summaryrefslogtreecommitdiff
path: root/third_party/libopenjpeg20
AgeCommit message (Collapse)Author
2017-01-19Return error in opj_j2k_read_header_procedure if l_marker_size < 2Nicolas Pena
If we do not do this check, it will overflow to a huge unsigned int, so we will allocate a lot of memory etc. BUG=682182 Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff Reviewed-on: https://pdfium-review.googlesource.com/2272 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-11Really fix m_nb_mct_records calculation in opj_j2k_read_mctNicolas Pena
My previous attempt did not follow precisely the way m_nb_mcc_records is increased in opj_j2k_read_mcc. Previous: https://pdfium-review.googlesource.com/c/2165/ BUG=678461, 680102 Change-Id: I3e14c440e3a49b714f8cd82d44992fe647200336 Reviewed-on: https://pdfium-review.googlesource.com/2171 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-10Fix m_nb_mct_records calculation in opj_j2k_read_mctNicolas Pena
Now we update m_nb_mct_records only when there was a new mct record, and l_mct_data computations all went through. In previous version, the ++l_tcp->m_nb_mcc_records was in the end, without the if. Notice that this is similar to the analoguous in opj_j2k_read_mcc. CL that changed the calculation: https://github.com/uclouvain/openjpeg/commit/7a8cdc4bb071494fccf4714413191a52eb924b60 BUG=678461 Change-Id: I9a9e7eb03d1da085f8eb15a221a6bc0a91736662 Reviewed-on: https://pdfium-review.googlesource.com/2165 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2016-08-29openjpeg: Prevent an integer overflow in opj_jp2_apply_pclr.stackexploit
This patch also prevent a null pointer access problem. BUG=chromium:638829 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2270343002
2016-08-08openjpeg: Prevent negative x, y values in opj_tcd_init_tilechromium/2825ochang
BUG=632622 Review-Url: https://codereview.chromium.org/2223303002
2016-08-04openjpeg: Prevent overflows when using opj_aligned_malloc()gogil
BUG=628304 R=thestig@chromium.org, ochang@chromium.org Review-Url: https://codereview.chromium.org/2218783002
2016-08-04openjpeg: Prevent integer overflows during calculation of ↵gogil
|l_nb_code_blocks_size| BUG=628890 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2212973002
2016-07-25Fix an integer overflow in opj_tcd_get_decoded_tile_size().chromium/2810chromium/2809ochang
Based on suggested patch by reporter. BUG=629919 Review-Url: https://codereview.chromium.org/2182683002
2016-07-06openjpeg: Prevent integer overflows during calculation of |l_nb_precinct_size|ochang
BUG=625541 Review-Url: https://codereview.chromium.org/2124073003
2016-06-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SQcd_SQcc.stackexploit
BUG=chromium:619405 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2071773002
2016-05-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SPCod_SPCoc.chromium/2747chromium/2746chromium/2745chromium/2744ochang
BUG=chromium:613160 Review-Url: https://codereview.chromium.org/2001663002
2016-05-19Fix a memory leak in opj_jp2_read_ihdr().thestig
BUG=603895 Review-Url: https://codereview.chromium.org/1992893003
2016-03-18openjpeg: Remove unneeded non-standard code.Nico Weber
When building with clang-cl and not passing /FIintrin.h, the __attribute__ defined to nothing, which confuses the compiler (see bug). Since nothing seems to require the __attribute__ redefinition, just remove it. Reported upstream here: https://github.com/uclouvain/openjpeg/issues/727 BUG=592745 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1810373002 .
2016-03-10openjpeg: Don't build with SSE instrinsics for 32-bit x86.Oliver Chang
Fixes 32-bit clang-cl build. These intrinsics require addresses with 16-byte alignment, which doesn't cause issues for 64-bit builds because of allocator alignment. MSVC doesn't recognise the __SSE__, __SSE2__ defines, which is why this problem never surfaced before. R=tsepez@chromium.org BUG=pdfium:433 Review URL: https://codereview.chromium.org/1783813003 .
