Carl Hetherington [Sun, 7 Jun 2020 18:48:18 +0000 (20:48 +0200)]
fixup! Try to build with AVX2.
Carl Hetherington [Sun, 7 Jun 2020 18:38:51 +0000 (20:38 +0200)]
Try to build with AVX2.
Carl Hetherington [Sun, 7 Jun 2020 17:34:35 +0000 (19:34 +0200)]
Add cscript.
Even Rouault [Sun, 24 May 2020 13:38:21 +0000 (15:38 +0200)]
T1 encoder: speed-up by aggressive inlining and more cache friendly data organization
~ 9% speed improvement seen on 10980x10980 uint16 image, T36JTT_20160914T074612_B02.tif
opj_compress time from 17.2s to 15.8s
Even Rouault [Fri, 22 May 2020 21:57:51 +0000 (23:57 +0200)]
Forward DWT 9-7: major speed up by vectorizing vertical pass
`bench_dwt -I -encode` times goes from 8.6s to 2.1s
Even Rouault [Fri, 22 May 2020 15:50:15 +0000 (17:50 +0200)]
Forward DWT 5-3: major speed up by vectorizing vertical pass
`bench_dwt -encode` times goes from 7.9s to 1.7s
Even Rouault [Fri, 22 May 2020 13:58:47 +0000 (15:58 +0200)]
Forward DWT: small code refactoring to allow future improvements for the vertical pass
Even Rouault [Fri, 22 May 2020 13:06:29 +0000 (15:06 +0200)]
dwt.c: remove unused typedef
Even Rouault [Fri, 22 May 2020 13:03:40 +0000 (15:03 +0200)]
Forward DWT 5x3: performance improvements in horizontal pass, and modest in vertical pass
Even Rouault [Thu, 21 May 2020 19:20:19 +0000 (21:20 +0200)]
Forward DWT: small code refactoring to allow future improvements for the horizontal pass
Even Rouault [Thu, 21 May 2020 14:54:48 +0000 (16:54 +0200)]
Speed-up 9x7 IDWD by ~30% with OPJ_NUM_THREADS=2
"bench_dwt -I" time goes from 2.2s to 1.5s
Even Rouault [Thu, 21 May 2020 09:24:29 +0000 (11:24 +0200)]
Remove useless + 5U margin in opj_dwt_decode_tile_97()
Nothing in code analysis nor test suite shows that this margin is
needed.
It dates back to commit
dbeebe72b9d35f6ff807c21c7f217b569fa894f6
where vector 9x7 decoding was introduced.
Even Rouault [Thu, 21 May 2020 09:23:00 +0000 (11:23 +0200)]
Speed-up 9x7 IDWD by ~20%
"bench_dwt -I" time goes from 2.8s to 2.2s
Even Rouault [Wed, 20 May 2020 21:20:48 +0000 (23:20 +0200)]
bench_dwt.c: add a -I switch to test irreversible FWDT/IDWT
Even Rouault [Wed, 20 May 2020 17:24:09 +0000 (19:24 +0200)]
Irreversible decoding: partially revert previous commit, to fix failures in test suite
Even Rouault [Wed, 20 May 2020 16:00:45 +0000 (18:00 +0200)]
Irreversible compression/decompression DWT: use 1/K constant as per standard
The previous constant opj_c13318 was mysteriously equal to 2/K , and in
the DWT, we had to divide K and opj_c13318 by 2... The issue was that the
band->stepsize computation in tcd.c didn't take into account the log2gain of
the band.
The effect of this change is expected to be mostly equivalent to the previous
situation, except some difference in rounding. But it leads to a dramatic
reduction of the mean square error and peak error in the irreversible encoding
of issue141.tif !
