The generation of the configuration file jas_config.h has been comple…

…tely

reworked in order to avoid pollution of the global namespace.

Some problematic types like uchar, ulong, and friends have been replaced
with names with a jas_ prefix.

An option max_samples has been added to the BMP and JPEG decoders to
restrict the maximum size of image that they can decode.  This change
was made as a (possibly temporary) fix to address security concerns.
A max_samples command-line option has also been added to imginfo.

Whether an image component (for jas_image_t) is stored in memory or on
disk is now based on the component size (rather than the image size).

Some debug log message were added.

Some new integer overflow checks were added.

Some new safe integer add/multiply functions were added.

More pre-C99 cruft was removed.  JasPer has numerous "hacks" to
handle pre-C99 compilers.  JasPer now assumes C99 support.  So, this
pre-C99 cruft is unnecessary and can be removed.

The regression jasper-doublefree-mem_close.jpg has been re-enabled.
Theoretically, it should work more predictably now.

.gitignore

@@ -40,6 +40,7 @@ Makefile.in
 
 # ./src/libjasper/include/jasper directory
 /src/libjasper/include/jasper/jas_config.h
-/src/libjasper/include/jasper/jas_config.h.in
-/src/libjasper/include/jasper/jas_config.h.in~
+/src/libjasper/include/jasper/jas_pconf.h
+/src/libjasper/include/jasper/jas_pconf.h.in
+/src/libjasper/include/jasper/jas_pconf.h.in~
 /src/libjasper/include/jasper/stamp-h1

configure.ac

@@ -132,16 +132,6 @@ AH_TOP([
 /* If configure is being used, this symbol will be defined automatically
   at this point in the configuration header file. */
 
-#if defined(__GNUC__) && !defined(__clang__)
-#define JAS_ATTRIBUTE_DISABLE_USAN \
-  __attribute__((no_sanitize_undefined))
-#elif defined(__clang__)
-#define JAS_ATTRIBUTE_DISABLE_USAN \
-  __attribute__((no_sanitize("undefined")))
-#else
-#define JAS_ATTRIBUTE_DISABLE_USAN
-#endif
-
 /* The preprocessor symbol JAS_WIN_MSVC_BUILD should not be defined
   unless the JasPer software is being built under Microsoft Windows
   using Microsoft Visual C. */
@@ -153,7 +143,7 @@ AH_TOP([
 AH_BOTTOM([
 #else
 /* A configure-based build is not being used. */
-#include <jasper/jas_config2.h>
+#include <jasper/jas_pconf2.h>
 #endif
 
 #endif
@@ -312,31 +302,82 @@ AC_CHECK_LIB(m, main)
 # Check for header files.
 ############################################################
 
-AC_HEADER_STDC
-AC_CHECK_HEADERS(fcntl.h limits.h unistd.h stdint.h stdbool.h io.h windows.h sys/types.h sys/time.h stdlib.h stddef.h)
+dnl AC_HEADER_STDC
+AC_CHECK_HEADERS(fcntl.h io.h unistd.h windows.h sys/time.h sys/types.h)
+
+# Surely, there must be a better way to do this, but
+# let's just get something working for now.
+
+if test $ac_cv_header_fcntl_h = yes; then
+	AC_SUBST([JAS_HAVE_FCNTL_H], ["#define JAS_HAVE_FCNTL_H 1"])
+else
+	AC_SUBST([JAS_HAVE_FCNTL_H], ["#undef JAS_HAVE_FCNTL_H"])
+fi
+
+if test $ac_cv_header_io_h = yes; then
+	AC_SUBST([JAS_HAVE_IO_H], ["#define JAS_HAVE_IO_H 1"])
+else
+	AC_SUBST([JAS_HAVE_IO_H], ["#undef JAS_HAVE_IO_H"])
+fi
+
+if test $ac_cv_header_unistd_h = yes; then
+	AC_SUBST([JAS_HAVE_UNISTD_H], ["#define JAS_HAVE_UNISTD_H 1"])
+else
+	AC_SUBST([JAS_HAVE_UNISTD_H], ["#undef JAS_HAVE_UNISTD_H"])
+fi
+
+if test $ac_cv_header_windows_h = yes; then
+	AC_SUBST([JAS_HAVE_WINDOWS_H], ["#define JAS_HAVE_WINDOWS_H 1"])
+else
+	AC_SUBST([JAS_HAVE_WINDOWS_H], ["#undef JAS_HAVE_WINDOWS_H"])
+fi
+
+if test $ac_cv_header_sys_time_h = yes; then
+	AC_SUBST([JAS_HAVE_SYS_TIME_H], ["#define JAS_HAVE_SYS_TIME_H 1"])
+else
+	AC_SUBST([JAS_HAVE_SYS_TIME_H], ["#undef JAS_HAVE_SYS_TIME_H"])
+fi
+
+if test $ac_cv_header_sys_types_h = yes; then
+	AC_SUBST([JAS_HAVE_SYS_TYPES_H], ["#define JAS_HAVE_SYS_TYPES_H 1"])
+else
+	AC_SUBST([JAS_HAVE_SYS_TYPES_H], ["#undef JAS_HAVE_SYS_TYPES_H"])
+fi
 
