#include <stdlib.h>
#include <string.h>
#include <ctype.h>
+#include <limits.h>
#ifndef OPJ_HAVE_LIBTIFF
# error OPJ_HAVE_LIBTIFF_NOT_DEFINED
TIFFSetField(tif, TIFFTAG_PHOTOMETRIC, tiPhoto);
TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
+ if (width > UINT_MAX/numcomps || width * bps > UINT_MAX/numcomps || width * numcomps > UINT_MAX/sizeof(OPJ_INT32)) {
+ fprintf(stderr, "Buffer overflow\n");
+ TIFFClose(tif);
+ return 1;
+ }
+
strip_size = TIFFStripSize(tif);
rowStride = (width * numcomps * bps + 7U) / 8U;
if (rowStride != strip_size) {
TIFFClose(tif);
return 1;
}
- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(
- OPJ_INT32)));
+
+ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
+
if (buffer32s == NULL) {
_TIFFfree(buf);
TIFFClose(tif);
OPJ_INT32* buffer32s = NULL;
OPJ_INT32* planes[4];
tmsize_t rowStride;
-
+
tif = TIFFOpen(filename, "r");
if (!tif) {
opj_image_destroy(image);
return NULL;
}
+ if (tiWidth > UINT_MAX/tiSpp || tiWidth * tiSpp > UINT_MAX/tiBps || tiWidth * tiSpp > UINT_MAX/sizeof(OPJ_INT32)) {
+ fprintf(stderr, "Buffer overflow\n");
+ _TIFFfree(buf);
+ TIFFClose(tif);
+ opj_image_destroy(image);
+ return NULL;
+ }
rowStride = (tmsize_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(tiWidth * tiSpp * sizeof(
OPJ_INT32)));
return OPJ_FALSE;
}
if (!p_j2k->dump_state) {
- OPJ_UINT32 siz_w, siz_h; /* AFL test */
+ OPJ_UINT32 siz_w, siz_h;
siz_w = l_image->x1 - l_image->x0;
siz_h = l_image->y1 - l_image->y0;
l_img_comp->sgnd = tmp >> 7;
if (p_j2k->dump_state == 0) {
- if (i == 0) { /* AFL test */
+ if (i == 0) {
l_prec0 = l_img_comp->prec;
l_sgnd0 = l_img_comp->sgnd;
} else if (l_cp->bpc_is_255 == 0
- && (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {/* AFL test */
+ && (l_img_comp->prec != l_prec0 || l_img_comp->sgnd != l_sgnd0)) {
opj_event_msg(p_manager, EVT_ERROR,
"Invalid precision and/or sgnd values for comp[%d]:\n"
" [0] prec(%d) sgnd(%d) [%d] prec(%d) sgnd(%d)\n", i, l_prec0, l_sgnd0,
l_cp->m_specific_param.m_dec.m_reduce; /* reducing factor per component */
++l_img_comp;
}
- if (!p_j2k->dump_state) {
- switch (p_j2k->enumcs) { /* AFL tests */
- int ok, sycc;
-
- case 12: /* CMYK */
- if (l_image->numcomps == 4 /* cnf. color.c, line 879 */
- && l_image->comps[0].dx == l_image->comps[1].dx
- && l_image->comps[0].dx == l_image->comps[2].dx
- && l_image->comps[0].dx == l_image->comps[3].dx
- && l_image->comps[0].dy == l_image->comps[1].dy
- && l_image->comps[0].dy == l_image->comps[2].dy
- && l_image->comps[0].dy == l_image->comps[3].dy) {
- break;
- }
- opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 12(i.e. CMYK)\n");
- return OPJ_FALSE;
-
- case 16: /* sRGB */
- if (l_image->numcomps < 3) {
- break; /* GRAY, GRAYA */
- }
-
- if (l_image->numcomps == 3 /* RGB */
- && l_image->comps[0].dx == l_image->comps[1].dx
- && l_image->comps[0].dx == l_image->comps[2].dx
- && l_image->comps[0].dy == l_image->comps[1].dy
- && l_image->comps[0].dy == l_image->comps[2].dy
- && l_image->comps[0].prec == l_image->comps[1].prec
