summaryrefslogtreecommitdiff
path: root/third_party/libopenjpeg20
AgeCommit message (Collapse)Author
2018-01-10[OpenJPEG] Fix integer overflowNicolas Pena
Bug: 796812 Change-Id: I857f037028ea0e74544bdc7c8cd26b4b44e64ec4 Reviewed-on: https://pdfium-review.googlesource.com/22610 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-10-23Upgrade LibopenJPEG to 2.3chromium/3249Nicolas Pena
Bug: Change-Id: I4c968a4e5f41037d80e5dc64a1297cd2cbda31b1 Reviewed-on: https://pdfium-review.googlesource.com/16350 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-09-11Use the right allocate and free functions in OpenJPEG.Chris Palmer
This patch was authored by Ke Liu of Tencent's Xuanwu Lab. BUG=762374 Change-Id: Icb3ee98fb4c399b871ccf11e9920af7caf51be11 Reviewed-on: https://pdfium-review.googlesource.com/13610 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Chris Palmer <palmer@chromium.org>
2017-09-05Upgrade OpenJPEG to 2.2.0Nicolas Pena
This CL upgrades OpenJPEG by copying the files from 2.2.0 and then applying patches. Patch files that are no longer relevant are deleted. The relevant ones are applied manually due to changes in formatting in OpenJPEG. Patch 34 is added to account for opj_malloc changes in PDFium. Bug: chromium:718731 Change-Id: I3d316893eab5e235c9f71222a6818b8ae0c98383 Reviewed-on: https://pdfium-review.googlesource.com/12770 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-05-11LibOpenJPEG: undefined shift in opj_t1_dec_clnpassNicolas Pena
bpno_plus_one is used as a parameter bpno for a bunch of methods that calculate 1 << bpno. Thus, use a reduced value when it's large enough to cause undefined shift. bpno_plus_one itself remains unchanged so that the number of calls remains the same Bug: chromium:698526 Change-Id: I40431d41a04f3e2315bd3c80114cd0fcbd2815b4 Reviewed-on: https://pdfium-review.googlesource.com/5310 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-09LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shiftNicolas Pena
The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 << (prec - 1). So limit it to be at most 31, and avoid undefined shifts. Bug: chromium:698498 Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8 Reviewed-on: https://pdfium-review.googlesource.com/5173 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-05Fix undefined shift in opj_bio_readNicolas Pena
Bug: chromium:666683 Change-Id: I1c633d82e9ef75dd99ef032b4fc46fe8d3651cd1 Reviewed-on: https://pdfium-review.googlesource.com/5050 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-04Fix undefined shift in opj_get_all_encoding_parametersNicolas Pena
The value 1u << (l_pdx + l_level_no) is only used to calculate a minimum, so skip it when the shift doesn't even fit unsigned integer. Also use the uint min version since all values being considered are unsigned anyways. Bug: chromium:666892 Change-Id: I79c6e52022aa894033c5cdabec29c4b8313e293b Reviewed-on: https://pdfium-review.googlesource.com/4891 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-03-13LibopenJPEG: Fix some divisions by 0 in pi.cNicolas Pena
The undefined shifts in libopenjpeg are sometimes used as divisors. This CL checks that we are not trying to divide by 0 or mod by 0 in some places in pi.c. BUG=chromium:699491 Change-Id: Iaf629112437068d6479dbbb52b339bec6edefed0 Reviewed-on: https://pdfium-review.googlesource.com/2962 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-03-01LibOpenJPEG upstream: check size in opj_j2k_read_sizNicolas Pena
This happens to fix the bug in question but I suspect they still do not have enough checks to prevent undefined shifts. Patch: https://github.com/uclouvain/openjpeg/pull/762/commits/5afb4d0546dd1b0a162b4e895cfdcfa4b32f1180 BUG=694042 Change-Id: I9466eb2b095f07233517ff5f1bcb0c2437be78ac Reviewed-on: https://pdfium-review.googlesource.com/2888 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-02-17Libopenjpeg upstream fix for undefined shiftchromium/3019chromium/3018chromium/3017chromium/3016Nicolas Pena
Patch: https://github.com/uclouvain/openjpeg/commit/20789fed4ec7746e938dd2934a1fb5aa352f4d12 BUG=657440 Change-Id: Ic2320cd4baabbd7bc09ec428c5f49b7ab3e7eb66 Reviewed-on: https://pdfium-review.googlesource.com/2795 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-25Use opj_uint_ceildiv where it is better than its int versionNicolas Pena
