summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-08-08Fix remaining warningAntonin Descampe
format specifier mismatch in #975
2017-08-08Merge pull request #975 from szukw000/changes-for-afl-testsAntonin Descampe
Catch images broken by AFL
2017-08-07Slight improvement in management of code block chunksEven Rouault
Instead of having the chunk array at the segment level, we can move it down to the codeblock itself since segments are filled in sequential order. Limit the number of memory allocation, and decrease slightly the memory usage. On MAPA_005.jp2 n4: 1871312549 (heap allocation functions) malloc/new/new[], --alloc-fns, etc. n1: 1610689344 0x4E781E7: opj_aligned_malloc (opj_malloc.c:61) n1: 1610689344 0x4E71D1B: opj_alloc_tile_component_data (tcd.c:676) n1: 1610689344 0x4E726CF: opj_tcd_init_decode_tile (tcd.c:816) n1: 1610689344 0x4E4BE39: opj_j2k_read_tile_header (j2k.c:8617) n1: 1610689344 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348) n1: 1610689344 0x4E4E3CE: opj_j2k_decode (j2k.c:7846) n1: 1610689344 0x4E53002: opj_jp2_decode (jp2.c:1564) n0: 1610689344 0x40374E: main (opj_decompress.c:1459) n1: 219232541 0x4E4BC50: opj_j2k_read_tile_header (j2k.c:4683) n1: 219232541 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348) n1: 219232541 0x4E4E3CE: opj_j2k_decode (j2k.c:7846) n1: 219232541 0x4E53002: opj_jp2_decode (jp2.c:1564) n0: 219232541 0x40374E: main (opj_decompress.c:1459) n1: 23893200 0x4E72735: opj_tcd_init_decode_tile (tcd.c:1225) n1: 23893200 0x4E4BE39: opj_j2k_read_tile_header (j2k.c:8617) n1: 23893200 0x4E4C902: opj_j2k_decode_tiles (j2k.c:10348) n1: 23893200 0x4E4E3CE: opj_j2k_decode (j2k.c:7846) n1: 23893200 0x4E53002: opj_jp2_decode (jp2.c:1564) n0: 23893200 0x40374E: main (opj_decompress.c:1459) n0: 17497464 in 52 places, all below massif's threshold (1.00%)
2017-08-07Decoding: do not allocate memory for the codestream of each codeblockEven Rouault
Currently we allocate at least 8192 bytes for each codeblock, and copy the relevant parts of the codestream in that per-codeblock buffer as we decode packets. As the whole codestream for the tile is ingested in memory and alive during the decoding, we can directly point to it instead of copying. But to do that, we need an intermediate concept, a 'chunk' of code-stream segment, given that segments may be made of data at different places in the code-stream when quality layers are used. With that change, the decoding of MAPA_005.jp2 goes down from the previous improvement of 2.7 GB down to 1.9 GB. New profile: n4: 1885648469 (heap allocation functions) malloc/new/new[], --alloc-fns, etc. n1: 1610689344 0x4E78287: opj_aligned_malloc (opj_malloc.c:61) n1: 1610689344 0x4E71D7B: opj_alloc_tile_component_data (tcd.c:676) n1: 1610689344 0x4E7272C: opj_tcd_init_decode_tile (tcd.c:816) n1: 1610689344 0x4E4BDD9: opj_j2k_read_tile_header (j2k.c:8618) n1: 1610689344 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349) n1: 1610689344 0x4E4E36E: opj_j2k_decode (j2k.c:7847) n1: 1610689344 0x4E52FA2: opj_jp2_decode (jp2.c:1564) n0: 1610689344 0x40374E: main (opj_decompress.c:1459) n1: 219232541 0x4E4BBF0: opj_j2k_read_tile_header (j2k.c:4685) n1: 219232541 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349) n1: 219232541 0x4E4E36E: opj_j2k_decode (j2k.c:7847) n1: 219232541 0x4E52FA2: opj_jp2_decode (jp2.c:1564) n0: 219232541 0x40374E: main (opj_decompress.c:1459) n1: 39822000 0x4E727A9: opj_tcd_init_decode_tile (tcd.c:1219) n1: 39822000 0x4E4BDD9: opj_j2k_read_tile_header (j2k.c:8618) n1: 39822000 0x4E4C8A2: opj_j2k_decode_tiles (j2k.c:10349) n1: 39822000 0x4E4E36E: opj_j2k_decode (j2k.c:7847) n1: 39822000 0x4E52FA2: opj_jp2_decode (jp2.c:1564) n0: 39822000 0x40374E: main (opj_decompress.c:1459) n0: 15904584 in 52 places, all below massif's threshold (1.00%)
2017-08-07Add documentation for magic values in the codeEven Rouault
2017-08-07opj_jp2_apply_pclr() also needs to use opj_image_data_alloc/opj_image_data_freeEven Rouault
2017-08-07Complementary fix to previous commitEven Rouault
2017-08-07Add opj_image_data_alloc() / opj_image_data_free()Even Rouault
As bin/common/color.c used to directly call malloc()/free(), we need to export functions dedicated to allocating/freeing image component data.