2016-02-23openjpeg: Prevent bad cast in opj_j2k_update_image_dataOliver Chang
R=tsepez@chromium.org BUG=587227 Review URL: https://codereview.chromium.org/1726843002 .
2016-01-15Merge to XFA: openjpeg: Set proper upper bound for an array in ↵Oliver Chang
opj_pi_update_decode_poc(). R=tsepez@chromium.org TBR=tsepez@chromium.org BUG=571480 Original Review URL: https://codereview.chromium.org/1583233008 . (cherry picked from commit 7a0f441e1410b3a0d97374c00c4007552d7dd27a) Review URL: https://codereview.chromium.org/1594603004 .
2016-01-14Merge to XFA: openjpeg: Fix potential bad precno value in opj_pi_next* ↵chromium/2622Oliver Chang
functions. TBR=thestig@chromium.org BUG=571479 Original Review URL: https://codereview.chromium.org/1585243003 . (cherry picked from commit 0b56371b1e9683676cf191f2d9d41d40d47c3726) Review URL: https://codereview.chromium.org/1590593002 .
2015-12-24Merge to XFA: Replace an assertion with returning falseJun Fang
BUG=pdfium:277 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1548583002 . Review URL: https://codereview.chromium.org/1549873002 .
2015-12-21Merge to XFA: Fix wrong rendering on greyscale images with index colorspaceJun Fang
BUG=514514 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1536223002 . Merge branch 'xfa' of https://pdfium.googlesource.com/pdfium into xfa Merge to XFA: Correct return values in CPDF_HintTables::CheckPage() BUG=pdfium:329 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1529173005 . Review URL: https://codereview.chromium.org/1539163002 .
2015-12-15Merge to XFA: Fix a dividing zero bug in opj_tcd_init_tile()Jun Fang
BUG=541446 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1520203002 . Review URL: https://codereview.chromium.org/1520323004 .
2015-12-14Merge to XFA: openjpeg: Fix crash in opj_jp2_apply_pclrOliver Chang
TBR=tsepez@chromium.org BUG=554172 Original Review URL: https://codereview.chromium.org/1492693003 . (cherry picked from commit 3026f26aa69e983837d05a5477fe22e79aed0d26) Review URL: https://codereview.chromium.org/1520323003 .
2015-12-11Merge to XFA: openjpeg: fix incrementing of "l_tcp->m_nb_mcc_records" in ↵Oliver Chang
opj_j2k_read_mcc TBR=tsepez@chromium.org BUG=554129 Original Review URL: https://codereview.chromium.org/1488303004 . (cherry picked from commit e2eb04f0352d621bc8837217078c23d67044bf38) Review URL: https://codereview.chromium.org/1524553002 .
2015-10-13upgrade openjpeg to commit# cf352afJun Fang
BUG=457480,497355 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1338973005 .
2015-09-03Merge to XFA: Reapply Foxit's libopenjpeg modifications.Lei Zhang
They were lost in commit d53e6fd. BUG=pdfium:168 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1196523002 . (cherry picked from commit 870b5b6793fa261f0c6f31f026010d2d715968bf) Review URL: https://codereview.chromium.org/1301323007 .
2015-08-28Merge to XFA: Check array bounds for opj_dwt_decode_1() and friends.Lei Zhang
Based on an earlier patch by jun_fang@foxitsoftware.com. BUG=450844 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1320443003 . (cherry picked from commit 463b77b4f1e4257cd89f3460b5a6fdb102f44265) Review URL: https://codereview.chromium.org/1319303003 .
2015-07-13Merge to XFA: Fix an integer overflow issue in openJpegJUN FANG
Fixing this issue for an urgent request. It should be fixed in OpenJPEG side. BUG=506763 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1231933008 .
2015-06-18Merge to XFA: Move libopenjpeg to third_party/Tom Sepez
Original Review URL: https://codereview.chromium.org/1185373010. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1193773002.