- a/src/bin/jp2/converttif.c
+++ b/src/bin/jp2/converttif.c
@@ -564,20 +564,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst,
 
 int imagetotif(opj_image_t * image, const char *outfile)
 {
-    int width, height;
-    int bps, adjust, sgnd;
-    int tiPhoto;
     TIFF *tif;
     tdata_t buf;
-    tsize_t strip_size;
+    uint32 width, height, bps, tiPhoto;
+    int adjust, sgnd;
+    tmsize_t strip_size, rowStride;
     OPJ_UINT32 i, numcomps;
-    OPJ_SIZE_T rowStride;
     OPJ_INT32* buffer32s = NULL;
     OPJ_INT32 const* planes[4];
     convert_32s_PXCX cvtPxToCx = NULL;
     convert_32sXXx_C1R cvt32sToTif = NULL;
 
-    bps = (int)image->comps[0].prec;
+    bps = (uint32)image->comps[0].prec;
     planes[0] = image->comps[0].data;
 
     numcomps = image->numcomps;
@@ -686,13 +684,13 @@ int imagetotif(opj_image_t * image, const char *outfile)
         break;
     }
     sgnd = (int)image->comps[0].sgnd;
-    adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0;
-    width   = (int)image->comps[0].w;
-    height  = (int)image->comps[0].h;
+    adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0;
+    width   = (uint32)image->comps[0].w;
+    height  = (uint32)image->comps[0].h;
 
     TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width);
     TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height);
-    TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps);
+    TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps);
     TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps);
     TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT);
     TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
@@ -700,8 +698,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
     TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
 
     strip_size = TIFFStripSize(tif);
-    rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U;
-    if (rowStride != (OPJ_SIZE_T)strip_size) {
+    rowStride = (width * numcomps * bps + 7U) / 8U;
+    if (rowStride != strip_size) {
         fprintf(stderr, "Invalid TIFF strip size\n");
         TIFFClose(tif);
         return 1;
@@ -711,8 +709,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
         TIFFClose(tif);
         return 1;
     }
-    buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(
-                                        OPJ_INT32));
+    buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(
+                                        OPJ_INT32)));
     if (buffer32s == NULL) {
         _TIFFfree(buf);
         TIFFClose(tif);
@@ -1235,20 +1233,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
     TIFF *tif;
     tdata_t buf;
     tstrip_t strip;
-    tsize_t strip_size;
+    tmsize_t strip_size;
     int j, currentPlane, numcomps = 0, w, h;
     OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN;
     opj_image_cmptparm_t cmptparm[4]; /* RGBA */
     opj_image_t *image = NULL;
     int has_alpha = 0;
-    unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC;
-    unsigned int tiWidth, tiHeight;
+    uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight;
     OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz);
     convert_XXx32s_C1R cvtTifTo32s = NULL;
     convert_32s_CXPX cvtCxToPx = NULL;
     OPJ_INT32* buffer32s = NULL;
     OPJ_INT32* planes[4];
-    OPJ_SIZE_T rowStride;
+    tmsize_t rowStride;
 
     tif = TIFFOpen(filename, "r");
 
@@ -1269,20 +1266,33 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
     w = (int)tiWidth;
     h = (int)tiHeight;
 
-    if (tiBps > 16U) {
-        fprintf(stderr, "tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n", tiBps);
-        fprintf(stderr, "\tAborting\n");
+    if (tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
+        fprintf(stderr, "tiftoimage: Bad value for samples per pixel == %hu.\n"
+                "\tAborting.\n", tiSpp);
+        TIFFClose(tif);
+        return NULL;
+    }
+    if (tiBps > 16U || tiBps == 0) {
+        fprintf(stderr, "tiftoimage: Bad values for Bits == %d.\n"
+                "\tMax. 16 Bits are allowed here.\n\tAborting.\n", tiBps);
         TIFFClose(tif);
         return NULL;
     }
     if (tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) {
         fprintf(stderr,
-                "tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",
+                "tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n\tAborting.\n",
                 (int) tiPhoto);
-        fprintf(stderr, "\tAborting\n");
         TIFFClose(tif);
         return NULL;
     }
+    if (tiWidth == 0 || tiHeight == 0) {
+        fprintf(stderr, "tiftoimage: Bad values for width(%u) "
+                "and/or height(%u)\n\tAborting.\n", tiWidth, tiHeight);
+        TIFFClose(tif);
+        return NULL;
+    }
+    w = (int)tiWidth;
+    h = (int)tiHeight;
 
     switch (tiBps) {
     case 1:
@@ -1405,8 +1415,22 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
     image->y0 = (OPJ_UINT32)parameters->image_offset_y0;
     image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 :
                 image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
+    if (image->x1 <= image->x0) {
+        fprintf(stderr, "tiftoimage: Bad value for image->x1(%d) vs. "
+                "image->x0(%d)\n\tAborting.\n", image->x1, image->x0);
+        TIFFClose(tif);
+        opj_image_destroy(image);
+        return NULL;
+    }
     image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 :
                 image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
+    if (image->y1 <= image->y0) {
+        fprintf(stderr, "tiftoimage: Bad value for image->y1(%d) vs. "
+                "image->y0(%d)\n\tAborting.\n", image->y1, image->y0);
+        TIFFClose(tif);
+        opj_image_destroy(image);
+        return NULL;
+    }
 
     for (j = 0; j < numcomps; j++) {
         planes[j] = image->comps[j].data;
@@ -1421,8 +1445,9 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
         opj_image_destroy(image);
         return NULL;
     }
-    rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U;
-    buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32));
+    rowStride = (tmsize_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
+    buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(tiWidth * tiSpp * sizeof(
+                                        OPJ_INT32)));
     if (buffer32s == NULL) {
         _TIFFfree(buf);
         TIFFClose(tif);
@@ -1438,9 +1463,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
         /* Read the Image components */
         for (; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) {
             const OPJ_UINT8 *dat8;
-            OPJ_SIZE_T ssize;
-
-            ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size);
+            tmsize_t ssize;
+
+            ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size);
+
+            if (ssize < 1 || ssize > strip_size) {
+                fprintf(stderr, "tiftoimage: Bad value for ssize(%ld) "
+                        "vs. strip_size(%ld).\n\tAborting.\n", ssize, strip_size);
+                _TIFFfree(buf);
+                _TIFFfree(buffer32s);
+                TIFFClose(tif);
+                opj_image_destroy(image);
+                return NULL;
+            }
             dat8 = (const OPJ_UINT8*)buf;
 
             while (ssize >= rowStride) {
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index aa21c66d..e2d8cbde 100644
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -1722,7 +1722,7 @@ fin:
         }
         free(dirptr);
     }
-    if (numDecompressedImages && !(parameters.quiet)) {
+    if (numDecompressedImages && !failed && !(parameters.quiet)) {
         fprintf(stdout, "decode time: %d ms\n",
                 (int)((tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
     }
diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
index c286b02a..65460596 100644
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -577,6 +577,8 @@ int main(int argc, char *argv[])
         opj_set_warning_handler(l_codec, warning_callback, 00);
         opj_set_error_handler(l_codec, error_callback, 00);
 
+        parameters.dump_state = 1; /* AFL test */
+
         /* Setup the decoder decoding parameters using user parameters */
         if (!opj_setup_decoder(l_codec, &parameters)) {
             fprintf(stderr, "ERROR -> opj_dump: failed to setup the decoder\n");