Even Rouault [Wed, 20 May 2020 11:14:16 +0000 (13:14 +0200)]
Irreversible decoding: align code more closely to the standard by avoid messing up with stepsize (no functional change)
Even Rouault [Wed, 20 May 2020 09:36:05 +0000 (11:36 +0200)]
opj_dwt_encode_1_real(): avoid many bound comparisons, similarly to decoding side
Even Rouault [Tue, 19 May 2020 20:26:22 +0000 (22:26 +0200)]
opj_j2k_setup_encoder(): add validation of tile width and height to avoid potential division by zero
Even Rouault [Tue, 19 May 2020 17:45:00 +0000 (19:45 +0200)]
opj_mct_encode_real(): add SSE optimization
Even Rouault [Tue, 19 May 2020 16:03:58 +0000 (18:03 +0200)]
Testing: revise testing of lossy encoding by comparing PEAK and MSE with original image
Even Rouault [Tue, 19 May 2020 16:03:29 +0000 (18:03 +0200)]
compare_images.c: code reformatting
Even Rouault [Mon, 18 May 2020 18:17:07 +0000 (20:17 +0200)]
tcd.c: add comment
Even Rouault [Mon, 18 May 2020 18:15:07 +0000 (20:15 +0200)]
Encoder: use floating-point operations for irreversible transformation
Even Rouault [Mon, 18 May 2020 16:09:10 +0000 (18:09 +0200)]
dwt.c: change sign of constants to match standard and compensate (no functional change)
Even Rouault [Thu, 30 Apr 2020 09:52:42 +0000 (11:52 +0200)]
Add multithreaded support in the DWT encoder.
Update the bench_dwt utility to have a -decode/-encode switch
Measured performance gains for DWT encoder on a
Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz (4 cores, hyper threaded)
Encoding time:
$ ./bin/bench_dwt -encode -num_threads 1
time for dwt_encode: total = 8.348 s, wallclock = 8.352 s
$ ./bin/bench_dwt -encode -num_threads 2
time for dwt_encode: total = 9.776 s, wallclock = 4.904 s
$ ./bin/bench_dwt -encode -num_threads 4
time for dwt_encode: total = 13.188 s, wallclock = 3.310 s
$ ./bin/bench_dwt -encode -num_threads 8
time for dwt_encode: total = 30.024 s, wallclock = 4.064 s
Scaling is probably limited by memory access patterns causing
memory access to be the bottleneck.
The slightly worse results with threads==8 than with thread==4
is due to hyperthreading being not appropriate here.
Even Rouault [Wed, 29 Apr 2020 09:50:17 +0000 (11:50 +0200)]
Add multithreading support in the T1 (entropy phase) encoder
- API wise, opj_codec_set_threads() can be used on the encoding side
- opj_compress has a -threads switch similar to opj_uncompress
Even Rouault [Wed, 20 May 2020 18:29:31 +0000 (20:29 +0200)]
Merge pull request #1246 from rouault/write_plt
Add support for generation of PLT markers in encoder
Even Rouault [Tue, 21 Apr 2020 13:55:44 +0000 (15:55 +0200)]
Add support for generation of PLT markers in encoder
* -PLT switch added to opj_compress
* Add a opj_encoder_set_extra_options() function that
accepts a PLT=YES option, and could be expanded later
for other uses.
-------
Testing with a Sentinel2 10m band, T36JTT_20160914T074612_B02.jp2,
coming from S2A_MSIL1C_20160914T074612_N0204_R135_T36JTT_20160914T081456.SAFE
Decompress it to TIFF:
```
opj_uncompress -i T36JTT_20160914T074612_B02.jp2 -o T36JTT_20160914T074612_B02.tif
```
Recompress it with similar parameters as original:
```
opj_compress -n 5 -c [256,256],[256,256],[256,256],[256,256],[256,256] -t 1024,1024 -PLT -i T36JTT_20160914T074612_B02.tif -o T36JTT_20160914T074612_B02_PLT.jp2
```
Dump codestream detail with GDAL dump_jp2.py utility (https://github.com/OSGeo/gdal/blob/master/gdal/swig/python/samples/dump_jp2.py)
```
python dump_jp2.py T36JTT_20160914T074612_B02.jp2 > /tmp/dump_sentinel2_ori.txt
python dump_jp2.py T36JTT_20160914T074612_B02_PLT.jp2 > /tmp/dump_sentinel2_openjpeg_plt.txt
```
The diff between both show very similar structure, and identical number of packets in PLT markers
Now testing with Kakadu (KDU803_Demo_Apps_for_Linux-x86-64_200210)
Full file decompression:
```
kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp.tif
Consumed 121 tile-part(s) from a total of 121 tile(s).