 ############################################################
 # Check for typedefs, structures, and compiler characteristics.
 ############################################################
 
-AC_C_CONST
-AC_C_INLINE
-AC_TYPE_SIZE_T
-AC_CHECK_TYPE(uchar, unsigned char)
-AC_CHECK_TYPE(ushort, unsigned short)
-AC_CHECK_TYPE(uint, unsigned int)
-AC_CHECK_TYPE(ulong, unsigned long)
-AC_CHECK_TYPE(longlong, long long)
-AC_CHECK_TYPE(ulonglong, unsigned long long)
-AC_CHECK_TYPE(ssize_t, int)
+dnl AC_C_CONST
+dnl AC_C_INLINE
+dnl AC_TYPE_SIZE_T
+dnl AC_CHECK_TYPE(uchar, unsigned char)
+dnl AC_CHECK_TYPE(ushort, unsigned short)
+dnl AC_CHECK_TYPE(uint, unsigned int)
+dnl AC_CHECK_TYPE(ulong, unsigned long)
+dnl AC_CHECK_TYPE(longlong, long long)
+dnl AC_CHECK_TYPE(ulonglong, unsigned long long)
+dnl AC_CHECK_TYPE(ssize_t, int)
 AC_CHECK_FUNCS(gettimeofday)
 AC_CHECK_FUNCS(getrusage)
 
+if test $ac_cv_func_gettimeofday = yes; then
+	AC_SUBST([JAS_HAVE_GETTIMEOFDAY], ["#define JAS_HAVE_GETTIMEOFDAY 1"])
+else
+	AC_SUBST([JAS_HAVE_GETTIMEOFDAY], ["#undef JAS_HAVE_GETTIMEOFDAY"])
+fi
+
+if test $ac_cv_func_getrusage = yes; then
+	AC_SUBST([JAS_HAVE_GETRUSAGE], ["#define JAS_HAVE_GETRUSAGE 1"])
+else
+	AC_SUBST([JAS_HAVE_GETRUSAGE], ["#undef JAS_HAVE_GETRUSAGE"])
+fi
+
 ############################################################
 # Checks for library functions.
 ############################################################
 
-AC_FUNC_VPRINTF
+dnl AC_FUNC_VPRINTF
 
 ############################################################
 # Enable memory limit feature.
@@ -432,26 +473,9 @@ esac
 ], [debug=no])
 
 ############################################################
-# Extra stuff for research purposes.
+# Extra stuff
 ############################################################
 
-AC_ARG_ENABLE(special0,
-[  --enable-special0    enable something],
-[
-case "${enableval}" in
-yes)
-	if test "$GCC" = yes; then
-		CFLAGS="-g -O0"
-	fi
-	;;
-no)
-	;;
-*)
-	AC_MSG_ERROR(bad value ${enableval} for --enable-special0)
-	;;
-esac
-], [])
-
 if test -n "$EXTRA_CFLAGS"; then
 	CFLAGS="$CFLAGS $EXTRA_CFLAGS"
 fi
@@ -460,13 +484,17 @@ fi
 # Generate the configuration header file.
 ############################################################
 
-AC_CONFIG_HEADERS([src/libjasper/include/jasper/jas_config.h])
+# The private header file generated by AC_CONFIG_HEADERS is not
+# currently used.  This just causes less verbose command lines
+# when make is run.
+AC_CONFIG_HEADERS([src/libjasper/include/jasper/jas_pconf.h])
 
 ############################################################
 # Generate the makefiles.
 ############################################################
 
 AC_CONFIG_FILES([
+src/libjasper/include/jasper/jas_config.h
 Makefile
 src/Makefile
 src/appl/Makefile

src/appl/imginfo.c

@@ -88,6 +88,7 @@ typedef enum {
 	OPT_VERBOSE,
 	OPT_INFILE,
 	OPT_DEBUG,
+	OPT_MAXSAMPLES,
 	OPT_MAXMEM
 } optid_t;
 