- && l_image->comps[0].prec == l_image->comps[2].prec
- && l_image->comps[0].sgnd == l_image->comps[1].sgnd
- && l_image->comps[0].sgnd == l_image->comps[2].sgnd) {
- break;
- }
- if (l_image->numcomps == 4 /* RGBA */
- && l_image->comps[0].dx == l_image->comps[3].dx
- && l_image->comps[0].dy == l_image->comps[3].dy
- && l_image->comps[0].prec == l_image->comps[3].prec
- && l_image->comps[0].sgnd == l_image->comps[3].sgnd) {
- break;
- }
- opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 16(i.e. sRGB)\n");
- return OPJ_FALSE;
-
- case 18: /* sYCC */
- sycc = 0;
- ok = (l_image->numcomps > 2); /* cnf. color.c, line 319 */
-
- if (ok) {
- sycc = /* sycc420 */
- ((l_image->comps[0].dx == 1)
- && (l_image->comps[1].dx == 2)
- && (l_image->comps[2].dx == 2)
- && (l_image->comps[0].dy == 1)
- && (l_image->comps[1].dy == 2)
- && (l_image->comps[2].dy == 2))
- || /* sycc422 */
- ((l_image->comps[0].dx == 1)
- && (l_image->comps[1].dx == 2)
- && (l_image->comps[2].dx == 2)
- && (l_image->comps[0].dy == 1)
- && (l_image->comps[1].dy == 1)
- && (l_image->comps[2].dy == 1))
- || /* sycc444 */
- ((l_image->comps[0].dx == 1)
- && (l_image->comps[1].dx == 1)
- && (l_image->comps[2].dx == 1)
- && (l_image->comps[0].dy == 1)
- && (l_image->comps[1].dy == 1)
- && (l_image->comps[2].dy == 1));
- }
- if (ok && sycc) {
- break;
- }
-
- opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs 18(i.e. sYCC)\n");
- return OPJ_FALSE;
-
- case 24: /* e-sYCC */
- if (l_image->numcomps > 2 /* cnf. color.c, line 938 */
- && l_image->comps[0].dx == l_image->comps[1].dx
- && l_image->comps[0].dx == l_image->comps[2].dx
- && l_image->comps[0].dy == l_image->comps[1].dy
- && l_image->comps[0].dy == l_image->comps[2].dy) {
- break;
- }
-
- opj_event_msg(p_manager, EVT_ERROR,
- "wrong values for enumcs 24(i.e. e-sYCC)\n");
- return OPJ_FALSE;
-
- case 14: /* CIELAB */
- if (l_image->numcomps != 3) {
- opj_event_msg(p_manager, EVT_ERROR,
- "wrong values for enumcs 14(i.e. CIElab)\n");
- return OPJ_FALSE;
- }
- break;
-
- case 17: /* GRAY */
- if (l_image->comps[0].dx == 1
- && l_image->comps[0].dy == 1) {
- break;
- }
- opj_event_msg(p_manager, EVT_ERROR, "wrong values for enumcs %u\n",
- p_j2k->enumcs);
- return OPJ_FALSE;
-
- default:
- break;
-
- }/* switch() */
- } /* p_j2k->dump */
- if (l_cp->tdx == 0 || l_cp->tdy == 0) { /* AFL test */
+ if (l_cp->tdx == 0 || l_cp->tdy == 0) {
return OPJ_FALSE;
}
j2k->m_cp.m_specific_param.m_dec.m_layer = parameters->cp_layer;
j2k->m_cp.m_specific_param.m_dec.m_reduce = parameters->cp_reduce;
- j2k->dump_state = parameters->dump_state;
+ j2k->dump_state = (parameters->flags & OPJ_DPARAMETERS_DUMP_FLAG);
#ifdef USE_JPWL
j2k->m_cp.correct = parameters->jpwl_correct;
j2k->m_cp.exp_comps = parameters->jpwl_exp_comps;
opj_event_msg(p_manager, EVT_ERROR, "Failed to decode.\n");
return OPJ_FALSE;
}
- p_j2k->m_tcd->enumcs = p_j2k->enumcs; /* AFL test */
+ p_j2k->m_tcd->enumcs = p_j2k->enumcs;
if (! opj_tcd_update_tile_data(p_j2k->m_tcd, p_data, p_data_size)) {
return OPJ_FALSE;
projects / openjpeg.git / commitdiff