diff options
Diffstat (limited to 'src/lib/openjp2')
| -rw-r--r-- | src/lib/openjp2/dwt.c | 20 | ||||
| -rw-r--r-- | src/lib/openjp2/image.c | 2 | ||||
| -rw-r--r-- | src/lib/openjp2/j2k.c | 38 | ||||
| -rw-r--r-- | src/lib/openjp2/j2k.h | 4 | ||||
| -rw-r--r-- | src/lib/openjp2/jp2.c | 2 | ||||
| -rw-r--r-- | src/lib/openjp2/sparse_array.c | 10 | ||||
| -rw-r--r-- | src/lib/openjp2/sparse_array.h | 2 | ||||
| -rw-r--r-- | src/lib/openjp2/t1.c | 10 |
8 files changed, 68 insertions, 20 deletions
diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c index c574357a..5b98d2b3 100644 --- a/src/lib/openjp2/dwt.c +++ b/src/lib/openjp2/dwt.c @@ -216,6 +216,8 @@ static void opj_v4dwt_decode_step2(opj_v4_t* l, opj_v4_t* w, /* <summary> */ /* This table contains the norms of the 5-3 wavelets for different bands. */ /* </summary> */ +/* FIXME! the array should really be extended up to 33 resolution levels */ +/* See https://github.com/uclouvain/openjpeg/issues/493 */ static const OPJ_FLOAT64 opj_dwt_norms[4][10] = { {1.000, 1.500, 2.750, 5.375, 10.68, 21.34, 42.67, 85.33, 170.7, 341.3}, {1.038, 1.592, 2.919, 5.703, 11.33, 22.64, 45.25, 90.48, 180.9}, @@ -226,6 +228,8 @@ static const OPJ_FLOAT64 opj_dwt_norms[4][10] = { /* <summary> */ /* This table contains the norms of the 9-7 wavelets for different bands. */ /* </summary> */ +/* FIXME! the array should really be extended up to 33 resolution levels */ +/* See https://github.com/uclouvain/openjpeg/issues/493 */ static const OPJ_FLOAT64 opj_dwt_norms_real[4][10] = { {1.000, 1.965, 4.177, 8.403, 16.90, 33.84, 67.69, 135.3, 270.6, 540.9}, {2.022, 3.989, 8.355, 17.04, 34.27, 68.63, 137.3, 274.6, 549.0}, @@ -1229,6 +1233,14 @@ OPJ_UINT32 opj_dwt_getgain(OPJ_UINT32 orient) /* </summary> */ OPJ_FLOAT64 opj_dwt_getnorm(OPJ_UINT32 level, OPJ_UINT32 orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return opj_dwt_norms[orient][level]; } @@ -1254,6 +1266,14 @@ OPJ_UINT32 opj_dwt_getgain_real(OPJ_UINT32 orient) /* </summary> */ OPJ_FLOAT64 opj_dwt_getnorm_real(OPJ_UINT32 level, OPJ_UINT32 orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return opj_dwt_norms_real[orient][level]; } diff --git a/src/lib/openjp2/image.c b/src/lib/openjp2/image.c index bf7a7019..13bcb8e4 100644 --- a/src/lib/openjp2/image.c +++ b/src/lib/openjp2/image.c @@ -70,7 +70,7 @@ opj_image_t* OPJ_CALLCONV opj_image_create(OPJ_UINT32 numcmpts, comp->sgnd = cmptparms[compno].sgnd; if (comp->h != 0 && (OPJ_SIZE_T)comp->w > SIZE_MAX / comp->h / sizeof(OPJ_INT32)) { - // TODO event manager + /* TODO event manager */ opj_image_destroy(image); return NULL; } diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index c3f6ba11..ad6e1b86 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -3502,11 +3502,10 @@ static OPJ_BOOL opj_j2k_read_poc(opj_j2k_t *p_j2k, l_old_poc_nb = l_tcp->POC ? l_tcp->numpocs + 1 : 0; l_current_poc_nb += l_old_poc_nb; - if (l_current_poc_nb >= 32) { + if (l_current_poc_nb >= J2K_MAX_POCS) { opj_event_msg(p_manager, EVT_ERROR, "Too many POCs %d\n", l_current_poc_nb); return OPJ_FALSE; } - assert(l_current_poc_nb < 32); /* now poc is in use.