summaryrefslogtreecommitdiff
path: root/src/lib/openjp2
diff options
context:
space:
mode:
authorszukw000 <szukw000@arcor.de>2017-07-31 13:58:08 +0200
committerszukw000 <szukw000@arcor.de>2017-07-31 13:58:08 +0200
commit00f45684a8339e69ed55df2397f3c19d09fecaed (patch)
tree171f881e7b3bcad1afed20d69aa7a8c02ec9dad8 /src/lib/openjp2
parent13cde9fa37249628af6b6f10601b733f87a025f4 (diff)
Catch images broken by AFL
Diffstat (limited to 'src/lib/openjp2')
-rw-r--r--src/lib/openjp2/j2k.c149
-rw-r--r--src/lib/openjp2/j2k.h6
-rw-r--r--src/lib/openjp2/jp2.c17
-rw-r--r--src/lib/openjp2/jp2.h2
-rw-r--r--src/lib/openjp2/openjpeg.h1
-rw-r--r--src/lib/openjp2/tcd.h2
6 files changed, 176 insertions, 1 deletions
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 21befaa8..7e3c518a 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -2054,6 +2054,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
OPJ_UINT32 l_remaining_size;
OPJ_UINT32 l_nb_tiles;
OPJ_UINT32 l_tmp, l_tx1, l_ty1;
+ OPJ_UINT32 l_prec0, l_sgnd0;
opj_image_t *l_image = 00;
opj_cp_t *l_cp = 00;
opj_image_comp_t * l_img_comp = 00;
@@ -2156,7 +2157,20 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
"Error with SIZ marker: illegal tile offset\n");
return OPJ_FALSE;
}
+ if (!p_j2k->dump_state) {
+ OPJ_UINT32 siz_w, siz_h; /* AFL test */
+ siz_w = l_image->x1 - l_image->x0;
+ siz_h = l_image->y1 - l_image->y0;
+
+ if (p_j2k->ihdr_w > 0 && p_j2k->ihdr_h > 0
+ && (p_j2k->ihdr_w != siz_w || p_j2k->ihdr_h != siz_h)) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Error with SIZ marker: IHDR w(%u) h(%u) vs. SIZ w(%u) h(%u)\n", p_j2k->ihdr_w,
+ p_j2k->ihdr_h, siz_w, siz_h);
+ return OPJ_FALSE;
+ }
+ }
#ifdef USE_JPWL
if (l_cp->correct) {
/* if JPWL is on, we check whether TX errors have damaged
@@ -2211,6 +2225,8 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
l_img_comp = l_image->comps;
+ l_prec0 = 0;
+ l_sgnd0 = 0;
/* Read the component information */
for (i = 0; i < l_image->numcomps; ++i) {
OPJ_UINT32 tmp;
@@ -2218,6 +2234,20 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
++p_header_data;
l_img_comp->prec = (tmp & 0x7f) + 1;
l_img_comp->sgnd = tmp >> 7;
+
+ if (p_j2k->dump_state == 0) {
+ if (i == 0) { /* AFL test */
+ l_prec0 = l_img_comp->prec;
+ l_sgnd0 = l_img_comp->sgnd;
+ } else if (l_cp->bpc_is_255 == 0
+ && (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {/* AFL test */
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Invalid precision and/or sgnd values for comp[%d]:\n"
+ " [0] prec(%d) sgnd(%d) [%d] prec(%d) sgnd(%d)\n", i, l_prec0, l_sgnd0,
+ i, l_img_comp->prec, l_img_comp->sgnd);
+ return OPJ_FALSE;
+ }
+ }
opj_read_bytes(p_header_data, &tmp, 1); /* XRsiz_i */
++p_header_data;
l_img_comp->dx = (OPJ_UINT32)tmp; /* should be between 1 and 255 */
@@ -2240,7 +2270,6 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
i, l_img_comp->prec);
return OPJ_FALSE;
}
-
#ifdef USE_JPWL
if (l_cp->correct) {
/* if JPWL is on, we check whether TX errors have damaged
@@ -2276,6 +2305,122 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
l_cp->m_specific_param.m_dec.m_reduce; /* reducing factor per component */
++l_img_comp;
}
+ if (!p_j2k->dump_state) {
+ switch (p_j2k->enumcs) { /* AFL tests */
+ int ok, sycc;
+
+ case 12: /* CMYK */
+ if (l_image->numcomps == 4 /* cnf. color.c, line 879 */
+ && l_image->comps[0].dx == l_image->comps[1].dx
+ && l_image->comps[0].dx == l_image->comps[2].dx
+ && l_image->comps[0].dx == l_image->comps[3].dx
+ && l_image->comps[0].dy == l_image->comps[1].dy