Consumed 80,318,806 codestream bytes (excluding any file format) = 5.329697
bits/pel.
Processed using the multi-threaded environment, with
8 parallel threads of execution
```
Partial decompresson (presumably using PLT markers):
```
kdu_expand -i T36JTT_20160914T074612_B02.jp2 -o tmp.pgm -region "{0.5,0.5},{0.01,0.01}"
kdu_expand -i T36JTT_20160914T074612_B02_PLT.jp2 -o tmp2.pgm -region "{0.5,0.5},{0.01,0.01}"
diff tmp.pgm tmp2.pgm && echo "same !"
```
-------
Funded by ESA for S2-MPC project
Even Rouault [Sat, 18 Apr 2020 16:25:44 +0000 (18:25 +0200)]
struct opj_j2k: remove unused fields, and add some documentation
Even Rouault [Thu, 16 Apr 2020 22:39:46 +0000 (00:39 +0200)]
Merge pull request #1244 from rouault/fix_pi_warnings
Fix warnings about signed/unsigned casts in pi.c
szukw000 [Thu, 16 Apr 2020 22:37:33 +0000 (00:37 +0200)]
color_apply_icc_profile: add checks on the number of components (#1236)
Eduardo Barretto [Thu, 16 Apr 2020 22:09:40 +0000 (19:09 -0300)]
jp3d/jpwl/mj2/jpip: Fix resource leaks (#1226)
This issues were found by cppcheck and coverity.
Even Rouault [Thu, 16 Apr 2020 18:52:44 +0000 (20:52 +0200)]
Fix warnings about signed/unsigned casts in pi.c
Even Rouault [Thu, 16 Apr 2020 18:33:22 +0000 (20:33 +0200)]
Rename mis-named function opj_tcd_get_encoded_tile_size() to opj_tcd_get_encoder_input_buffer_size()
Even Rouault [Wed, 1 Apr 2020 20:00:19 +0000 (22:00 +0200)]
Merge pull request #1240 from rouault/fix_crash_opj_decompress
opj_decompress: add sanity checks to avoid segfault in case of decoding error
Even Rouault [Wed, 1 Apr 2020 18:58:55 +0000 (20:58 +0200)]
opj_decompress: add sanity checks to avoid segfault in case of decoding error
Prevent crashes like:
opj_decompress -i 0722_5-1_2019.jp2 -o out.ppm -r 4 -t 0
where 0722_5-1_2019.jp2 is
https://drive.google.com/file/d/1ZxOUZg2-FKjYwa257VFLMpTXRWxEoP0a/view?usp=sharing
Even Rouault [Thu, 13 Feb 2020 08:59:17 +0000 (09:59 +0100)]
opj_compress: improve help message regarding new IMF switch
Even Rouault [Thu, 13 Feb 2020 08:54:20 +0000 (09:54 +0100)]
Merge pull request #1235 from rouault/imf
Implement writing of IMF profiles
Even Rouault [Wed, 12 Feb 2020 14:55:16 +0000 (15:55 +0100)]
Implement writing of IMF profiles
Add -IMF switch to opj_compress as well
Even Rouault [Wed, 12 Feb 2020 14:55:02 +0000 (15:55 +0100)]
openjpeg.h: fix values of OPJ_PROFILE_IMF_ constants
Even Rouault [Mon, 10 Feb 2020 10:20:20 +0000 (11:20 +0100)]
Merge pull request #1234 from rouault/md5_libtiff_4_1
tests: add alternate checksums for libtiff 4.1
Even Rouault [Fri, 7 Feb 2020 20:53:10 +0000 (21:53 +0100)]
tests: add alternate checksums for libtiff 4.1
Fixes #1233
libtiff 4.1 slightly modifies the way it generates files. So
add the new expected md5sum.