*/ l_tcp->POC = 1; @@ -4669,9 +4668,11 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k, if (p_j2k->m_specific_param.m_encoder.m_current_tile_part_number == 0) { p_tile_coder->tcd_image->tiles->packno = 0; +#ifdef deadcode if (l_cstr_info) { l_cstr_info->packno = 0; } +#endif } *p_data_written = 0; @@ -6435,14 +6436,27 @@ OPJ_BOOL opj_j2k_set_threads(opj_j2k_t *j2k, OPJ_UINT32 num_threads) static int opj_j2k_get_default_thread_count() { - const char* num_threads = getenv("OPJ_NUM_THREADS"); - if (num_threads == NULL || !opj_has_thread_support()) { + const char* num_threads_str = getenv("OPJ_NUM_THREADS"); + int num_cpus; + int num_threads; + + if (num_threads_str == NULL || !opj_has_thread_support()) { return 0; } - if (strcmp(num_threads, "ALL_CPUS") == 0) { - return opj_get_num_cpus(); + num_cpus = opj_get_num_cpus(); + if (strcmp(num_threads_str, "ALL_CPUS") == 0) { + return num_cpus; + } + if (num_cpus == 0) { + num_cpus = 32; + } + num_threads = atoi(num_threads_str); + if (num_threads < 0) { + num_threads = 0; + } else if (num_threads > 2 * num_cpus) { + num_threads = 2 * num_cpus; } - return atoi(num_threads); + return num_threads; } /* ----------------------------------------------------------------------- */ @@ -8556,7 +8570,7 @@ static OPJ_BOOL opj_j2k_need_nb_tile_parts_correction(opj_stream_private_t break; } - if ((l_tot_len == 0U) || (l_tot_len < 14U)) { + if (l_tot_len < 14U) { /* last SOT until EOC or invalid Psot value */ /* assume all is OK */ if (! opj_stream_seek(p_stream, l_stream_pos_backup, p_manager)) { @@ -9373,7 +9387,7 @@ OPJ_BOOL opj_j2k_set_decode_area(opj_j2k_t *p_j2k, } /* Up */ - if (p_start_x < 0) { + if (p_start_y < 0) { opj_event_msg(p_manager, EVT_ERROR, "Up position of the decoded area (region_y0=%d) should be >= 0.\n", p_start_y); @@ -11224,6 +11238,12 @@ OPJ_BOOL opj_j2k_encode(opj_j2k_t * p_j2k, l_current_data = l_new_current_data; l_max_tile_size = l_current_tile_size; } + if (l_current_data == NULL) { + /* Should not happen in practice, but will avoid Coverity to */ + /* complain about a null pointer dereference */ + assert(0); + return OPJ_FALSE; + } /* copy image data (32 bit) to l_current_data as contiguous, all-component, zero offset buffer */ /* 32 bit components @ 8 bit precision get converted to 8 bit */ diff --git a/src/lib/openjp2/j2k.h b/src/lib/openjp2/j2k.h index b5fa5143..5d393c98 100644 --- a/src/lib/openjp2/j2k.h +++ b/src/lib/openjp2/j2k.h @@ -107,6 +107,8 @@ The functions in J2K.C have for goal to read/write the several parts of the code #endif /* USE_JPSEC */ /* <<UniPG */ +#define J2K_MAX_POCS 32 /**< Maximum number of POCs */ + /* ----------------------------------------------------------------------- */ /** @@ -251,7 +253,7 @@ typedef struct opj_tcp { /** number of progression order changes */ OPJ_UINT32 numpocs; /** progression order changes */ - opj_poc_t pocs[32]; + opj_poc_t pocs[J2K_MAX_POCS]; /** number of ppt markers (reserved size) */ OPJ_UINT32 ppt_markers_count; diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c index 81d03480..c79ea731 100644 --- a/src/lib/openjp2/jp2.c +++ b/src/lib/openjp2/jp2.c @@ -162,7 +162,7 @@ static OPJ_BOOL opj_jp2_read_ftyp(opj_jp2_t *jp2, opj_event_mgr_t * p_manager); static OPJ_BOOL opj_jp2_skip_jp2c(opj_jp2_t *jp2, - opj_stream_private_t *cio, + opj_stream_private_t *stream, opj_event_mgr_t * p_manager); /** diff --git a/src/lib/openjp2/sparse_array.c b/src/lib/openjp2/sparse_array.c index 67212d28..73192924 100644 --- a/src/lib/openjp2/sparse_array.c +++ b/src/lib/openjp2/sparse_array.c @@ -168,8 +168,9 @@ static OPJ_BOOL opj_sparse_array_int32_read_or_write( + (x - x0) * buf_col_stride; if (x_incr == 4) { - // Same code as general branch, but the compiler - // can have an efficient memcpy() + /* Same code as general branch, but the compiler */ + /* can have an efficient memcpy() */ + (void)(x_incr); /* trick to silent cppcheck duplicateBranch warning */ for (j = 0; j < y_incr; j++) { memcpy(dest_ptr, src_ptr, sizeof(OPJ_INT32) * x_incr); dest_ptr += buf_line_stride; @@ -247,8 +248,9 @@ static OPJ_BOOL opj_sparse_array_int32_read_or_write( const OPJ_INT32* OPJ_RESTRICT src_ptr = buf + (y - y0) * (OPJ_SIZE_T)buf_line_stride + (x - x0) * buf_col_stride; if (x_incr == 4) { - // Same code as general branch, but the compiler - // can have an efficient memcpy() + /* Same code as general branch, but the compiler */ + /* can have an efficient memcpy() */ + (void)(x_incr); /* trick to silent cppcheck duplicateBranch warning */ for (j = 0; j < y_incr; j++) { memcpy(dest_ptr, src_ptr, sizeof(OPJ_INT32) * x_incr); dest_ptr += block_width; diff --git a/src/lib/openjp2/sparse_array.h b/src/lib/openjp2/sparse_array.h index 130fe13e..fd927eaa 100644 --- a/src/lib/openjp2/sparse_array.h +++ b/src/lib/openjp2/sparse_array.h @@ -138,4 +138,4 @@ OPJ_BOOL opj_sparse_array_int32_write(opj_sparse_array_int32_t* sa, /*@}*/ -#endif /* OPJ_SPARSE_ARRAY_H */
\ No newline at end of file +#endif /* OPJ_SPARSE_ARRAY_H */ diff --git a/src/lib/openjp2/t1.c b/src/lib/openjp2/t1.c index e9699853..76744380 100644 --- a/src/lib/openjp2/t1.c +++ b/src/lib/openjp2/t1.c @@ -348,7 +348,7 @@ static INLINE void opj_t1_enc_sigpass_step(opj_t1_t *t1, if ((flags & ((T1_SIGMA_THIS | T1_PI_THIS) << (ci * 3U))) == 0U && (flags & (T1_SIGMA_NEIGHBOURS << (ci * 3U))) != 0U) { OPJ_UINT32 ctxt1 = opj_t1_getctxno_zc(mqc, flags >> (ci * 3U)); - v = opj_int_abs(*datap) & one ? 1 : 0; + v = (opj_int_abs(*datap) & one) ? 1 : 0; #ifdef DEBUG_ENC_SIG fprintf(stderr, " ctxt1=%d\n", ctxt1); #endif @@ -735,7 +735,7 @@ static INLINE void opj_t1_enc_refpass_step(opj_t1_t *t1, OPJ_UINT32 ctxt = opj_t1_getctxno_mag(shift_flags); *nmsedec += opj_t1_getnmsedec_ref((OPJ_UINT32)opj_int_abs(*datap), (OPJ_UINT32)bpno); - v = opj_int_abs(*datap) & one ? 1 : 0; + v = (opj_int_abs(*datap) & one) ? 1 : 0; #ifdef DEBUG_ENC_REF fprintf(stderr, " ctxt=%d\n", ctxt); #endif @@ -1079,7 +1079,7 @@ static void opj_t1_enc_clnpass_step( printf(" ctxt1=%d\n", ctxt1); #endif opj_mqc_setcurctx(mqc, ctxt1); - v = opj_int_abs(*datap) & one ? 1 : 0; + v = (opj_int_abs(*datap) & one) ? 1 : 0; opj_mqc_encode(mqc, v); if (v) { OPJ_UINT32 ctxt2, spb; @@ -1999,6 +1999,10 @@ static OPJ_BOOL opj_t1_decode_cblk(opj_t1_t *t1, } } else if (cblk->numchunks == 1) { cblkdata = cblk->chunks[0].data; + } else { + /* Not sure if that can happen in practice, but avoid Coverity to */ + /* think we will dereference a null cblkdta pointer */ + return OPJ_TRUE; } /* For subtile decoding, directly decode in the decoded_data buffer of */ |