@@ -108,6 +109,7 @@ static jas_opt_t opts[] = {
 	{OPT_VERBOSE, "verbose", 0},
 	{OPT_INFILE, "f", JAS_OPT_HASARG},
 	{OPT_DEBUG, "debug-level", JAS_OPT_HASARG},
+	{OPT_MAXSAMPLES, "max-samples", JAS_OPT_HASARG},
 #if defined(JAS_DEFAULT_MAX_MEM_USAGE)
 	{OPT_MAXMEM, "memory-limit", JAS_OPT_HASARG},
 #endif
@@ -135,13 +137,16 @@ int main(int argc, char **argv)
 	char *fmtname;
 	int debug;
 	size_t max_mem;
+	size_t max_samples;
+	char optstr[32];
 
 	if (jas_init()) {
 		abort();
 	}
 
 	cmdname = argv[0];
 
+	max_samples = 64 * JAS_MEBI;
 	infile = 0;
 	verbose = 0;
 	debug = 0;
@@ -165,6 +170,9 @@ int main(int argc, char **argv)
 		case OPT_INFILE:
 			infile = jas_optarg;
 			break;
+		case OPT_MAXSAMPLES:
+			max_samples = strtoull(jas_optarg, 0, 10);
+			break;
 		case OPT_MAXMEM:
 			max_mem = strtoull(jas_optarg, 0, 10);
 			break;
@@ -199,8 +207,10 @@ int main(int argc, char **argv)
 		fprintf(stderr, "unknown image format\n");
 	}
 
+	snprintf(optstr, sizeof(optstr), "max_samples=%-zu", max_samples);
+
 	/* Decode the image. */
-	if (!(image = jas_image_decode(instream, fmtid, 0))) {
+	if (!(image = jas_image_decode(instream, fmtid, optstr))) {
 		jas_stream_close(instream);
 		fprintf(stderr, "cannot load image\n");
 		return EXIT_FAILURE;
@@ -209,6 +219,11 @@ int main(int argc, char **argv)
 	/* Close the image file. */
 	jas_stream_close(instream);
 
+	if (!(fmtname = jas_image_fmttostr(fmtid))) {
+		jas_eprintf("format name lookup failed\n");
+		return EXIT_FAILURE;
+	}
+
 	if (!(numcmpts = jas_image_numcmpts(image))) {
 		fprintf(stderr, "warning: image has no components\n");
 	}
@@ -221,10 +236,8 @@ int main(int argc, char **argv)
 		height = 0;
 		depth = 0;
 	}
-	if (!(fmtname = jas_image_fmttostr(fmtid))) {
-		abort();
-	}
-	printf("%s %d %d %d %d %ld\n", fmtname, numcmpts, width, height, depth, (long) jas_image_rawsize(image));
+	printf("%s %d %d %d %d %ld\n", fmtname, numcmpts, width, height, depth,
+	  JAS_CAST(long, jas_image_rawsize(image)));
 
 	jas_image_destroy(image);
 	jas_image_clearfmts();

src/libjasper/base/jas_debug.c

@@ -122,7 +122,7 @@ int jas_memdump(FILE *out, void *data, size_t len)
 {
 	size_t i;
 	size_t j;
-	uchar *dp;
+	jas_uchar *dp;
 	dp = data;
 	for (i = 0; i < len; i += 16) {
 		fprintf(out, "%04zx:", i);

src/libjasper/base/jas_icc.c

@@ -82,14 +82,14 @@
 
 static jas_iccattrval_t *jas_iccattrval_create0(void);
 
-static int jas_iccgetuint(jas_stream_t *in, int n, ulonglong *val);
+static int jas_iccgetuint(jas_stream_t *in, int n, jas_ulonglong *val);
 static int jas_iccgetuint8(jas_stream_t *in, jas_iccuint8_t *val);
 static int jas_iccgetuint16(jas_stream_t *in, jas_iccuint16_t *val);
 static int jas_iccgetsint32(jas_stream_t *in, jas_iccsint32_t *val);
 static int jas_iccgetuint32(jas_stream_t *in, jas_iccuint32_t *val);
 static int jas_iccgetuint64(jas_stream_t *in, jas_iccuint64_t *val);
-static int jas_iccputuint(jas_stream_t *out, int n, ulonglong val);
-static int jas_iccputsint(jas_stream_t *out, int n, longlong val);
+static int jas_iccputuint(jas_stream_t *out, int n, jas_ulonglong val);
+static int jas_iccputsint(jas_stream_t *out, int n, jas_longlong val);
 static jas_iccprof_t *jas_iccprof_create(void);
 static int jas_iccprof_readhdr(jas_stream_t *in, jas_icchdr_t *hdr);
 static int jas_iccprof_writehdr(jas_stream_t *out, jas_icchdr_t *hdr);
@@ -1603,11 +1603,11 @@ static void jas_icclut16_dump(jas_iccattrval_t *attrval, FILE *out)
 *
 \******************************************************************************/
 