+ && l_image->comps[0].dy == l_image->comps[2].dy
+ && l_image->comps[0].dy == l_image->comps[3].dy) {
+ break;
+ }
+ opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 12(i.e. CMYK)\n");
+ return OPJ_FALSE;
+
+ case 16: /* sRGB */
+ if (l_image->numcomps < 3) {
+ break; /* GRAY, GRAYA */
+ }
+
+ if (l_image->numcomps == 3 /* RGB */
+ && l_image->comps[0].dx == l_image->comps[1].dx
+ && l_image->comps[0].dx == l_image->comps[2].dx
+ && l_image->comps[0].dy == l_image->comps[1].dy
+ && l_image->comps[0].dy == l_image->comps[2].dy
+ && l_image->comps[0].prec == l_image->comps[1].prec
+ && l_image->comps[0].prec == l_image->comps[2].prec
+ && l_image->comps[0].sgnd == l_image->comps[1].sgnd
+ && l_image->comps[0].sgnd == l_image->comps[2].sgnd) {
+ break;
+ }
+ if (l_image->numcomps == 4 /* RGBA */
+ && l_image->comps[0].dx == l_image->comps[3].dx
+ && l_image->comps[0].dy == l_image->comps[3].dy
+ && l_image->comps[0].prec == l_image->comps[3].prec
+ && l_image->comps[0].sgnd == l_image->comps[3].sgnd) {
+ break;
+ }
+ opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 16(i.e. sRGB)\n");
+ return OPJ_FALSE;
+
+ case 18: /* sYCC */
+ sycc = 0;
+ ok = (l_image->numcomps > 2); /* cnf. color.c, line 319 */
+
+ if (ok) {
+ sycc = /* sycc420 */
+ ((l_image->comps[0].dx == 1)
+ && (l_image->comps[1].dx == 2)
+ && (l_image->comps[2].dx == 2)
+ && (l_image->comps[0].dy == 1)
+ && (l_image->comps[1].dy == 2)
+ && (l_image->comps[2].dy == 2))
+ || /* sycc422 */
+ ((l_image->comps[0].dx == 1)
+ && (l_image->comps[1].dx == 2)
+ && (l_image->comps[2].dx == 2)
+ && (l_image->comps[0].dy == 1)
+ && (l_image->comps[1].dy == 1)
+ && (l_image->comps[2].dy == 1))
+ || /* sycc444 */
+ ((l_image->comps[0].dx == 1)
+ && (l_image->comps[1].dx == 1)
+ && (l_image->comps[2].dx == 1)
+ && (l_image->comps[0].dy == 1)
+ && (l_image->comps[1].dy == 1)
+ && (l_image->comps[2].dy == 1));
+ }
+ if (ok && sycc) {
+ break;
+ }
+
+ opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 18(i.e. sYCC)\n");
+ return OPJ_FALSE;
+
+ case 24: /* e-sYCC */
+ if (l_image->numcomps > 2 /* cnf. color.c, line 938 */
+ && l_image->comps[0].dx == l_image->comps[1].dx
+ && l_image->comps[0].dx == l_image->comps[2].dx
+ && l_image->comps[0].dy == l_image->comps[1].dy
+ && l_image->comps[0].dy == l_image->comps[2].dy) {
+ break;
+ }
+
+ opj_event_msg(p_manager, EVT_ERROR,
+ "wrong values for enumcs 24(i.e. e-sYCC)\n");
+ return OPJ_FALSE;
+
+ case 14: /* CIELAB */
+ if (l_image->numcomps != 3) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "wrong values for enumcs 14(i.e. CIElab)\n");
+ return OPJ_FALSE;
+ }
+ break;
+
+ case 17: /* GRAY */
+ if (l_image->comps[0].dx == 1
+ && l_image->comps[0].dy == 1) {
+ break;
+ }
+ opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs %u\n",
+ p_j2k->enumcs);
+ return OPJ_FALSE;
+
+ default:
+ break;
+
+ }/* switch() */
+ } /* p_j2k->dump */
+
+ if (l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */
+ return OPJ_FALSE;
+ }
/* Compute the number of tiles */
l_cp->tw = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)(l_image->x1 - l_cp->tx0),
@@ -6315,6 +6460,7 @@ void opj_j2k_setup_decoder(opj_j2k_t *j2k, opj_dparameters_t *parameters)
j2k->m_cp.m_specific_param.m_dec.m_layer = parameters->cp_layer;
j2k->m_cp.m_specific_param.m_dec.m_reduce = parameters->cp_reduce;
+ j2k->dump_state = parameters->dump_state;
#ifdef USE_JPWL
j2k->m_cp.correct = parameters->jpwl_correct;
j2k->m_cp.exp_comps = parameters->jpwl_exp_comps;