Not super elegant solution admitedly.
Even Rouault [Thu, 30 Jan 2020 12:07:31 +0000 (13:07 +0100)]
Merge pull request #1232 from rouault/fix_1231
opj_tcd_init_tile(): avoid integer overflow
Even Rouault [Wed, 29 Jan 2020 23:59:57 +0000 (00:59 +0100)]
opj_tcd_init_tile(): avoid integer overflow
That could lead to later assertion failures.
Fixes #1231 / CVE-2020-8112
Max Moroz [Mon, 13 Jan 2020 17:07:54 +0000 (09:07 -0800)]
tests/fuzzers: link fuzz binaries using $LIB_FUZZING_ENGINE. (#1230)
This was changed some time ago (https://google.github.io/oss-fuzz/getting-started/new-project-guide/) but the build didn't fail as there is a fallback mechanism. The main advantage of the new approach is that for libFuzzer this produces more performant binaries (as `$LIB_FUZZING_ENGINE` expands into `-fsanitize=fuzzer`, which links libFuzzer from the compiler-rt, allowing better optimization tricks).
I'm also experimenting with dataflow (https://github.com/google/oss-fuzz/issues/1632) on your project, and the dataflow config doesn't have a fallback (as it's a new configuration), therefore I'm proposing a change to migrate from `-lFuzzingEngine` to `$LIB_FUZZING_ENGINE`.
Even Rouault [Sat, 11 Jan 2020 10:29:11 +0000 (11:29 +0100)]
Merge pull request #1229 from rouault/fix_1228
opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
Even Rouault [Sat, 11 Jan 2020 00:51:19 +0000 (01:51 +0100)]
opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX (fixes #1228)
Even Rouault [Sun, 17 Nov 2019 12:08:41 +0000 (13:08 +0100)]
Merge pull request #1217 from rouault/fix_ossfuzz_18979
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
Robert Ancell [Sun, 17 Nov 2019 02:09:59 +0000 (15:09 +1300)]
JPWL: convert: Fix buffer overflow reading an image file less than four characters (#1196)
Fixes #1068
Even Rouault [Sun, 17 Nov 2019 01:47:26 +0000 (02:47 +0100)]
Merge pull request #1218 from rouault/fix_broken_abi_check
abi-check.sh: fix false postive ABI error, and display output error log
Even Rouault [Sun, 17 Nov 2019 00:35:26 +0000 (01:35 +0100)]
abi-check.sh: fix false postive ABI error, and display output error log
There is currently a false positive ABI check failure between v2.3.1
and current. It disappears when removing the generated reports of v2.3.1
and recreating them. It is likely that some tooling has evolved since
the initial v2.3.1 report generation.
Even Rouault [Sun, 17 Nov 2019 00:18:26 +0000 (01:18 +0100)]
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
Even Rouault [Thu, 3 Oct 2019 09:04:30 +0000 (11:04 +0200)]
opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151)
Even Rouault [Tue, 3 Sep 2019 15:03:54 +0000 (17:03 +0200)]
Merge pull request #1164 from sebras/master
openjp2/j2k: Report error if all wanted components are not decoded.
