board/csky: fixup gdb instructions in readme.txt
[buildroot-gz.git] / package / jasper / 0002-Fixed-bugs-due-to-uninitialized-data-in-the-JP2-deco.patch
blobbe8472053fbbb058e065c2526227486c8be5e05f
1 From e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d Mon Sep 17 00:00:00 2001
2 From: Michael Adams <mdadams@ece.uvic.ca>
3 Date: Sat, 4 Mar 2017 14:43:24 -0800
4 Subject: [PATCH] Fixed bugs due to uninitialized data in the JP2 decoder.
5 Also, added some comments marking I/O stream interfaces that probably need to
6 be changed (in the long term) to fix integer overflow problems.
8 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
9 ---
10 src/libjasper/base/jas_stream.c | 18 +++++++++++++++++
11 src/libjasper/jp2/jp2_cod.c | 44 ++++++++++++++++++++++++++++-------------
12 2 files changed, 48 insertions(+), 14 deletions(-)
14 diff --git a/src/libjasper/base/jas_stream.c b/src/libjasper/base/jas_stream.c
15 index 327ee57..d70408f 100644
16 --- a/src/libjasper/base/jas_stream.c
17 +++ b/src/libjasper/base/jas_stream.c
18 @@ -664,6 +664,7 @@ int jas_stream_ungetc(jas_stream_t *stream, int c)
19 return 0;
22 +/* FIXME integral type */
23 int jas_stream_read(jas_stream_t *stream, void *buf, int cnt)
25 int n;
26 @@ -690,6 +691,7 @@ int jas_stream_read(jas_stream_t *stream, void *buf, int cnt)
27 return n;
30 +/* FIXME integral type */
31 int jas_stream_write(jas_stream_t *stream, const void *buf, int cnt)
33 int n;
34 @@ -742,6 +744,7 @@ int jas_stream_puts(jas_stream_t *stream, const char *s)
35 return 0;
38 +/* FIXME integral type */
39 char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
41 int c;
42 @@ -765,6 +768,7 @@ char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
43 return buf;
46 +/* FIXME integral type */
47 int jas_stream_gobble(jas_stream_t *stream, int n)
49 int m;
50 @@ -783,6 +787,7 @@ int jas_stream_gobble(jas_stream_t *stream, int n)
51 return n;
54 +/* FIXME integral type */
55 int jas_stream_pad(jas_stream_t *stream, int n, int c)
57 int m;
58 @@ -885,6 +890,7 @@ long jas_stream_tell(jas_stream_t *stream)
59 * Buffer initialization code.
60 \******************************************************************************/
62 +/* FIXME integral type */
63 static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
64 int bufsize)
66 @@ -1060,6 +1066,7 @@ static int jas_strtoopenmode(const char *s)
67 return openmode;
70 +/* FIXME integral type */
71 int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n)
73 int all;
74 @@ -1085,6 +1092,7 @@ int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n)
75 return 0;
78 +/* FIXME integral type */
79 long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt)
81 int old;
82 @@ -1094,6 +1102,7 @@ long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt)
83 return old;
86 +/* FIXME integral type */
87 int jas_stream_display(jas_stream_t *stream, FILE *fp, int n)
89 unsigned char buf[16];
90 @@ -1168,6 +1177,7 @@ long jas_stream_length(jas_stream_t *stream)
91 * Memory stream object.
92 \******************************************************************************/
94 +/* FIXME integral type */
95 static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt)
97 ssize_t n;
98 @@ -1209,6 +1219,7 @@ static int mem_resize(jas_stream_memobj_t *m, size_t bufsize)
99 return 0;
102 +/* FIXME integral type */
103 static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt)
105 size_t n;
106 @@ -1264,6 +1275,7 @@ static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt)
107 return ret;
110 +/* FIXME integral type */
111 static long mem_seek(jas_stream_obj_t *obj, long offset, int origin)
113 jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj;
114 @@ -1310,6 +1322,7 @@ static int mem_close(jas_stream_obj_t *obj)
115 * File stream object.
116 \******************************************************************************/
118 +/* FIXME integral type */
119 static int file_read(jas_stream_obj_t *obj, char *buf, int cnt)
121 jas_stream_fileobj_t *fileobj;
122 @@ -1318,6 +1331,7 @@ static int file_read(jas_stream_obj_t *obj, char *buf, int cnt)
123 return read(fileobj->fd, buf, cnt);
126 +/* FIXME integral type */
127 static int file_write(jas_stream_obj_t *obj, char *buf, int cnt)
129 jas_stream_fileobj_t *fileobj;
130 @@ -1326,6 +1340,7 @@ static int file_write(jas_stream_obj_t *obj, char *buf, int cnt)
131 return write(fileobj->fd, buf, cnt);
134 +/* FIXME integral type */
135 static long file_seek(jas_stream_obj_t *obj, long offset, int origin)
137 jas_stream_fileobj_t *fileobj;
138 @@ -1352,6 +1367,7 @@ static int file_close(jas_stream_obj_t *obj)
139 * Stdio file stream object.