2017-08-07Fix crash on Windows due to b7594c0fcb9dd3aa6356d72c4a525d76168da689Even Rouault
b7594c0fcb9dd3aa6356d72c4a525d76168da689 may put opj_tcd_tilecomp_t->data allocated by opj_alloc_tile_component_data() as the image->comps[].data. As opj_alloc_tile_component_data() use opj_aligned_malloc() we must be sure to ue opj_alined_malloc()/_free() in all places where we alloc/free image->comps[].data. Note: this might have some compatibility impact in case user code does itself the allocation/free of image->comps[].data
2017-08-07Decrease memory consumption for whole image single tile decoding.Even Rouault
We can use the same buffer for the tile decoding and the final image, and save the intermediate buffer to transfer between those. Effect on the decoding of MAPA (9944 x 13498 x 3 components of size byte) Peak memory from 4.5 GB to 2.7 GB Now: n5: 2699708767 (heap allocation functions) malloc/new/new[], --alloc-fns, etc. n1: 1610689344 0x4E77E07: opj_aligned_malloc (opj_malloc.c:61) <-- final image n1: 1610689344 0x4E7195B: opj_alloc_tile_component_data (tcd.c:676) n1: 1610689344 0x4E722D2: opj_tcd_init_decode_tile (tcd.c:816) n1: 1610689344 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597) n1: 1610689344 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324) n1: 1610689344 0x4E4E20E: opj_j2k_decode (j2k.c:7826) n1: 1610689344 0x4E52E42: opj_jp2_decode (jp2.c:1564) n0: 1610689344 0x40369E: main (opj_decompress.c:1459) n1: 815554560 0x4E72231: opj_tcd_init_decode_tile (tcd.c:1217) <-- working memory for code blocks: 9944*13498/64/64*8192*3 n1: 815554560 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597) n1: 815554560 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324) n1: 815554560 0x4E4E20E: opj_j2k_decode (j2k.c:7826) n1: 815554560 0x4E52E42: opj_jp2_decode (jp2.c:1564) n0: 815554560 0x40369E: main (opj_decompress.c:1459) n1: 219758391 0x4E4C0BF: opj_j2k_read_tile_header (j2k.c:4661) <-- ingestion of code stream n1: 219758391 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324) n1: 219758391 0x4E4E20E: opj_j2k_decode (j2k.c:7826) n1: 219758391 0x4E52E42: opj_jp2_decode (jp2.c:1564) n0: 219758391 0x40369E: main (opj_decompress.c:1459) n1: 39822000 0x4E7224F: opj_tcd_init_decode_tile (tcd.c:1224) <-- OPJ_J2K_DEFAULT_NB_SEGS*sizeof(opj_tcd_seg_t) per codeblock n1: 39822000 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597) n1: 39822000 0x4E4C742: opj_j2k_decode_tiles (j2k.c:10324) n1: 39822000 0x4E4E20E: opj_j2k_decode (j2k.c:7826) n1: 39822000 0x4E52E42: opj_jp2_decode (jp2.c:1564) n0: 39822000 0x40369E: main (opj_decompress.c:1459) n0: 13884472 in 49 places, all below massif's threshold (1.00%) Before: n5: 4493329848 (heap allocation functions) malloc/new/new[], --alloc-fns, etc. n2: 1610709160 0x4E77C87: opj_aligned_malloc (opj_malloc.c:61) n1: 1610689344 0x4E717DB: opj_alloc_tile_component_data (tcd.c:676) n1: 1610689344 0x4E72152: opj_tcd_init_decode_tile (tcd.c:816) n1: 1610689344 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597) n1: 1610689344 0x4E4C64A: opj_j2k_decode_tiles (j2k.c:10318) n1: 1610689344 0x4E4E08E: opj_j2k_decode (j2k.c:7826) n1: 1610689344 0x4E52CC2: opj_jp2_decode (jp2.c:1564) n0: 1610689344 0x40369E: main (opj_decompress.c:1459) n0: 19816 in 2 places, all below massif's threshold (1.00%) n1: 1610689344 0x4E43F36: opj_j2k_update_image_data.isra.7 (j2k.c:8743) n1: 1610689344 