Even Rouault [Sat, 15 Jun 2019 07:55:16 +0000 (09:55 +0200)]
opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)
Even Rouault [Sun, 26 May 2019 09:06:01 +0000 (11:06 +0200)]
test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)
Even Rouault [Fri, 26 Apr 2019 17:52:52 +0000 (19:52 +0200)]
Merge pull request #1185 from Young-X/fix
Fix several potential vulnerabilities
Even Rouault [Thu, 25 Apr 2019 13:32:22 +0000 (15:32 +0200)]
Merge pull request #1192 from rouault/poc_fixes
compression: emit POC marker when only one single POC is requested (f…
Even Rouault [Thu, 25 Apr 2019 12:07:46 +0000 (14:07 +0200)]
Change opj_j2k_check_poc_val() to take into account tile number
Even Rouault [Wed, 24 Apr 2019 23:29:38 +0000 (01:29 +0200)]
Add test for previous commit
Even Rouault [Wed, 24 Apr 2019 23:27:02 +0000 (01:27 +0200)]
Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
Even Rouault [Wed, 24 Apr 2019 22:40:04 +0000 (00:40 +0200)]
Add test for previous commit
Even Rouault [Wed, 24 Apr 2019 22:34:44 +0000 (00:34 +0200)]
opj_j2k_check_poc_val(): prevent potential write outside of allocated array
Even Rouault [Wed, 24 Apr 2019 22:28:05 +0000 (00:28 +0200)]
opj_j2k_check_poc_val(): fix starting index for checking layer dimension
The standard mandates that the layer index always starts at zero for every
progression.
Even Rouault [Wed, 24 Apr 2019 22:17:13 +0000 (00:17 +0200)]
compression: emit POC marker when only one single POC is requested (fixes #1191)
Even Rouault [Tue, 23 Apr 2019 14:52:21 +0000 (16:52 +0200)]
j2k.c: use correct naming convention for total_data_size variable
Young Xiao [Sat, 16 Mar 2019 12:09:59 +0000 (20:09 +0800)]
bmp_read_rle4_data(): avoid potential infinite loop
Young Xiao [Sat, 16 Mar 2019 11:57:27 +0000 (19:57 +0800)]
convertbmp: detect invalid file dimensions early
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
See commit
8ee335227bbc for details.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
Antonin Descampe [Tue, 2 Apr 2019 13:37:38 +0000 (15:37 +0200)]
Comment back opj_previous_version in abi_check.sh
Antonin Descampe [Tue, 2 Apr 2019 13:12:59 +0000 (15:12 +0200)]
Update version number for automatic abi check
Antonin Descampe [Tue, 2 Apr 2019 12:45:15 +0000 (14:45 +0200)]
update token for appveyor auto release
Antonin Descampe [Tue, 2 Apr 2019 12:25:09 +0000 (14:25 +0200)]
update token for automatic release
Antonin Descampe [Tue, 2 Apr 2019 10:08:52 +0000 (12:08 +0200)]
Update for release 2.3.1
Antonin Descampe [Tue, 2 Apr 2019 09:03:16 +0000 (11:03 +0200)]
Update for release 2.3.1
Antonin Descampe [Tue, 2 Apr 2019 09:02:20 +0000 (11:02 +0200)]
update for release 2.3.1
Antonin Descampe [Tue, 2 Apr 2019 09:00:58 +0000 (11:00 +0200)]
Update BUILD version for release 2.3.1
Even Rouault [Fri, 29 Mar 2019 11:25:39 +0000 (12:25 +0100)]
Merge pull request #1188 from rouault/fix_abi_check
abi-check.sh: fix broken download URL
Even Rouault [Fri, 29 Mar 2019 10:53:23 +0000 (11:53 +0100)]
abi-check.sh: fix broken download URL
Even Rouault [Fri, 29 Mar 2019 10:52:38 +0000 (11:52 +0100)]
Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
opj_t1_encode_cblks: fix UBSAN signed integer overflow
Even Rouault [Fri, 29 Mar 2019 10:17:39 +0000 (11:17 +0100)]
opj_t1_encode_cblks: fix UBSAN signed integer overflow
Fixes #1053 / CVE-2018-5727
Note: I don't consider this issue to be a security vulnerability, in
practice.
At least with gcc or clang compilers on x86_64 which generate the same
assembly code with or without that fix.
