X-Git-Url: https://git.carlh.net/gitweb/?a=blobdiff_plain;f=src%2Flib%2Fopenjp2%2Ft2.c;h=6719ed666f16415003064667d4b8a1ebf5b4867b;hb=db9b3400e545f474bd4ab28e06cde2178fd3386b;hp=8c0df60f71a76ee08ad0230430705fef32205f3f;hpb=ec0fe091380c2de75584fdfc3d914eee5b89e731;p=openjpeg.git diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c index 8c0df60f..6719ed66 100644 --- a/src/lib/openjp2/t2.c +++ b/src/lib/openjp2/t2.c @@ -1,10 +1,18 @@ /* - * Copyright (c) 2002-2007, Communications and Remote Sensing Laboratory, Universite catholique de Louvain (UCL), Belgium - * Copyright (c) 2002-2007, Professor Benoit Macq + * The copyright in this software is being made available under the 2-clauses + * BSD License, included below. This software may be subject to other third + * party and contributor rights, including patent rights, and no such rights + * are granted under this license. + * + * Copyright (c) 2002-2014, Universite catholique de Louvain (UCL), Belgium + * Copyright (c) 2002-2014, Professor Benoit Macq * Copyright (c) 2001-2003, David Janssens * Copyright (c) 2002-2003, Yannick Verschueren - * Copyright (c) 2003-2007, Francois-Olivier Devaux and Antonin Descampe + * Copyright (c) 2003-2007, Francois-Olivier Devaux + * Copyright (c) 2003-2014, Antonin Descampe * Copyright (c) 2005, Herve Drolon, FreeImage Team + * Copyright (c) 2008, 2011-2012, Centre National d'Etudes Spatiales (CNES), FR + * Copyright (c) 2012, CS Systemes d'Information, France * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -37,7 +45,7 @@ /** @name Local static functions */ /*@{*/ -static void t2_putcommacode(opj_bio_t *bio, int n); +static void opj_t2_putcommacode(opj_bio_t *bio, OPJ_INT32 n); static OPJ_UINT32 opj_t2_getcommacode(opj_bio_t *bio); /** @@ -143,15 +151,14 @@ static OPJ_BOOL opj_t2_init_seg( opj_tcd_cblk_dec_t* cblk, /* ----------------------------------------------------------------------- */ /* #define RESTART 0x04 */ -/* TODO MSD->LHE */ -static void t2_putcommacode(opj_bio_t *bio, int n) { +static void opj_t2_putcommacode(opj_bio_t *bio, OPJ_INT32 n) { while (--n >= 0) { opj_bio_write(bio, 1, 1); } opj_bio_write(bio, 0, 1); } -OPJ_UINT32 opj_t2_getcommacode(opj_bio_t *bio) +static OPJ_UINT32 opj_t2_getcommacode(opj_bio_t *bio) { OPJ_UINT32 n = 0; while (opj_bio_read(bio, 1)) { @@ -160,7 +167,7 @@ OPJ_UINT32 opj_t2_getcommacode(opj_bio_t *bio) return n; } -void opj_t2_putnumpasses(opj_bio_t *bio, OPJ_UINT32 n) { +static void opj_t2_putnumpasses(opj_bio_t *bio, OPJ_UINT32 n) { if (n == 1) { opj_bio_write(bio, 0, 1); } else if (n == 2) { @@ -174,7 +181,7 @@ void opj_t2_putnumpasses(opj_bio_t *bio, OPJ_UINT32 n) { } } -OPJ_UINT32 opj_t2_getnumpasses(opj_bio_t *bio) { +static OPJ_UINT32 opj_t2_getnumpasses(opj_bio_t *bio) { OPJ_UINT32 n; if (!opj_bio_read(bio, 1)) return 1; @@ -211,7 +218,7 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2, opj_image_t *l_image = p_t2->image; opj_cp_t *l_cp = p_t2->cp; opj_tcp_t *l_tcp = &l_cp->tcps[p_tile_no]; - OPJ_UINT32 pocno = l_cp->m_specific_param.m_enc.m_cinema == OPJ_CINEMA4K_24? 2: 1; + OPJ_UINT32 pocno = (l_cp->rsiz == OPJ_PROFILE_CINEMA_4K)? 