@@ -8705,6 +8851,7 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k,
opj_event_msg(p_manager, EVT_ERROR, "Failed to decode.\n");
return OPJ_FALSE;
}
+ p_j2k->m_tcd->enumcs = p_j2k->enumcs; /* AFL test */
if (! opj_tcd_update_tile_data(p_j2k->m_tcd, p_data, p_data_size)) {
return OPJ_FALSE;
diff --git a/src/lib/openjp2/j2k.h b/src/lib/openjp2/j2k.h
index 5c5a359d..6b08b1c0 100644
--- a/src/lib/openjp2/j2k.h
+++ b/src/lib/openjp2/j2k.h
@@ -446,6 +446,7 @@ typedef struct opj_cp {
OPJ_BITFIELD ppm : 1;
/** tells if the parameter is a coding or decoding one */
OPJ_BITFIELD m_is_decoder : 1;
+ OPJ_BITFIELD bpc_is_255 : 1; /* for AFL test */
/* <<UniPG */
} opj_cp_t;
@@ -574,6 +575,11 @@ typedef struct opj_j2k {
/** Thread pool */
opj_thread_pool_t* m_tp;
+
+ OPJ_UINT32 ihdr_w; /* for AFL test */
+ OPJ_UINT32 ihdr_h; /* for AFL test */
+ OPJ_UINT32 enumcs; /* for AFL test */
+ unsigned int dump_state; /* for AFL test */
}
opj_j2k_t;
diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
index 1211ab5d..ca7c7158 100644
--- a/src/lib/openjp2/jp2.c
+++ b/src/lib/openjp2/jp2.c
@@ -619,6 +619,11 @@ static OPJ_BOOL opj_jp2_read_ihdr(opj_jp2_t *jp2,
opj_read_bytes(p_image_header_data, &(jp2->IPR), 1); /* IPR */
++ p_image_header_data;
+ jp2->j2k->m_cp.bpc_is_255 = (jp2->bpc == 255); /* For AFL test */
+ jp2->j2k->ihdr_w = jp2->w; /* For AFL test */
+ jp2->j2k->ihdr_h = jp2->h; /* For AFL test */
+ jp2->has_ihdr = 1; /* For AFL test */
+
return OPJ_TRUE;
}
@@ -1573,6 +1578,9 @@ static OPJ_BOOL opj_jp2_read_colr(opj_jp2_t *jp2,
"COLR BOX meth value is not a regular value (%d), "
"so we will ignore the entire Colour Specification box. \n", jp2->meth);
}
+ if (jp2->color.jp2_has_colr) {
+ jp2->j2k->enumcs = jp2->enumcs;
+ }
return OPJ_TRUE;
}
@@ -2733,6 +2741,7 @@ static OPJ_BOOL opj_jp2_read_jp2h(opj_jp2_t *jp2,
}
jp2->jp2_state |= JP2_STATE_HEADER;
+ jp2->has_jp2h = 1;
return OPJ_TRUE;
}
@@ -2838,6 +2847,14 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
if (! opj_jp2_exec(jp2, jp2->m_procedure_list, p_stream, p_manager)) {
return OPJ_FALSE;
}
+ if (jp2->has_jp2h == 0) { /* AFL test */
+ opj_event_msg(p_manager, EVT_ERROR, "JP2H box missing. Required.\n");
+ return OPJ_FALSE;
+ }
+ if (jp2->has_ihdr == 0) { /* AFL test */
+ opj_event_msg(p_manager, EVT_ERROR, "IHDR box_missing. Required.\n");
+ return OPJ_FALSE;
+ }
return opj_j2k_read_header(p_stream,
jp2->j2k,
diff --git a/src/lib/openjp2/jp2.h b/src/lib/openjp2/jp2.h
index 2e248061..aaff1609 100644
--- a/src/lib/openjp2/jp2.h
+++ b/src/lib/openjp2/jp2.h
@@ -187,6 +187,8 @@ typedef struct opj_jp2 {
opj_jp2_color_t color;
OPJ_BOOL ignore_pclr_cmap_cdef;
+ OPJ_BYTE has_jp2h; /* for AFL test */
+ OPJ_BYTE has_ihdr; /* for AFL test */
}
opj_jp2_t;
diff --git a/src/lib/openjp2/openjpeg.h b/src/lib/openjp2/openjpeg.h
index 0aea383b..8b580503 100644
--- a/src/lib/openjp2/openjpeg.h
+++ b/src/lib/openjp2/openjpeg.h
@@ -564,6 +564,7 @@ typedef struct opj_dparameters {
/* <<UniPG */
unsigned int flags;
+ unsigned int dump_state; /* AFL test */
} opj_dparameters_t;
diff --git a/src/lib/openjp2/tcd.h b/src/lib/openjp2/tcd.h
index cd750d1b..02053780 100644
--- a/src/lib/openjp2/tcd.h
+++ b/src/lib/openjp2/tcd.h
@@ -230,6 +230,8 @@ typedef struct opj_tcd {
OPJ_BITFIELD m_is_decoder : 1;
/** Thread pool */
opj_thread_pool_t* thread_pool;
+ /** AFL test */
+ OPJ_UINT32 enumcs;
} opj_tcd_t;
/** @name Exported functions */
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-07 08:45:58 +0000