openjp2/j2k: Report error if all wanted components are not decoded. #1164
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sebras
force-pushed
the
master
branch
5 times, most recently
from
49cb46c
to
2e01c17
Compare
sebras
changed the title
sebras
force-pushed
the
master
branch
4 times, most recently
from
fb1807e
to
2e1f95d
Compare
|
After several iterations I figured out that the latter commit was the only one needed to resolve this issue, and that the prior commit actually requires more input. I'll submit that separately later |
|
This is reasonable but a change in behaviour. Perhaps there are people who deal with corrupt images, and are used to try to recover the non-corrupted components. Although they will have the workaround of decoding each component individually. @detonin thoughts about this ? |
|
@rouault: The current check in Also note that while this is a behavioural change it only affects clients decoding broken images where the decoding of one or more components fails and the client wants to keep the other components. Is this a common situation? |
|
We can go with your approach and see if people complain. However, I think a similar check should be added to opj_j2k_decode_one_tile(), no ? (in which case, please create a common function called by the 2 call sites) |
|
@rouault Thanks for the reply. Yes, that does seem like an omission. I'll update the commit in a bit. |
sebras
force-pushed
the
master
branch
3 times, most recently
from
4950c38
to
e692210
Compare
Previously the caller had to check whether each component data had been decoded. This means duplicating the checking in every user of openjpeg which is unnecessary. If the caller wantes to decode all or a set of, or a specific component then openjpeg ought to error out if it was unable to do so. Fixes uclouvain#1158.
|
I did address the review comments long while back. What needs to be done for this to be merged? The error from continuous-integration/appveyor/pr failed, but it seems to have failed due to a network outage: |
|
Thanks. Merged |
|
Excellent, thank you! :) |
chris-liddell
pushed a commit
to ArtifexSoftware/thirdparty-openjpeg
that referenced
this pull request
Sep 5, 2019
Ghostscript used to attempt to use even the undecoded components. The source code for upstream's opj_decompress tool avoided this by a workaround along with a comment indicating that this ought to be done in the library (so all clients, e.g. Ghostscript will benefit from it). With this commit the library will error out if not all requested components are successfully decoded. Thus Ghostscript will no longer crash. Reported in uclouvain/openjpeg#1158 sent upstream in uclouvain/openjpeg#1164 and finally committed in e66125f
chris-liddell
pushed a commit
to ArtifexSoftware/thirdparty-openjpeg
that referenced
this pull request
Feb 6, 2020
The original commit message read: Bug 700088: Report error if all wanted J2K components are not decoded. Ghostscript used to attempt to use even the undecoded components. The source code for upstream's opj_decompress tool avoided this by a workaround along with a comment indicating that this ought to be done in the library (so all clients, e.g. Ghostscript will benefit from it). With this commit the library will error out if not all requested components are successfully decoded. Thus Ghostscript will no longer crash. Reported in uclouvain/openjpeg#1158 sent upstream in uclouvain/openjpeg#1164 and finally committed in e66125f
mtremer
pushed a commit
to ipfire/ipfire-2.x
that referenced
this pull request
Apr 29, 2022
- Update from version 2.3.1 to 2.4.0
- Update of rootfile
- Changelog
2.4.0
**Closed issues:**
- OPENJPEG\_INSTALL\_DOC\_DIR does not control a destination directory where HTML docs would be installed. [\#1309](uclouvain/openjpeg#1309)
- Heap-buffer-overflow in lib/openjp2/pi.c:312 [\#1302](uclouvain/openjpeg#1302)
- Heap-buffer-overflow in lib/openjp2/t2.c:973 [\#1299](uclouvain/openjpeg#1299)
- Heap-buffer-overflow in lib/openjp2/pi.c:623 [\#1293](uclouvain/openjpeg#1293)
- Global-buffer-overflow in lib/openjp2/dwt.c:1980 [\#1286](uclouvain/openjpeg#1286)
- Heap-buffer-overflow in lib/openjp2/tcd.c:2417 [\#1284](uclouvain/openjpeg#1284)