0x4E4C5C1: opj_j2k_decode_tiles (j2k.c:10358) n1: 1610689344 0x4E4E08E: opj_j2k_decode (j2k.c:7826) n1: 1610689344 0x4E52CC2: opj_jp2_decode (jp2.c:1564) n0: 1610689344 0x40369E: main (opj_decompress.c:1459) n1: 815554560 0x4E720B1: opj_tcd_init_decode_tile (tcd.c:1217) n1: 815554560 0x4E4BCF1: opj_j2k_read_tile_header (j2k.c:8597) n1: 815554560 0x4E4C64A: opj_j2k_decode_tiles (j2k.c:10318) n1: 815554560 0x4E4E08E: opj_j2k_decode (j2k.c:7826) n1: 815554560 0x4E52CC2: opj_jp2_decode (jp2.c:1564) n0: 815554560 0x40369E: main (opj_decompress.c:1459) n1: 402672336 0x4E4C545: opj_j2k_decode_tiles (j2k.c:10336) n1: 402672336 0x4E4E08E: opj_j2k_decode (j2k.c:7826) n1: 402672336 0x4E52CC2: opj_jp2_decode (jp2.c:1564) n0: 402672336 0x40369E: main (opj_decompress.c:1459) n0: 53704448 in 58 places, all below massif's threshold (1.00%)
2017-08-07Changes for converttif.c to fix tsize_tszukw000
2017-08-04opj_j2k_read_sot(): check current TPSot number regarding previous (non-zero) ↵Even Rouault
TNsot to avoid opj_j2k_merge_ppt() to be called several times. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2851. Credit to OSS Fuzz
2017-08-02First change on changes-for-afl-testsszukw000
2017-07-31src/bin/jpwl/convert.c: add missing fclose() in error code path (suggested ↵Even Rouault
by maddin200, #976)
2017-07-31Catch images broken by AFLszukw000
2017-07-30src/lib/openjp2/*.h: use OPJ_ prefix for inclusion guards instead of ↵Even Rouault
reserved __ (#587)
2017-07-30opj_event_msg(): force zero termination of bufferEven Rouault
2017-07-30Fix breakage of 22bf99ce0220811bfce1562ee61423cb0245b683Even Rouault
2017-07-30Test return value of opj_j2k_setup_decoding_tile() (commit ↵Even Rouault
https://github.com/uclouvain/openjpeg/pull/561/commits/ec31fa0c7f1ff8979312c07296cba41584c458a0 by ak-dxdy, #561)
2017-07-30Fix warnings in USE_JPIP compilation modeEven Rouault
2017-07-30Avoid heap buffer overflow in function pnmtoimage of convert.c, and unsigned ↵Even Rouault
integer overflow in opj_image_create() (CVE-2016-9118, #861)
2017-07-30Fix Doxygen warnings (patch derived from Winfried's doxygen-dif.txt.zip, #849)Even Rouault
2017-07-30j2k.c: remove hardcoded constants related to m_state, and useless FIXMEEven Rouault
2017-07-30Avoid p_stream->m_user_data_length >= (OPJ_UINT64)p_stream->m_byte_offset ↵Even Rouault
assertion in opj_stream_get_number_byte_left(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2786. Credit to OSS Fuzz
2017-07-30opj_j2k_set_decode_area: replace assertions by runtime checks. Fixes ↵Even Rouault
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2795. Credit to OSS Fuzz
2017-07-30opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes ↵Even Rouault
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2799. Credit to OSS Fuzz
2017-07-29src/bin/jpwl/convert.c: fix memleak (fix suggested by maddin200, #631)Even Rouault
2017-07-29Fix warnings in pi.c raised by VS11 analyze (#190)Even Rouault
2017-07-29Fix write heap buffer overflow in opj_mqc_byteout(). Discovered by Ke Liu of ↵Even Rouault
Tencent's Xuanwu LAB (#835)
2017-07-29opj_pi_update_decode_poc(): limit layno1 to the number of layers ↵Even Rouault
(CVE-2016-1626 and CVE-2016-1628, #850) This has been recently fixed in a less elegant way per 80818c39f5bfbac37768fcee95b0ffeceaa77264
2017-07-29opj_tcd_get_decoded_tile_size(): fix potential UINT32 overflow (#854, ↵Even Rouault