-static int jas_iccgetuint(jas_stream_t *in, int n, ulonglong *val)
+static int jas_iccgetuint(jas_stream_t *in, int n, jas_ulonglong *val)
 {
 	int i;
 	int c;
-	ulonglong v;
+	jas_ulonglong v;
 	v = 0;
 	for (i = n; i > 0; --i) {
 		if ((c = jas_stream_getc(in)) == EOF)
@@ -1629,7 +1629,7 @@ static int jas_iccgetuint8(jas_stream_t *in, jas_iccuint8_t *val)
 
 static int jas_iccgetuint16(jas_stream_t *in, jas_iccuint16_t *val)
 {
-	ulonglong tmp;
+	jas_ulonglong tmp;
 	if (jas_iccgetuint(in, 2, &tmp))
 		return -1;
 	*val = tmp;
@@ -1638,17 +1638,17 @@ static int jas_iccgetuint16(jas_stream_t *in, jas_iccuint16_t *val)
 
 static int jas_iccgetsint32(jas_stream_t *in, jas_iccsint32_t *val)
 {
-	ulonglong tmp;
+	jas_ulonglong tmp;
 	if (jas_iccgetuint(in, 4, &tmp))
 		return -1;
-	*val = (tmp & 0x80000000) ? (-JAS_CAST(longlong, (((~tmp) &
-	  0x7fffffff) + 1))) : JAS_CAST(longlong, tmp);
+	*val = (tmp & 0x80000000) ? (-JAS_CAST(jas_longlong, (((~tmp) &
+	  0x7fffffff) + 1))) : JAS_CAST(jas_longlong, tmp);
 	return 0;
 }
 
 static int jas_iccgetuint32(jas_stream_t *in, jas_iccuint32_t *val)
 {
-	ulonglong tmp;
+	jas_ulonglong tmp;
 	if (jas_iccgetuint(in, 4, &tmp))
 		return -1;
 	*val = tmp;
@@ -1657,14 +1657,14 @@ static int jas_iccgetuint32(jas_stream_t *in, jas_iccuint32_t *val)
 
 static int jas_iccgetuint64(jas_stream_t *in, jas_iccuint64_t *val)
 {
-	ulonglong tmp;
+	jas_ulonglong tmp;
 	if (jas_iccgetuint(in, 8, &tmp))
 		return -1;
 	*val = tmp;
 	return 0;
 }
 
-static int jas_iccputuint(jas_stream_t *out, int n, ulonglong val)
+static int jas_iccputuint(jas_stream_t *out, int n, jas_ulonglong val)
 {
 	int i;
 	int c;
@@ -1676,9 +1676,9 @@ static int jas_iccputuint(jas_stream_t *out, int n, ulonglong val)
 	return 0;
 }
 
-static int jas_iccputsint(jas_stream_t *out, int n, longlong val)
+static int jas_iccputsint(jas_stream_t *out, int n, jas_longlong val)
 {
-	ulonglong tmp;
+	jas_ulonglong tmp;
 	tmp = (val < 0) ? (abort(), 0) : val;
 	return jas_iccputuint(out, n, tmp);
 }
@@ -1719,7 +1719,7 @@ static long jas_iccpowi(int x, int n)
 }
 
 
-jas_iccprof_t *jas_iccprof_createfrombuf(uchar *buf, int len)
+jas_iccprof_t *jas_iccprof_createfrombuf(jas_uchar *buf, int len)
 {
 	jas_stream_t *in;
 	jas_iccprof_t *prof;

src/libjasper/base/jas_iccdata.c

@@ -62,7 +62,7 @@
 #include <jasper/jas_config.h>
 #include <jasper/jas_types.h>
 
-uchar jas_iccprofdata_srgb[] =
+jas_uchar jas_iccprofdata_srgb[] =
 {
 	0x00, 0x00, 0x0c, 0x48, 0x4c, 0x69, 0x6e, 0x6f,
 	0x02, 0x10, 0x00, 0x00, 0x6d, 0x6e, 0x74, 0x72,
@@ -461,7 +461,7 @@ uchar jas_iccprofdata_srgb[] =
 
 int jas_iccprofdata_srgblen = sizeof(jas_iccprofdata_srgb);
 
-uchar jas_iccprofdata_sgray[] = {
+jas_uchar jas_iccprofdata_sgray[] = {
 	0x00, 0x00, 0x01, 0x8a, 0x00, 0x00, 0x00, 0x00,
 	0x02, 0x20, 0x00, 0x00, 0x73, 0x63, 0x6e, 0x72,
 	0x47, 0x52, 0x41, 0x59, 0x58, 0x59, 0x5a, 0x20,