summaryrefslogtreecommitdiff
path: root/third_party/libopenjpeg20/j2k.c
AgeCommit message (Collapse)Author
2017-05-09LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shiftNicolas Pena
The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 << (prec - 1). So limit it to be at most 31, and avoid undefined shifts. Bug: chromium:698498 Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8 Reviewed-on: https://pdfium-review.googlesource.com/5173 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-03-01LibOpenJPEG upstream: check size in opj_j2k_read_sizNicolas Pena
This happens to fix the bug in question but I suspect they still do not have enough checks to prevent undefined shifts. Patch: https://github.com/uclouvain/openjpeg/pull/762/commits/5afb4d0546dd1b0a162b4e895cfdcfa4b32f1180 BUG=694042 Change-Id: I9466eb2b095f07233517ff5f1bcb0c2437be78ac Reviewed-on: https://pdfium-review.googlesource.com/2888 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-25Use opj_uint_ceildiv where it is better than its int versionNicolas Pena
Replaced (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b) with opj_uint_ceildiv(a, b), which makes much more sense. BUG=683156 Change-Id: Ie9d6736f4ec0f16d14f203850a14f0dabd73ee38 Reviewed-on: https://pdfium-review.googlesource.com/2352 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-24Check m_data!=null when adding mctNicolas Pena
m_decorrelation_array and m_offset_array can be assigned to l_mct_data, which can be set in opj_j2k_read_mct. In this method, there can be an early true return before allocating m_data but after freeing it. BUG=678342 Change-Id: Id9ea3cc57a9a278deb1540e5db8a94db86018fd6 Reviewed-on: https://pdfium-review.googlesource.com/2350 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-19Return error in opj_j2k_read_header_procedure if l_marker_size < 2Nicolas Pena
If we do not do this check, it will overflow to a huge unsigned int, so we will allocate a lot of memory etc. BUG=682182 Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff Reviewed-on: https://pdfium-review.googlesource.com/2272 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-11Really fix m_nb_mct_records calculation in opj_j2k_read_mctNicolas Pena
My previous attempt did not follow precisely the way m_nb_mcc_records is increased in opj_j2k_read_mcc. Previous: https://pdfium-review.googlesource.com/c/2165/ BUG=678461, 680102 Change-Id: I3e14c440e3a49b714f8cd82d44992fe647200336 Reviewed-on: https://pdfium-review.googlesource.com/2171 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-10Fix m_nb_mct_records calculation in opj_j2k_read_mctNicolas Pena
Now we update m_nb_mct_records only when there was a new mct record, and l_mct_data computations all went through. In previous version, the ++l_tcp->m_nb_mcc_records was in the end, without the if. Notice that this is similar to the analoguous in opj_j2k_read_mcc. CL that changed the calculation: https://github.com/uclouvain/openjpeg/commit/7a8cdc4bb071494fccf4714413191a52eb924b60 BUG=678461 Change-Id: I9a9e7eb03d1da085f8eb15a221a6bc0a91736662 Reviewed-on: https://pdfium-review.googlesource.com/2165 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2016-07-25Fix an integer overflow in opj_tcd_get_decoded_tile_size().chromium/2810chromium/2809ochang
Based on suggested patch by reporter. BUG=629919 Review-Url: https://codereview.chromium.org/2182683002
2016-06-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SQcd_SQcc.stackexploit
BUG=chromium:619405 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2071773002
2016-05-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SPCod_SPCoc.chromium/2747chromium/2746chromium/2745chromium/2744ochang
BUG=chromium:613160 Review-Url: https://codereview.chromium.org/2001663002
2016-02-23openjpeg: Prevent bad cast in opj_j2k_update_image_dataOliver Chang
R=tsepez@chromium.org BUG=587227 Review URL: https://codereview.chromium.org/1726843002 .
2015-12-11Merge to XFA: openjpeg: fix incrementing of "l_tcp->m_nb_mcc_records" in ↵Oliver Chang
opj_j2k_read_mcc TBR=tsepez@chromium.org BUG=554129 Original Review URL: https://codereview.chromium.org/1488303004 . (cherry picked from commit e2eb04f0352d621bc8837217078c23d67044bf38) Review URL: https://codereview.chromium.org/1524553002 .
2015-10-13upgrade openjpeg to commit# cf352afJun Fang
BUG=457480,497355 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1338973005 .
2015-06-18Merge to XFA: Move libopenjpeg to third_party/Tom Sepez
Original Review URL: https://codereview.chromium.org/1185373010. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1193773002.