CVE-2016-5152) Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
2017-07-29color_cielab_to_rgb(): reject images with components of different dimensions ↵Even Rouault
to void read heap buffer overflow (#909)
2017-07-29Fix breakage of 2fa0fc61f2d546c8b67e7c5a9cbc61d98e1f7af0 (#970)Even Rouault
2017-07-29imagetopnm(): make sure the alpha component has same dimension as other ↵Even Rouault
components to avoid read heap buffer overflow (#970)
2017-07-29opj_t1_decode_cblk(): avoid undefined shift behaviour. Fixes ↵Even Rouault
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2487. Credit to OSS Fuzz
2017-07-29opj_t1_clbl_decode_processor(): avoid undefined behaviour if roishift >= 31. ↵Even Rouault
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2506. Credit to OSS Fuzz
2017-07-29Avoid assertion in opj_j2k_merge_ppt() in case premature EOC is encountered ↵Even Rouault
in opj_j2k_read_tile_header(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2785. Credit to OSS Fuzz
2017-07-29opj_pi_next_pcrl(): avoid undefined shift behaviour. Fixes ↵Even Rouault
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2787. Credit to OSS Fuzz
2017-07-28opj_int_ceildiv(): fix int32 overflow. Fixes ↵Even Rouault
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2494. Credit to OSS Fuzz
2017-07-28opj_tcd_dc_level_shift_decode(): avoid int overflow. Fixes ↵Even Rouault
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2516. Credit to OSS Fuzz
2017-07-28Fix null pointer dereference in opj_jp2_apply_pclr(). Fixes ↵Even Rouault
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2558. Credit to OSS Fuzz
2017-07-28Fix null pointer dereference in opj_j2k_add_mct() (#895)Even Rouault
Fixes openjeg-crashes-2017-07-27/issue879-poc1.j2k of #895
2017-07-28Avoid use-after-free when a MCT marker is found after a MCC one (#895)Even Rouault
Fixes openjeg-crashes-2017-07-27/issue880-poc2.j2k of #895
2017-07-27Avoid undefined shift behaviour if bit depth == 32 (#895)Even Rouault
Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:003798,op:ext_AO,pos:128.jp2
2017-07-27opj_j2k_update_image_data / opj_tcd_update_tile_data: fix unaligned ↵Even Rouault
load/store (#895) When components don't have the same width, unaligned load/store are possible. Fixes openjeg-crashes-2017-07-27/id:000000,sig:11,src:001342,op:flip4,pos:162.jp2 of #895
2017-07-27opj_pi_next_rpcl / opj_pi_next_pcrl / opj_pi_next_cprl: avoid int overflow ↵Even Rouault
(#895) Fixes int overflow on openjeg-crashes-2017-07-27/id:000000,sig:08,src:000879,op:flip2,pos:128.jp2
2017-07-27opj_jp2_check_color(): replace assertion regarding mtyp by runtime check ↵Even Rouault
(#672, #895) Fixes test case openjeg-crashes-2017-07-27/id:000000,sig:06,src:000001,op:flip1,pos:808.jp2 of #895
2017-07-27Avoids undefined shift behaviour in m_dc_level_shift computationEven Rouault
Fixes warning found on clusterfuzz-testcase-minimized-5146316340461568 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2495 Credit to OSS Fuzz
2017-07-26Fix various undefined shift behaviour in pi.cEven Rouault
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2496 Credit to OSS Fuzz
2017-07-26Avoid potential undefined shift behaviour in opj_bio_read() from ↵Even Rouault
opj_t2_read_packet_header() Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2485 Credit to OSS Fuzz
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-08 08:02:29 +0000