2: 1; OPJ_UINT32 l_max_comp = l_cp->m_specific_param.m_enc.m_max_comp_size > 0 ? l_image->numcomps : 1; OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1; @@ -235,6 +242,11 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2, /* TODO MSD : check why this function cannot fail (cf. v1) */ opj_pi_create_encode(l_pi, l_cp,p_tile_no,poc,l_tp_num,p_tp_pos,p_t2_mode); + if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) { + /* TODO ADE : add an error */ + opj_pi_destroy(l_pi, l_nb_pocs); + return OPJ_FALSE; + } while (opj_pi_next(l_current_pi)) { if (l_current_pi->layno < p_maxlayers) { l_nb_bytes = 0; @@ -267,7 +279,11 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2, opj_pi_create_encode(l_pi, l_cp,p_tile_no,p_pino,p_tp_num,p_tp_pos,p_t2_mode); l_current_pi = &l_pi[p_pino]; - + if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) { + /* TODO ADE : add an error */ + opj_pi_destroy(l_pi, l_nb_pocs); + return OPJ_FALSE; + } while (opj_pi_next(l_current_pi)) { if (l_current_pi->layno < p_maxlayers) { l_nb_bytes=0; @@ -310,6 +326,19 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2, return OPJ_TRUE; } +/* see issue 80 */ +#if 0 +#define JAS_FPRINTF fprintf +#else +/* issue 290 */ +static void opj_null_jas_fprintf(FILE* file, const char * format, ...) +{ + (void)file; + (void)format; +} +#define JAS_FPRINTF opj_null_jas_fprintf +#endif + OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2, OPJ_UINT32 p_tile_no, opj_tcd_tile_t *p_tile, @@ -353,12 +382,20 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2, for (pino = 0; pino <= l_tcp->numpocs; ++pino) { - /* if the resolution needed is to low, one dim of the tilec could be equal to zero - * and no packets are used to encode this resolution and + /* if the resolution needed is too low, one dim of the tilec could be equal to zero + * and no packets are used to decode this resolution and * l_current_pi->resno is always >= p_tile->comps[l_current_pi->compno].minimum_num_resolutions * and no l_img_comp->resno_decoded are computed */ - OPJ_BOOL* first_pass_failed = (OPJ_BOOL*)opj_malloc(l_image->numcomps * sizeof(OPJ_BOOL)); + OPJ_BOOL* first_pass_failed = NULL; + + if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) { + /* TODO ADE : add an error */ + opj_pi_destroy(l_pi, l_nb_pocs); + return OPJ_FALSE; + } + + first_pass_failed = (OPJ_BOOL*)opj_malloc(l_image->numcomps * sizeof(OPJ_BOOL)); if (!first_pass_failed) { opj_pi_destroy(l_pi,l_nb_pocs); @@ -367,7 +404,8 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2, memset(first_pass_failed, OPJ_TRUE, l_image->numcomps * sizeof(OPJ_BOOL)); while (opj_pi_next(l_current_pi)) { - + JAS_FPRINTF( stderr, "packet offset=00000166 prg=%d cmptno=%02d rlvlno=%02d prcno=%03d lyrno=%02d\n\n", + l_current_pi->poc.prg1, l_current_pi->compno, l_current_pi->resno, l_current_pi->precno, l_current_pi->layno ); if (l_tcp->num_layers_to_decode > l_current_pi->layno && l_current_pi->resno < p_tile->comps[l_current_pi->compno].minimum_num_resolutions) { @@ -440,7 +478,7 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2, /* don't forget to release pi */ opj_pi_destroy(l_pi,l_nb_pocs); - *p_data_read = l_current_data - p_src; + *p_data_read = (OPJ_UINT32)(l_current_data - p_src); return OPJ_TRUE; } @@ -456,11 +494,10 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2, opj_t2_t* opj_t2_create(opj_image_t *p_image, opj_cp_t *p_cp) { /* create the t2 structure */ - opj_t2_t *l_t2 = (opj_t2_t*)opj_malloc(sizeof(opj_t2_t)); + opj_t2_t *l_t2 = (opj_t2_t*)opj_calloc(1,sizeof(opj_t2_t)); if (!l_t2) { return NULL; } - memset(l_t2,0,sizeof(opj_t2_t)); l_t2->image = p_image; l_t2->cp = p_cp; @@ -474,7 +511,7 @@ void opj_t2_destroy(opj_t2_t *t2) { } } -OPJ_BOOL opj_t2_decode_packet( opj_t2_t* p_t2, +static OPJ_BOOL opj_t2_decode_packet( opj_t2_t* p_t2, opj_tcd_tile_t *p_tile, opj_tcp_t *p_tcp, opj_pi_iterator_t *p_pi, @@ -513,7 +550,7 @@ OPJ_BOOL opj_t2_decode_packet( opj_t2_t* p_t2, return OPJ_TRUE; } -OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, +static OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, opj_tcd_tile_t * tile, opj_tcp_t * tcp, opj_pi_iterator_t *pi, @@ -523,12 +560,12 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, opj_codestream_info_t *cstr_info) { OPJ_UINT32 bandno, cblkno; - OPJ_BYTE *c = dest; + OPJ_BYTE* c = dest; OPJ_UINT32 l_nb_bytes; - OPJ_UINT32 compno = pi->compno; /* component value */ - OPJ_UINT32 resno = pi->resno; /* resolution level value */ - OPJ_UINT32 precno = pi->precno; /* precinct value */ - OPJ_UINT32 layno = pi->layno; /* quality layer value */ + OPJ_UINT32 compno = pi->compno; /* component value */ + OPJ_UINT32 resno = pi->resno; /* resolution level value */ + OPJ_UINT32 precno = pi->precno; /* precinct value */ + OPJ_UINT32 layno = pi->layno; /* quality layer value */ OPJ_UINT32 l_nb_blocks; opj_tcd_band_t *band = 00; opj_tcd_cblk_enc_t* cblk = 00; @@ -545,8 +582,13 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, c[1] = 145; c[2] = 0; c[3] = 4; +#if 0 c[4] = (tile->packno % 65536) / 256; c[5] = (tile->packno % 65536) % 256; +#else + c[4] = (tile->packno >> 8) & 0xff; /* packno is uint32_t */ + c[5] = tile->packno & 0xff; +#endif c += 6; length -= 6; } @@ -566,13 +608,17 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, cblk = &prc->cblks.enc[cblkno]; cblk->numpasses = 0; - opj_tgt_setvalue(prc->imsbtree, cblkno, band->numbps - cblk->numbps); + opj_tgt_setvalue(prc->imsbtree, cblkno, band->numbps - (OPJ_INT32)cblk->numbps); } ++band; } } bio = opj_bio_create(); + if (!bio) { + /* FIXME event manager error callback */ + return OPJ_FALSE; + } opj_bio_init_enc(bio, c, length); opj_bio_write(bio, 1, 1); /* Empty header bit */ @@ -588,7 +634,7 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, opj_tcd_layer_t *layer = &cblk->layers[layno]; if (!cblk->numpasses && layer->numpasses) { - opj_tgt_setvalue(prc->incltree, cblkno, layno); + opj_tgt_setvalue(prc->incltree, cblkno, (OPJ_INT32)layno); } ++cblk; @@ -604,7 +650,7 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, /* cblk inclusion bits */ if (!cblk->numpasses) { - opj_tgt_encode(bio, prc->incltree, cblkno, layno + 1); + opj_tgt_encode(bio, prc->incltree, cblkno, (OPJ_INT32)(layno + 1)); } else { opj_bio_write(bio, layer->numpasses != 0, 1); } @@ -632,14 +678,15 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, len += pass->len; if (pass->term || passno == (cblk->numpasses + layer->numpasses) - 1) { - increment = opj_int_max(increment, opj_int_floorlog2(len) + 1 - (cblk->numlenbits + opj_int_floorlog2(nump))); + increment = (OPJ_UINT32)opj_int_max((OPJ_INT32)increment, opj_int_floorlog2((OPJ_INT32)len) + 1 + - ((OPJ_INT32)cblk->numlenbits + opj_int_floorlog2((OPJ_INT32)nump))); len = 0; nump = 0; } ++pass; } - t2_putcommacode(bio, increment); + opj_t2_putcommacode(bio, (OPJ_INT32)increment); /* computation of the new Length indicator */ cblk->numlenbits += increment; @@ -651,7 +698,7 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, len += pass->len; if (pass->term || passno == (cblk->numpasses + layer->numpasses) - 1) { - opj_bio_write(bio, len, cblk->numlenbits + opj_int_floorlog2(nump)); + opj_bio_write(bio, (OPJ_UINT32)len, cblk->numlenbits + (OPJ_UINT32)opj_int_floorlog2((OPJ_INT32)nump)); len = 0; nump = 0; } @@ -669,7 +716,7 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, return OPJ_FALSE; /* modified to eliminate longjmp !! */ } - l_nb_bytes = opj_bio_numbytes(bio); + l_nb_bytes = (OPJ_UINT32)opj_bio_numbytes(bio); c += l_nb_bytes; length -= l_nb_bytes; @@ -733,7 +780,8 @@ OPJ_BOOL opj_t2_encode_packet( OPJ_UINT32 tileno, ++band; } - * p_data_written += (c - dest); + assert( c >= dest ); + * p_data_written += (OPJ_UINT32)(c - dest); return OPJ_TRUE; } @@ -777,8 +825,7 @@ static OPJ_BOOL opj_t2_skip_packet( opj_t2_t* p_t2, } - -OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, +static OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, opj_tcd_tile_t *p_tile, opj_tcp_t *p_tcp, opj_pi_iterator_t *p_pi, @@ -834,8 +881,12 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* SOP markers */ if (p_tcp->csty & J2K_CP_CSTY_SOP) { - if ((*l_current_data) != 0xff || (*(l_current_data + 1) != 0x91)) { - /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_WARNING, "Expected SOP marker\n"); */ + if (p_max_length < 6) { + /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Not enough space for expected SOP marker\n"); */ + fprintf(stderr, "Not enough space for expected SOP marker\n"); + } else if ((*l_current_data) != 0xff || (*(l_current_data + 1) != 0x91)) { + /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Expected SOP marker\n"); */ + fprintf(stderr, "Warning: expected SOP marker\n"); } else { l_current_data += 6; } @@ -869,13 +920,14 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, else { /* Normal Case */ l_header_data_start = &(l_current_data); l_header_data = *l_header_data_start; - l_remaining_length = p_src_data+p_max_length-l_header_data; + l_remaining_length = (OPJ_UINT32)(p_src_data+p_max_length-l_header_data); l_modified_length_ptr = &(l_remaining_length); } opj_bio_init_dec(l_bio, l_header_data,*l_modified_length_ptr); l_present = opj_bio_read(l_bio, 1); + JAS_FPRINTF(stderr, "present=%d \n", l_present ); if (!l_present) { /* TODO MSD: no test to control the output of this function*/ opj_bio_inalign(l_bio); @@ -884,14 +936,16 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* EPH markers */ if (p_tcp->csty & J2K_CP_CSTY_EPH) { - if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { - printf("Error : expected EPH marker\n"); + if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) { + fprintf(stderr, "Not enough space for expected EPH marker\n"); + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { + fprintf(stderr, "Error : expected EPH marker\n"); } else { l_header_data += 2; } } - l_header_length = (l_header_data - *l_header_data_start); + l_header_length = (OPJ_UINT32)(l_header_data - *l_header_data_start); *l_modified_length_ptr -= l_header_length; *l_header_data_start += l_header_length; @@ -904,7 +958,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* INDEX >> */ * p_is_data_present = OPJ_FALSE; - *p_data_read = l_current_data - p_src_data; + *p_data_read = (OPJ_UINT32)(l_current_data - p_src_data); return OPJ_TRUE; } @@ -925,7 +979,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* if cblk not yet included