- Heap-buffer-overflow in lib/openjp2/mqc.c:499 [\#1283](uclouvain/openjpeg#1283)
- Openjpeg could not encode 32bit RGB float image [\#1281](uclouvain/openjpeg#1281)
- Openjpeg could not encode 32bit RGB float image [\#1280](uclouvain/openjpeg#1280)
- ISO/IEC 15444-1:2019 \(E\) compared with 'cio.h' [\#1277](uclouvain/openjpeg#1277)
- Test-suite failure due to hash mismatch [\#1264](uclouvain/openjpeg#1264)
- Heap use-after-free [\#1261](uclouvain/openjpeg#1261)
- Memory leak when failing to allocate object... [\#1259](uclouvain/openjpeg#1259)
- Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... [\#1257](uclouvain/openjpeg#1257)
- Any plan to build release for CVE-2020-8112/CVE-2020-6851 [\#1247](uclouvain/openjpeg#1247)
- failing to convert 16-bit file: opj\_t2\_encode\_packet\(\): only 5251 bytes remaining in output buffer. 5621 needed. [\#1243](uclouvain/openjpeg#1243)
- CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install [\#1239](uclouvain/openjpeg#1239)
- New release to solve CVE-2019-6988 ? [\#1238](uclouvain/openjpeg#1238)
- Many tests fail to pass after the update of libtiff to version 4.1.0 [\#1233](uclouvain/openjpeg#1233)
- Another heap buffer overflow in libopenjp2 [\#1231](uclouvain/openjpeg#1231)
- Heap buffer overflow in libopenjp2 [\#1228](uclouvain/openjpeg#1228)
- Endianness of binary volume \(JP3D\) [\#1224](uclouvain/openjpeg#1224)
- New release to resolve CVE-2019-12973 [\#1222](uclouvain/openjpeg#1222)
- how to set the block size,like 128,256 ? [\#1216](uclouvain/openjpeg#1216)
- compress YUV files to motion jpeg2000 standard [\#1213](uclouvain/openjpeg#1213)
- Repair/update Java wrapper, and include in release [\#1208](uclouvain/openjpeg#1208)
- abc [\#1206](uclouvain/openjpeg#1206)
- Slow decoding [\#1202](uclouvain/openjpeg#1202)
- Installation question [\#1201](uclouvain/openjpeg#1201)
- Typo in test\_decode\_area - \*ptilew is assigned instead of \*ptileh [\#1195](uclouvain/openjpeg#1195)
- Creating a J2K file with one POC is broken [\#1191](uclouvain/openjpeg#1191)
- Make fails on Arch Linux [\#1174](uclouvain/openjpeg#1174)
- Heap buffer overflow in opj\_t1\_clbl\_decode\_processor\(\) triggered with Ghostscript [\#1158](uclouvain/openjpeg#1158)
- opj\_stream\_get\_number\_byte\_left: Assertion `p\_stream-\>m\_byte\_offset \>= 0' failed. [\#1151](uclouvain/openjpeg#1151)
- The fuzzer ignores too many inputs [\#1079](uclouvain/openjpeg#1079)
- out of bounds read [\#1068](uclouvain/openjpeg#1068)
**Merged pull requests:**
- Change defined WIN32 [\#1310](uclouvain/openjpeg#1310) ([Jamaika1](https://github.com/Jamaika1))
- docs: fix simple typo, producted -\> produced [\#1308](uclouvain/openjpeg#1308) ([timgates42](https://github.com/timgates42))
- Set ${OPENJPEG\_INSTALL\_DOC\_DIR} to DESTINATION of HTMLs [\#1307](uclouvain/openjpeg#1307) ([lemniscati](https://github.com/lemniscati))
- Use INC\_DIR for OPENJPEG\_INCLUDE\_DIRS \(fixes uclouvain\#1174\) [\#1306](uclouvain/openjpeg#1306) ([matthew-sharp](https://github.com/matthew-sharp))
- pi.c: avoid out of bounds access with POC \(fixes \#1302\) [\#1304](uclouvain/openjpeg#1304) ([rouault](https://github.com/rouault))
- Encoder: grow again buffer size [\#1303](uclouvain/openjpeg#1303) ([zodf0055980](https://github.com/zodf0055980))
- opj\_j2k\_write\_sod\(\): avoid potential heap buffer overflow \(fixes \#1299\) \(probably master only\) [\#1301](uclouvain/openjpeg#1301) ([rouault](https://github.com/rouault))
- pi.c: avoid out of bounds access with POC \(refs uclouvain/openjpeg#1293) [\#1300](uclouvain/openjpeg#1300) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1297, but likely not the proper fix [\#1298](uclouvain/openjpeg#1298) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1294, but likely not the proper fix [\#1296](uclouvain/openjpeg#1296) ([rouault](https://github.com/rouault))
- opj\_j2k\_setup\_encoder\(\): validate POC compno0 and compno1 \(fixes \#1293\) [\#1295](uclouvain/openjpeg#1295) ([rouault](https://github.com/rouault))
- Encoder: avoid global buffer overflow on irreversible conversion when… [\#1292](uclouvain/openjpeg#1292) ([rouault](https://github.com/rouault))
- Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC [\#1291](uclouvain/openjpeg#1291) ([rouault](https://github.com/rouault))