Replaced (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)a, (OPJ_INT32) b) with opj_uint_ceildiv(a, b), which makes much more sense. BUG=683156 Change-Id: Ie9d6736f4ec0f16d14f203850a14f0dabd73ee38 Reviewed-on: https://pdfium-review.googlesource.com/2352 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-24Check m_data!=null when adding mctNicolas Pena
m_decorrelation_array and m_offset_array can be assigned to l_mct_data, which can be set in opj_j2k_read_mct. In this method, there can be an early true return before allocating m_data but after freeing it. BUG=678342 Change-Id: Id9ea3cc57a9a278deb1540e5db8a94db86018fd6 Reviewed-on: https://pdfium-review.googlesource.com/2350 Commit-Queue: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-19Return error in opj_j2k_read_header_procedure if l_marker_size < 2Nicolas Pena
If we do not do this check, it will overflow to a huge unsigned int, so we will allocate a lot of memory etc. BUG=682182 Change-Id: I24b6654860c43e5d4deea753868b9d842f859cff Reviewed-on: https://pdfium-review.googlesource.com/2272 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-01-11Really fix m_nb_mct_records calculation in opj_j2k_read_mctNicolas Pena
My previous attempt did not follow precisely the way m_nb_mcc_records is increased in opj_j2k_read_mcc. Previous: https://pdfium-review.googlesource.com/c/2165/ BUG=678461, 680102 Change-Id: I3e14c440e3a49b714f8cd82d44992fe647200336 Reviewed-on: https://pdfium-review.googlesource.com/2171 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-10Fix m_nb_mct_records calculation in opj_j2k_read_mctNicolas Pena
Now we update m_nb_mct_records only when there was a new mct record, and l_mct_data computations all went through. In previous version, the ++l_tcp->m_nb_mcc_records was in the end, without the if. Notice that this is similar to the analoguous in opj_j2k_read_mcc. CL that changed the calculation: https://github.com/uclouvain/openjpeg/commit/7a8cdc4bb071494fccf4714413191a52eb924b60 BUG=678461 Change-Id: I9a9e7eb03d1da085f8eb15a221a6bc0a91736662 Reviewed-on: https://pdfium-review.googlesource.com/2165 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2016-08-29openjpeg: Prevent an integer overflow in opj_jp2_apply_pclr.stackexploit
This patch also prevent a null pointer access problem. BUG=chromium:638829 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2270343002
2016-08-08openjpeg: Prevent negative x, y values in opj_tcd_init_tilechromium/2825ochang
BUG=632622 Review-Url: https://codereview.chromium.org/2223303002
2016-08-04openjpeg: Prevent overflows when using opj_aligned_malloc()gogil
BUG=628304 R=thestig@chromium.org, ochang@chromium.org Review-Url: https://codereview.chromium.org/2218783002
2016-08-04openjpeg: Prevent integer overflows during calculation of ↵gogil
|l_nb_code_blocks_size| BUG=628890 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2212973002
2016-07-25Fix an integer overflow in opj_tcd_get_decoded_tile_size().chromium/2810chromium/2809ochang
Based on suggested patch by reporter. BUG=629919 Review-Url: https://codereview.chromium.org/2182683002
2016-07-06openjpeg: Prevent integer overflows during calculation of |l_nb_precinct_size|ochang
BUG=625541 Review-Url: https://codereview.chromium.org/2124073003
2016-06-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SQcd_SQcc.stackexploit
BUG=chromium:619405 R=ochang@chromium.org Review-Url: https://codereview.chromium.org/2071773002
2016-05-20openjpeg: Prevent a buffer overflow in opj_j2k_read_SPCod_SPCoc.chromium/2747chromium/2746chromium/2745chromium/2744ochang
BUG=chromium:613160 Review-Url: https://codereview.chromium.org/2001663002
2016-05-19Fix a memory leak in opj_jp2_read_ihdr().thestig
BUG=603895 Review-Url: https://codereview.chromium.org/1992893003
2016-03-18openjpeg: Remove unneeded non-standard code.Nico Weber
When building with clang-cl and not passing /FIintrin.h, the __attribute__ defined to nothing, which confuses the compiler (see bug). Since nothing seems to require the __attribute__ redefinition, just remove it. Reported upstream here: https://github.com/uclouvain/openjpeg/issues/727 BUG=592745 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1810373002 .