Even Rouault [Fri, 29 Mar 2019 09:44:35 +0000 (10:44 +0100)]
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
This reverts commit
05be3084460e46282ee63f04c72c451f3271fd28.
This commit doesn't compile due to missing OPJ_UINT64 type
Even Rouault [Fri, 29 Mar 2019 09:40:58 +0000 (10:40 +0100)]
Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
This reverts commit
c277159986c80142180fbe5efb256bbf3bdf3edc.
The commit didn't compile. include_size is not defined in openmj2
Sebastian Rasmussen [Wed, 31 Oct 2018 19:22:11 +0000 (20:22 +0100)]
openjp2/j2k: Report error if all wanted components are not decoded.
Previously the caller had to check whether each component data had
been decoded. This means duplicating the checking in every user of
openjpeg which is unnecessary. If the caller wantes to decode all
or a set of, or a specific component then openjpeg ought to error
out if it was unable to do so.
Fixes #1158.
Even Rouault [Fri, 21 Dec 2018 15:41:00 +0000 (16:41 +0100)]
Merge pull request #1172 from hlef/master
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
Hugo Lefeuvre [Fri, 14 Dec 2018 03:58:40 +0000 (04:58 +0100)]
convertbmp: detect invalid file dimensions early
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
Fixes #1059 (CVE-2018-6616).
Even Rouault [Fri, 7 Dec 2018 20:27:38 +0000 (21:27 +0100)]
Merge pull request #1168 from Young-X/fix_dev
Fix multiple potential vulnerabilities and bugs
Young Xiao [Wed, 28 Nov 2018 06:44:06 +0000 (14:44 +0800)]
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
and fixes unaligned load
Signed-off-by: Young Xiao <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 09:15:05 +0000 (17:15 +0800)]
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 09:12:06 +0000 (17:12 +0800)]
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 08:24:19 +0000 (16:24 +0800)]
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
opj_get_encoding_parameters
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 08:12:53 +0000 (16:12 +0800)]
[MJ2] Avoid index out of bounds access to pi->include[]
Signed-off-by: Young_X <YangX92@hotmail.com>
Even Rouault [Tue, 27 Nov 2018 23:04:30 +0000 (00:04 +0100)]
Merge pull request #1170 from rouault/fix_color_apply_icc_profile
color_apply_icc_profile: avoid potential heap buffer overflow
Even Rouault [Tue, 27 Nov 2018 22:31:30 +0000 (23:31 +0100)]
color_apply_icc_profile: avoid potential heap buffer overflow
Derived from a patch by Thuan Pham
Young_X [Fri, 23 Nov 2018 07:58:23 +0000 (15:58 +0800)]
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 07:02:26 +0000 (15:02 +0800)]
[JPWL] fix CVE-2018-16375
Signed-off-by: Young_X <YangX92@hotmail.com>
Young_X [Fri, 23 Nov 2018 06:47:36 +0000 (14:47 +0800)]
[MJ2] To avoid divisions by zero / undefined behaviour on shift
Signed-off-by: Young_X <YangX92@hotmail.com>
Even Rouault [Fri, 16 Nov 2018 08:42:19 +0000 (09:42 +0100)]
Merge pull request #1160 from hlef/master
jp3d/jpwl convert: fix write stack buffer overflow
ichlubna [Fri, 16 Nov 2018 08:40:31 +0000 (09:40 +0100)]
openjp3d: Int overflow fixed (#1159)
When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
Hugo Lefeuvre [Wed, 7 Nov 2018 17:48:29 +0000 (18:48 +0100)]
jp2: convert: fix null pointer dereference
Tile components in a JP2 image might have null data pointer by defining a
zero component size (for example using large horizontal or vertical
sampling periods). This null data pointer leads to null image component
data pointer, causing crash when dereferenced without != null check in
imagetopnm.
Add != null check.
This commit addresses #1152 (CVE-2018-18088).