before --> inclusion tagtree */ if (!l_cblk->numsegs) { - l_included = opj_tgt_decode(l_bio, l_prc->incltree, cblkno, p_pi->layno + 1); + l_included = opj_tgt_decode(l_bio, l_prc->incltree, cblkno, (OPJ_INT32)(p_pi->layno + 1)); /* else one bit */ } else { @@ -936,6 +990,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, if (!l_included) { l_cblk->numnewpasses = 0; ++l_cblk; + JAS_FPRINTF(stderr, "included=%d \n", l_included); continue; } @@ -943,11 +998,11 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, if (!l_cblk->numsegs) { OPJ_UINT32 i = 0; - while (!opj_tgt_decode(l_bio, l_prc->imsbtree, cblkno, i)) { + while (!opj_tgt_decode(l_bio, l_prc->imsbtree, cblkno, (OPJ_INT32)i)) { ++i; } - l_cblk->numbps = l_band->numbps + 1 - i; + l_cblk->numbps = (OPJ_UINT32)l_band->numbps + 1 - i; l_cblk->numlenbits = 3; } @@ -975,13 +1030,14 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, } } } - n = l_cblk->numnewpasses; + n = (OPJ_INT32)l_cblk->numnewpasses; do { - l_cblk->segs[l_segno].numnewpasses = opj_int_min(l_cblk->segs[l_segno].maxpasses - l_cblk->segs[l_segno].numpasses, n); + l_cblk->segs[l_segno].numnewpasses = (OPJ_UINT32)opj_int_min((OPJ_INT32)(l_cblk->segs[l_segno].maxpasses - l_cblk->segs[l_segno].numpasses), n); l_cblk->segs[l_segno].newlen = opj_bio_read(l_bio, l_cblk->numlenbits + opj_uint_floorlog2(l_cblk->segs[l_segno].numnewpasses)); + JAS_FPRINTF(stderr, "included=%d numnewpasses=%d increment=%d len=%d \n", l_included, l_cblk->segs[l_segno].numnewpasses, l_increment, l_cblk->segs[l_segno].newlen ); - n -= l_cblk->segs[l_segno].numnewpasses; + n -= (OPJ_INT32)l_cblk->segs[l_segno].numnewpasses; if (n > 0) { ++l_segno; @@ -1008,14 +1064,19 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* EPH markers */ if (p_tcp->csty & J2K_CP_CSTY_EPH) { - if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { + if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) { + fprintf(stderr, "Not enough space for expected EPH marker\n"); + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */ + fprintf(stderr, "Error : expected EPH marker\n"); } else { l_header_data += 2; } } - l_header_length = (l_header_data - *l_header_data_start); + l_header_length = (OPJ_UINT32)(l_header_data - *l_header_data_start); + JAS_FPRINTF( stderr, "hdrlen=%d \n", l_header_length ); + JAS_FPRINTF( stderr, "packet body\n"); *l_modified_length_ptr -= l_header_length; *l_header_data_start += l_header_length; @@ -1028,12 +1089,12 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2, /* INDEX >> */ *p_is_data_present = OPJ_TRUE; - *p_data_read = l_current_data - p_src_data; + *p_data_read = (OPJ_UINT32)(l_current_data - p_src_data); return OPJ_TRUE; } -OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, +static OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, opj_tcd_tile_t *p_tile, opj_pi_iterator_t *p_pi, OPJ_BYTE *p_src_data, @@ -1075,7 +1136,7 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, if (!l_cblk->numsegs) { l_seg = l_cblk->segs; ++l_cblk->numsegs; - l_cblk->len = 0; + l_cblk->data_current_size = 0; } else { l_seg = &l_cblk->segs[l_cblk->numsegs - 1]; @@ -1087,7 +1148,10 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, } do { - if (l_current_data + l_seg->newlen > p_src_data + p_max_length) { + /* Check possible overflow (on l_current_data only, assumes input args already checked) then size */ + if ((((OPJ_SIZE_T)l_current_data + (OPJ_SIZE_T)l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) { + fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", + l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); return OPJ_FALSE; } @@ -1110,16 +1174,31 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, }; #endif /* USE_JPWL */ - - if ((l_cblk->len + l_seg->newlen) > 8192) { + /* Check possible overflow on size */ + if ((l_cblk->data_current_size + l_seg->newlen) < l_cblk->data_current_size) { + fprintf(stderr, "read: segment too long (%d) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", + l_seg->newlen, l_cblk->data_current_size, 0xFFFFFFFF - l_seg->newlen, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); + return OPJ_FALSE; + } + /* Check if the cblk->data have allocated enough memory */ + if ((l_cblk->data_current_size + l_seg->newlen) > l_cblk->data_max_size) { + OPJ_BYTE* new_cblk_data = (OPJ_BYTE*) opj_realloc(l_cblk->data, l_cblk->data_current_size + l_seg->newlen); + if(! new_cblk_data) { + opj_free(l_cblk->data); + l_cblk->data = NULL; + l_cblk->data_max_size = 0; + /* opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to realloc code block cata!\n"); */ return OPJ_FALSE; + } + l_cblk->data_max_size = l_cblk->data_current_size + l_seg->newlen; + l_cblk->data = new_cblk_data; } - memcpy(l_cblk->data + l_cblk->len, l_current_data, l_seg->newlen); + memcpy(l_cblk->data + l_cblk->data_current_size, l_current_data, l_seg->newlen); if (l_seg->numpasses == 0) { l_seg->data = &l_cblk->data; - l_seg->dataindex = l_cblk->len; + l_seg->dataindex = l_cblk->data_current_size; } l_current_data += l_seg->newlen; @@ -1127,7 +1206,7 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, l_cblk->numnewpasses -= l_seg->numnewpasses; l_seg->real_num_passes = l_seg->numpasses; - l_cblk->len += l_seg->newlen; + l_cblk->data_current_size += l_seg->newlen; l_seg->len += l_seg->newlen; if (l_cblk->numnewpasses > 0) { @@ -1138,17 +1217,18 @@ OPJ_BOOL opj_t2_read_packet_data( opj_t2_t* p_t2, l_cblk->real_num_segs = l_cblk->numsegs; ++l_cblk; - } + } /* next code_block */ ++l_band; } - *(p_data_read) = l_current_data - p_src_data; + *(p_data_read) = (OPJ_UINT32)(l_current_data - p_src_data); + return OPJ_TRUE; } -OPJ_BOOL opj_t2_skip_packet_data( opj_t2_t* p_t2, +static OPJ_BOOL opj_t2_skip_packet_data( opj_t2_t* p_t2, opj_tcd_tile_t *p_tile, opj_pi_iterator_t *p_pi, OPJ_UINT32 * p_data_read, @@ -1190,7 +1270,7 @@ OPJ_BOOL opj_t2_skip_packet_data( opj_t2_t* p_t2, if (!l_cblk->numsegs) { l_seg = l_cblk->segs; ++l_cblk->numsegs; - l_cblk->len = 0; + l_cblk->data_current_size = 0; } else { l_seg = &l_cblk->segs[l_cblk->numsegs - 1]; @@ -1202,7 +1282,10 @@ OPJ_BOOL opj_t2_skip_packet_data( opj_t2_t* p_t2, } do { - if (* p_data_read + l_seg->newlen > p_max_length) { + /* Check possible overflow then size */ + if (((*p_data_read + l_seg->newlen) < (*p_data_read)) || ((*p_data_read + l_seg->newlen) > p_max_length)) { + fprintf(stderr, "skip: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n", + l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno); return OPJ_FALSE; } @@ -1225,6 +1308,7 @@ OPJ_BOOL opj_t2_skip_packet_data( opj_t2_t* p_t2, }; #endif /* USE_JPWL */ + JAS_FPRINTF(stderr, "p_data_read (%d) newlen (%d) \n", *p_data_read, l_seg->newlen ); *(p_data_read) += l_seg->newlen; l_seg->numpasses += l_seg->numnewpasses;