2016-03-10openjpeg: Don't build with SSE instrinsics for 32-bit x86.Oliver Chang
Fixes 32-bit clang-cl build. These intrinsics require addresses with 16-byte alignment, which doesn't cause issues for 64-bit builds because of allocator alignment. MSVC doesn't recognise the __SSE__, __SSE2__ defines, which is why this problem never surfaced before. R=tsepez@chromium.org BUG=pdfium:433 Review URL: https://codereview.chromium.org/1783813003 .
2016-02-23openjpeg: Prevent bad cast in opj_j2k_update_image_dataOliver Chang
R=tsepez@chromium.org BUG=587227 Review URL: https://codereview.chromium.org/1726843002 .
2016-01-15Merge to XFA: openjpeg: Set proper upper bound for an array in ↵Oliver Chang
opj_pi_update_decode_poc(). R=tsepez@chromium.org TBR=tsepez@chromium.org BUG=571480 Original Review URL: https://codereview.chromium.org/1583233008 . (cherry picked from commit 7a0f441e1410b3a0d97374c00c4007552d7dd27a) Review URL: https://codereview.chromium.org/1594603004 .
2016-01-14Merge to XFA: openjpeg: Fix potential bad precno value in opj_pi_next* ↵chromium/2622Oliver Chang
functions. TBR=thestig@chromium.org BUG=571479 Original Review URL: https://codereview.chromium.org/1585243003 . (cherry picked from commit 0b56371b1e9683676cf191f2d9d41d40d47c3726) Review URL: https://codereview.chromium.org/1590593002 .
2015-12-24Merge to XFA: Replace an assertion with returning falseJun Fang
BUG=pdfium:277 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1548583002 . Review URL: https://codereview.chromium.org/1549873002 .
2015-12-21Merge to XFA: Fix wrong rendering on greyscale images with index colorspaceJun Fang
BUG=514514 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1536223002 . Merge branch 'xfa' of https://pdfium.googlesource.com/pdfium into xfa Merge to XFA: Correct return values in CPDF_HintTables::CheckPage() BUG=pdfium:329 R=thestig@chromium.org Review URL: https://codereview.chromium.org/1529173005 . Review URL: https://codereview.chromium.org/1539163002 .
2015-12-15Merge to XFA: Fix a dividing zero bug in opj_tcd_init_tile()Jun Fang
BUG=541446 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1520203002 . Review URL: https://codereview.chromium.org/1520323004 .
2015-12-14Merge to XFA: openjpeg: Fix crash in opj_jp2_apply_pclrOliver Chang
TBR=tsepez@chromium.org BUG=554172 Original Review URL: https://codereview.chromium.org/1492693003 . (cherry picked from commit 3026f26aa69e983837d05a5477fe22e79aed0d26) Review URL: https://codereview.chromium.org/1520323003 .
2015-12-11Merge to XFA: openjpeg: fix incrementing of "l_tcp->m_nb_mcc_records" in ↵Oliver Chang
opj_j2k_read_mcc TBR=tsepez@chromium.org BUG=554129 Original Review URL: https://codereview.chromium.org/1488303004 . (cherry picked from commit e2eb04f0352d621bc8837217078c23d67044bf38) Review URL: https://codereview.chromium.org/1524553002 .
2015-10-13upgrade openjpeg to commit# cf352afJun Fang
BUG=457480,497355 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1338973005 .
2015-09-03Merge to XFA: Reapply Foxit's libopenjpeg modifications.Lei Zhang
They were lost in commit d53e6fd. BUG=pdfium:168 TBR=tsepez@chromium.org Review URL: https://codereview.chromium.org/1196523002 . (cherry picked from commit 870b5b6793fa261f0c6f31f026010d2d715968bf) Review URL: https://codereview.chromium.org/1301323007 .
2015-08-28Merge to XFA: Check array bounds for opj_dwt_decode_1() and friends.Lei Zhang
Based on an earlier patch by jun_fang@foxitsoftware.com. BUG=450844 R=jun_fang@foxitsoftware.com Review URL: https://codereview.chromium.org/1320443003 . (cherry picked from commit 463b77b4f1e4257cd89f3460b5a6fdb102f44265) Review URL: https://codereview.chromium.org/1319303003 .
2015-07-13Merge to XFA: Fix an integer overflow issue in openJpegJUN FANG
Fixing this issue for an urgent request. It should be fixed in OpenJPEG side. BUG=506763 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1231933008 .
2015-06-18Merge to XFA: Move libopenjpeg to third_party/Tom Sepez
Original Review URL: https://codereview.chromium.org/1185373010. TBR=thestig@chromium.org Review URL: https://codereview.chromium.org/1193773002.