140 \******************************************************************************/
142 +/* FIXME integral type */
143 static int sfile_read(jas_stream_obj_t *obj, char *buf, int cnt)
145 FILE *fp;
146 @@ -1367,6 +1383,7 @@ static int sfile_read(jas_stream_obj_t *obj, char *buf, int cnt)
147 return result;
150 +/* FIXME integral type */
151 static int sfile_write(jas_stream_obj_t *obj, char *buf, int cnt)
153 FILE *fp;
154 @@ -1377,6 +1394,7 @@ static int sfile_write(jas_stream_obj_t *obj, char *buf, int cnt)
155 return (n != JAS_CAST(size_t, cnt)) ? (-1) : cnt;
158 +/* FIXME integral type */
159 static long sfile_seek(jas_stream_obj_t *obj, long offset, int origin)
161 FILE *fp;
162 diff --git a/src/libjasper/jp2/jp2_cod.c b/src/libjasper/jp2/jp2_cod.c
163 index 7f3608a..8d98a2c 100644
164 --- a/src/libjasper/jp2/jp2_cod.c
165 +++ b/src/libjasper/jp2/jp2_cod.c
166 @@ -183,15 +183,28 @@ jp2_boxinfo_t jp2_boxinfo_unk = {
167 * Box constructor.
168 \******************************************************************************/
170 -jp2_box_t *jp2_box_create(int type)
171 +jp2_box_t *jp2_box_create0()
173 jp2_box_t *box;
174 - jp2_boxinfo_t *boxinfo;
176 if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
177 return 0;
179 memset(box, 0, sizeof(jp2_box_t));
180 + box->type = 0;
181 + box->len = 0;
182 + // Mark the box data as never having been constructed
183 + // so that we will not errantly attempt to destroy it later.
184 + box->ops = &jp2_boxinfo_unk.ops;
185 + return box;
188 +jp2_box_t *jp2_box_create(int type)
190 + jp2_box_t *box;
191 + jp2_boxinfo_t *boxinfo;
192 + if (!(box = jp2_box_create0())) {
193 + return 0;
195 box->type = type;
196 box->len = 0;
197 if (!(boxinfo = jp2_boxinfolookup(type))) {
198 @@ -248,14 +261,9 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
199 box = 0;
200 tmpstream = 0;
202 - if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
203 + if (!(box = jp2_box_create0())) {
204 goto error;
207 - // Mark the box data as never having been constructed
208 - // so that we will not errantly attempt to destroy it later.
209 - box->ops = &jp2_boxinfo_unk.ops;
211 if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) {
212 goto error;
214 @@ -263,10 +271,12 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
215 box->info = boxinfo;
216 box->len = len;
217 JAS_DBGLOG(10, (
218 - "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n",
219 + "preliminary processing of JP2 box: "
220 + "type=%c%s%c (0x%08x); length=%"PRIuFAST32"\n",
221 '"', boxinfo->name, '"', box->type, box->len
223 if (box->len == 1) {
224 + JAS_DBGLOG(10, ("big length\n"));
225 if (jp2_getuint64(in, &extlen)) {
226 goto error;
228 @@ -382,6 +392,7 @@ static int jp2_bpcc_getdata(jp2_box_t *box, jas_stream_t *in)
230 jp2_bpcc_t *bpcc = &box->data.bpcc;
231 unsigned int i;
232 + bpcc->bpcs = 0;
233 bpcc->numcmpts = box->datalen;
234 if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) {
235 return -1;
236 @@ -462,6 +473,7 @@ static int jp2_cdef_getdata(jp2_box_t *box, jas_stream_t *in)
237 jp2_cdef_t *cdef = &box->data.cdef;
238 jp2_cdefchan_t *chan;
239 unsigned int channo;
240 + cdef->ents = 0;
241 if (jp2_getuint16(in, &cdef->numchans)) {
242 return -1;
244 @@ -518,7 +530,9 @@ int jp2_box_put(jp2_box_t *box, jas_stream_t *out)
247 if (dataflag) {
248 - if (jas_stream_copy(out, tmpstream, box->len - JP2_BOX_HDRLEN(false))) {
249 + if (jas_stream_copy(out, tmpstream, box->len -
250 + JP2_BOX_HDRLEN(false))) {
251 + jas_eprintf("cannot copy box data\n");
252 goto error;
254 jas_stream_close(tmpstream);
255 @@ -777,6 +791,7 @@ static int jp2_cmap_getdata(jp2_box_t *box, jas_stream_t *in)
256 jp2_cmap_t *cmap = &box->data.cmap;
257 jp2_cmapent_t *ent;
258 unsigned int i;
259 + cmap->ents = 0;
261 cmap->numchans = (box->datalen) / 4;
262 if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) {
263 @@ -835,6 +850,7 @@ static int jp2_pclr_getdata(jp2_box_t *box, jas_stream_t *in)
264 int_fast32_t x;
266 pclr->lutdata = 0;
267 + pclr->bpc = 0;
269 if (jp2_getuint16(in, &pclr->numlutents) ||
270 jp2_getuint8(in, &pclr->numchans)) {
271 @@ -869,9 +885,9 @@ static int jp2_pclr_putdata(jp2_box_t *box, jas_stream_t *out)
272 #if 0
273 jp2_pclr_t *pclr = &box->data.pclr;
274 #endif
275 -/* Eliminate warning about unused variable. */
276 -box = 0;
277 -out = 0;
278 + /* Eliminate warning about unused variable. */
279 + box = 0;
280 + out = 0;
281 return -1;
285 2.11.0