Update openjpeg
[pdfium.git] / core / src / fxcodec / fx_libopenjpeg / libopenjpeg20 / t2.c
index de054ac..f2a7c9a 100644 (file)
@@ -218,7 +218,7 @@ OPJ_BOOL opj_t2_encode_packets( opj_t2_t* p_t2,
         opj_image_t *l_image = p_t2->image;
         opj_cp_t *l_cp = p_t2->cp;
         opj_tcp_t *l_tcp = &l_cp->tcps[p_tile_no];
-        OPJ_UINT32 pocno = l_cp->m_specific_param.m_enc.m_cinema == OPJ_CINEMA4K_24? 2: 1;
+        OPJ_UINT32 pocno = (l_cp->rsiz == OPJ_PROFILE_CINEMA_4K)? 2: 1;
         OPJ_UINT32 l_max_comp = l_cp->m_specific_param.m_enc.m_max_comp_size > 0 ? l_image->numcomps : 1;
         OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1;
 
@@ -477,11 +477,10 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t *p_t2,
 opj_t2_t* opj_t2_create(opj_image_t *p_image, opj_cp_t *p_cp)
 {
         /* create the t2 structure */
-        opj_t2_t *l_t2 = (opj_t2_t*)opj_malloc(sizeof(opj_t2_t));
+        opj_t2_t *l_t2 = (opj_t2_t*)opj_calloc(1,sizeof(opj_t2_t));
         if (!l_t2) {
                 return NULL;
         }
-        memset(l_t2,0,sizeof(opj_t2_t));
 
         l_t2->image = p_image;
         l_t2->cp = p_cp;
@@ -599,6 +598,10 @@ OPJ_BOOL opj_t2_encode_packet(  OPJ_UINT32 tileno,
         }
 
         bio = opj_bio_create();
+        if (!bio) {
+                /* FIXME event manager error callback */
+                return OPJ_FALSE;
+        }
         opj_bio_init_enc(bio, c, length);
         opj_bio_write(bio, 1, 1);           /* Empty header bit */
 
@@ -863,11 +866,10 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
         if (p_tcp->csty & J2K_CP_CSTY_SOP) {
                 if (p_max_length < 6) {
                         /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Not enough space for expected SOP marker\n"); */
-                        printf("Not enough space for expected SOP marker\n");
+                        fprintf(stderr, "Not enough space for expected SOP marker\n");
                 } else if ((*l_current_data) != 0xff || (*(l_current_data + 1) != 0x91)) {
                         /* TODO opj_event_msg(p_t2->cinfo->event_mgr, EVT_WARNING, "Expected SOP marker\n"); */
-                        printf("Expected SOP marker\n");
-                        fprintf(stderr, "Error : expected SOP marker\n");
+                        fprintf(stderr, "Warning: expected SOP marker\n");
                 } else {
                         l_current_data += 6;
                 }
@@ -917,7 +919,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
 
                 /* EPH markers */
                 if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                        if (p_max_length < 2) {
+                        if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
                                 fprintf(stderr, "Not enough space for expected EPH marker\n");
                         } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                                 fprintf(stderr, "Error : expected EPH marker\n");
@@ -1045,7 +1047,7 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
 
         /* EPH markers */
         if (p_tcp->csty & J2K_CP_CSTY_EPH) {
-                if (p_max_length < 2) {
+                if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - *l_header_data_start)) < 2U) {
                         fprintf(stderr, "Not enough space for expected EPH marker\n");
                 } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
                         /* TODO opj_event_msg(t2->cinfo->event_mgr, EVT_ERROR, "Expected EPH marker\n"); */
@@ -1129,7 +1131,8 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
                         }
 
                         do {
-                                if (l_current_data + l_seg->newlen > p_src_data + p_max_length) {
+                                /* Check possible overflow (on l_current_data only, assumes input args already checked) then size */
+                                if (((OPJ_SIZE_T)(l_current_data + l_seg->newlen) < (OPJ_SIZE_T)l_current_data) || (l_current_data + l_seg->newlen > p_src_data + p_max_length)) {
                                         fprintf(stderr, "read: segment too long (%d) with max (%d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
                                                 l_seg->newlen, p_max_length, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
                                         return OPJ_FALSE;
@@ -1154,11 +1157,18 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
                                 };
 
 #endif /* USE_JPWL */
+                                /* Check possible overflow on size */
+                                if ((l_cblk->data_current_size + l_seg->newlen) < l_cblk->data_current_size) {
+                                        fprintf(stderr, "read: segment too long (%d) with current size (%d > %d) for codeblock %d (p=%d, b=%d, r=%d, c=%d)\n",
+                                                l_seg->newlen, l_cblk->data_current_size, 0xFFFFFFFF - l_seg->newlen, cblkno, p_pi->precno, bandno, p_pi->resno, p_pi->compno);
+                                        return OPJ_FALSE;
+                                }
                                 /* Check if the cblk->data have allocated enough memory */
                                 if ((l_cblk->data_current_size + l_seg->newlen) > l_cblk->data_max_size) {
                                     OPJ_BYTE* new_cblk_data = (OPJ_BYTE*) opj_realloc(l_cblk->data, l_cblk->data_current_size + l_seg->newlen);
                                     if(! new_cblk_data) {
                                         opj_free(l_cblk->data);
+                                        l_cblk->data = NULL;
                                         l_cblk->data_max_size = 0;
                                         /* opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to realloc code block cata!\n"); */
                                         return OPJ_FALSE;
@@ -1197,6 +1207,7 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
 
         *(p_data_read) = (OPJ_UINT32)(l_current_data - p_src_data);
 
+
         return OPJ_TRUE;
 }