[trunk] check number of components when getting mct norm (fixes issue 436)

[openjpeg.git] / src / lib / openjp2 / t2.c
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c

index 1bcb52ca4e5042f60e3bc8c80d138b13e47d365f..6f0ac9156997bcc3d19dc561b3f2572bce9af8c9 100644 (file)
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -242,6 +242,11 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2,
                                  /* TODO MSD : check why this function cannot fail (cf. v1) */
                                  opj_pi_create_encode(l_pi, l_cp,p_tile_no,poc,l_tp_num,p_tp_pos,p_t2_mode);
  
+                                if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
+                                    /* TODO ADE : add an error */
+                                    opj_pi_destroy(l_pi, l_nb_pocs);
+                                    return OPJ_FALSE;
+                                }
                                  while (opj_pi_next(l_current_pi)) {
                                          if (l_current_pi->layno < p_maxlayers) {
                                                  l_nb_bytes = 0;
@@ -274,7 +279,11 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2,
                  opj_pi_create_encode(l_pi, l_cp,p_tile_no,p_pino,p_tp_num,p_tp_pos,p_t2_mode);
  
                  l_current_pi = &l_pi[p_pino];
-
+                if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
+                    /* TODO ADE : add an error */
+                    opj_pi_destroy(l_pi, l_nb_pocs);
+                    return OPJ_FALSE;
+                }
                  while (opj_pi_next(l_current_pi)) {
                          if (l_current_pi->layno < p_maxlayers) {
                                  l_nb_bytes=0;
@@ -378,7 +387,15 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2,
                   * l_current_pi->resno is always >= p_tile->comps[l_current_pi->compno].minimum_num_resolutions
                   * and no l_img_comp->resno_decoded are computed
                   */
-                OPJ_BOOL* first_pass_failed = (OPJ_BOOL*)opj_malloc(l_image->numcomps * sizeof(OPJ_BOOL));
+                OPJ_BOOL* first_pass_failed = NULL;
+                                       
+                if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
+                    /* TODO ADE : add an error */
+                    opj_pi_destroy(l_pi, l_nb_pocs);
+                    return OPJ_FALSE;
+                }
+                                       
+                first_pass_failed = (OPJ_BOOL*)opj_malloc(l_image->numcomps * sizeof(OPJ_BOOL));
                  if (!first_pass_failed)
                  {
                      opj_pi_destroy(l_pi,l_nb_pocs);
@@ -866,11 +883,10 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
          if (p_tcp->csty & J2K_CP_CSTY_SOP) {
                  if (p_max_length < 6) {
                          /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Not enough space for expected SOP marker\n"); */
-                        printf("Not enough space for expected SOP marker\n");
+                        fprintf(stderr, "Not enough space for expected SOP marker\n");
                  } else if ((*l_current_data) != 0xff || (*(l_current_data + 1) != 0x91)) {
                          /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Expected SOP marker\n"); */
-                        printf("Expected SOP marker\n");
-                        fprintf(stderr, "Error : expected SOP marker\n");
+                        fprintf(stderr, "Warning: expected SOP marker\n");
                  } else {
                          l_current_data += 6;
                  }
@@ -920,7 +936,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
  
                  /* EPH markers */
                  if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                        if (p_max_length < 2) {
+                        if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
                                  fprintf(stderr, "Not enough space for expected EPH marker\n");
                          } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                                  fprintf(stderr, "Error : expected EPH marker\n");
@@ -1048,7 +1064,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
  
          /* EPH markers */
          if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                if (p_max_length < 2) {
+                if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
                          fprintf(stderr, "Not enough space for expected EPH marker\n");
                  } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                          /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */
@@ -1133,7 +1149,7 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
  
                          do {
                                  /* Check possible overflow (on l_current_data only, assumes input args already checked) then size */
-                                if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
+                                if ((((OPJ_SIZE_T)l_current_data + (OPJ_SIZE_T)l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
                                          fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
                                                  l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
                                          return OPJ_FALSE;
@@ -1158,6 +1174,12 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
                                  };
  
  #endif /* USE_JPWL */
+                                /* Check possible overflow on size */
+                                if ((l_cblk->data_current_size + l_seg->newlen) < l_cblk->data_current_size) {
+                                        fprintf(stderr, "read: segment too long (%d) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
+                                                l_seg->newlen, l_cblk->data_current_size, 0xFFFFFFFF - l_seg->newlen, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
+                                        return OPJ_FALSE;
+                                }
                                  /* Check if the cblk->data have allocated enough memory */
                                  if ((l_cblk->data_current_size + l_seg->newlen) > l_cblk->data_max_size) {
                                      OPJ_BYTE* new_cblk_data = (OPJ_BYTE*) opj_realloc(l_cblk->data, l_cblk->data_current_size + l_seg->newlen);
@@ -1202,6 +1224,7 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
  
          *(p_data_read) = (OPJ_UINT32)(l_current_data - p_src_data);
  
+
          return OPJ_TRUE;
  }
  
@@ -1259,7 +1282,8 @@ OPJ_BOOL opj_t2_skip_packet_data(   opj_t2_t* p_t2,
                          }
  
                          do {
-                                if (* p_data_read + l_seg->newlen > p_max_length) {
+                                /* Check possible overflow then size */
+                                if (((*p_data_read + l_seg->newlen) < (*p_data_read)) || ((*p_data_read + l_seg->newlen) > p_max_length)) {
                                          fprintf(stderr, "skip: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
                                                  l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
                                          return OPJ_FALSE;