- Free p\_tcd\_marker\_info to avoid memory leak [\#1288](uclouvain/openjpeg#1288) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: grow again buffer size [\#1287](uclouvain/openjpeg#1287) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: avoid uint32 overflow when allocating memory for codestream buffer \(fixes \#1243\) [\#1276](uclouvain/openjpeg#1276) ([rouault](https://github.com/rouault))
- Java compatibility from 1.5 to 1.6 [\#1263](uclouvain/openjpeg#1263) ([jiapei100](https://github.com/jiapei100))
- opj\_decompress: fix double-free on input directory with mix of valid and invalid images [\#1262](uclouvain/openjpeg#1262) ([rouault](https://github.com/rouault))
- openjp2: Plug image leak when failing to allocate codestream index. [\#1260](uclouvain/openjpeg#1260) ([sebras](https://github.com/sebras))
- openjp2: Plug memory leak when setting data as TLS fails. [\#1258](uclouvain/openjpeg#1258) ([sebras](https://github.com/sebras))
- openjp2: Error out if failing to create Tier 1 handle. [\#1256](uclouvain/openjpeg#1256) ([sebras](https://github.com/sebras))
- Testing for invalid values of width, height, numcomps [\#1254](uclouvain/openjpeg#1254) ([szukw000](https://github.com/szukw000))
- Single-threaded performance improvements in forward DWT for 5-3 and 9-7 \(and other improvements\) [\#1253](uclouvain/openjpeg#1253) ([rouault](https://github.com/rouault))
- Add support for multithreading in encoder [\#1248](uclouvain/openjpeg#1248) ([rouault](https://github.com/rouault))
- Add support for generation of PLT markers in encoder [\#1246](uclouvain/openjpeg#1246) ([rouault](https://github.com/rouault))
- Fix warnings about signed/unsigned casts in pi.c [\#1244](uclouvain/openjpeg#1244) ([rouault](https://github.com/rouault))
- opj\_decompress: add sanity checks to avoid segfault in case of decoding error [\#1240](uclouvain/openjpeg#1240) ([rouault](https://github.com/rouault))
- ignore wrong icc [\#1236](uclouvain/openjpeg#1236) ([szukw000](https://github.com/szukw000))
- Implement writing of IMF profiles [\#1235](uclouvain/openjpeg#1235) ([rouault](https://github.com/rouault))
- tests: add alternate checksums for libtiff 4.1 [\#1234](uclouvain/openjpeg#1234) ([rouault](https://github.com/rouault))
- opj\_tcd\_init\_tile\(\): avoid integer overflow [\#1232](uclouvain/openjpeg#1232) ([rouault](https://github.com/rouault))
- tests/fuzzers: link fuzz binaries using $LIB\_FUZZING\_ENGINE. [\#1230](uclouvain/openjpeg#1230) ([Dor1s](https://github.com/Dor1s))
- opj\_j2k\_update\_image\_dimensions\(\): reject images whose coordinates are beyond INT\_MAX \(fixes \#1228\) [\#1229](uclouvain/openjpeg#1229) ([rouault](https://github.com/rouault))
- Fix resource leaks [\#1226](uclouvain/openjpeg#1226) ([dodys](https://github.com/dodys))
- abi-check.sh: fix false postive ABI error, and display output error log [\#1218](uclouvain/openjpeg#1218) ([rouault](https://github.com/rouault))
- pi.c: avoid integer overflow, resulting in later invalid access to memory in opj\_t2\_decode\_packets\(\) [\#1217](uclouvain/openjpeg#1217) ([rouault](https://github.com/rouault))
- Add check to validate SGcod/SPcoc/SPcod parameter values. [\#1211](uclouvain/openjpeg#1211) ([sebras](https://github.com/sebras))
- Fix buffer overflow reading an image file less than four characters [\#1196](uclouvain/openjpeg#1196) ([robert-ancell](https://github.com/robert-ancell))
- compression: emit POC marker when only one single POC is requested \(f… [\#1192](uclouvain/openjpeg#1192) ([rouault](https://github.com/rouault))
- Fix several potential vulnerabilities [\#1185](uclouvain/openjpeg#1185) ([Young-X](https://github.com/Young-X))
- openjp2/j2k: Report error if all wanted components are not decoded. [\#1164](uclouvain/openjpeg#1164) ([sebras](https://github.com/sebras))
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously the caller had to check whether each component data had
been decoded. This means duplicating the checking in every user of
openjpeg which is unnecessary. If the caller wantes to decode all
or a set of, or a specific component then openjpeg ought to error
out if it was unable to do so.
Fixes #1158.