|
 |
83be9e |
Backport of the upstream commit:
|
|
|
83be9e |
|
|
|
83be9e |
From 2e82fa00466ae525339754bb3ab0a0474a31d4bd Mon Sep 17 00:00:00 2001
|
|
|
83be9e |
From: Michael Adams <mdadams@ece.uvic.ca>
|
|
|
83be9e |
Date: Wed, 19 Oct 2016 17:57:40 -0700
|
|
|
83be9e |
Subject: [PATCH] Fixed an integral type promotion problem by adding a
|
|
|
83be9e |
JAS_CAST. Modified the jpc_tsfb_synthesize function so that it will be a noop
|
|
|
83be9e |
for an empty sequence (in order to avoid dereferencing a null pointer).
|
|
|
83be9e |
|
|
|
83be9e |
diff -pruN jasper-1.900.1.orig/src/libjasper/include/jasper/jas_math.h jasper-1.900.1/src/libjasper/include/jasper/jas_math.h
|
|
|
83be9e |
--- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_math.h 2017-03-31 14:08:18.000000000 +0200
|
|
|
83be9e |
+++ jasper-1.900.1/src/libjasper/include/jasper/jas_math.h 2017-03-31 14:09:06.000000000 +0200
|
|
|
83be9e |
@@ -115,6 +115,24 @@ extern "C" {
|
|
|
83be9e |
((1 << (n)) - 1)
|
|
|
83be9e |
|
|
|
83be9e |
/******************************************************************************\
|
|
|
83be9e |
+*
|
|
|
83be9e |
+\******************************************************************************/
|
|
|
83be9e |
+
|
|
|
83be9e |
+__attribute__((no_sanitize("undefined")))
|
|
|
83be9e |
+inline static jas_int_asr(int x, int n)
|
|
|
83be9e |
+{
|
|
|
83be9e |
+ assert(n >= 0);
|
|
|
83be9e |
+ return x >> n;
|
|
|
83be9e |
+}
|
|
|
83be9e |
+
|
|
|
83be9e |
+__attribute__((no_sanitize("undefined")))
|
|
|
83be9e |
+inline static jas_int_asl(int x, int n)
|
|
|
83be9e |
+{
|
|
|
83be9e |
+ assert(n >= 0);
|
|
|
83be9e |
+ return x << n;
|
|
|
83be9e |
+}
|
|
|
83be9e |
+
|
|
|
83be9e |
+/******************************************************************************\
|
|
|
83be9e |
* Safe integer arithmetic (i.e., with overflow checking).
|
|
|
83be9e |
\******************************************************************************/
|
|
|
83be9e |
|
|
|
83be9e |
diff -pruN jasper-1.900.1.orig/src/libjasper/include/jasper/jas_seq.h jasper-1.900.1/src/libjasper/include/jasper/jas_seq.h
|
|
|
83be9e |
--- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_seq.h 2007-01-19 22:43:04.000000000 +0100
|
|
|
83be9e |
+++ jasper-1.900.1/src/libjasper/include/jasper/jas_seq.h 2017-03-31 14:09:06.000000000 +0200
|
|
|
83be9e |
@@ -154,6 +154,9 @@ typedef jas_matrix_t jas_seq_t;
|
|
|
83be9e |
#define jas_matrix_numcols(matrix) \
|
|
|
83be9e |
((matrix)->numcols_)
|
|
|
83be9e |
|
|
|
83be9e |
+#define jas_matrix_size(matrix) \
|
|
|
83be9e |
+ (jas_matrix_width(matrix) * jas_matrix_height(matrix))
|
|
|
83be9e |
+
|
|
|
83be9e |
/* Get a matrix element. */
|
|
|
83be9e |
#define jas_matrix_get(matrix, i, j) \
|
|
|
83be9e |
((matrix)->rows_[i][j])
|
|
|
83be9e |
@@ -269,6 +272,8 @@ jas_matrix_t *jas_seq2d_create(int xstar
|
|
|
83be9e |
((s)->xstart_ = (x), (s)->ystart_ = (y), \
|
|
|
83be9e |
(s)->xend_ = (s)->xstart_ + (s)->numcols_, \
|
|
|
83be9e |
(s)->yend_ = (s)->ystart_ + (s)->numrows_)
|
|
|
83be9e |
+#define jas_seq2d_size(s) \
|
|
|
83be9e |
+ (jas_seq2d_width(s) * jas_seq2d_height(s))
|
|
|
83be9e |
|
|
|
83be9e |
void jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, int xstart,
|
|
|
83be9e |
int ystart, int xend, int yend);
|
|
|
83be9e |
diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
|
|
|
83be9e |
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2017-03-31 14:08:18.000000000 +0200
|
|
|
83be9e |
+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2017-03-31 14:09:06.000000000 +0200
|
|
|
83be9e |
@@ -1805,6 +1805,13 @@ static void jpc_undo_roi(jas_matrix_t *x
|
|
|
83be9e |
bool warn;
|
|
|
83be9e |
uint_fast32_t mask;
|
|
|
83be9e |
|
|
|
83be9e |
+ if (roishift < 0) {
|
|
|
83be9e |
+ /* We could instead return an error here. */
|
|
|
83be9e |
+ /* I do not think it matters much. */
|
|
|
83be9e |
+ jas_eprintf("warning: forcing negative ROI shift to zero "
|
|
|
83be9e |
+ "(bitstream is probably corrupt)\n");
|
|
|
83be9e |
+ roishift = 0;
|
|
|
83be9e |
+ }
|
|
|
83be9e |
if (roishift == 0 && bgshift == 0) {
|
|
|
83be9e |
return;
|
|
|
83be9e |
}
|
|
|
83be9e |
@@ -1823,7 +1830,7 @@ static void jpc_undo_roi(jas_matrix_t *x
|
|
|
83be9e |
} else {
|
|
|
83be9e |
/* We are dealing with non-ROI (i.e., background) data. */
|
|
|
83be9e |
mag <<= bgshift;
|
|
|
83be9e |
- mask = (1 << numbps) - 1;
|
|
|
83be9e |
+ mask = (JAS_CAST(uint_fast32_t, 1) << numbps) - 1;
|
|
|
83be9e |
/* Perform a basic sanity check on the sample value. */
|
|
|
83be9e |
/* Some implementations write garbage in the unused
|
|
|
83be9e |
most-significant bit planes introduced by ROI shifting.
|
|
|
83be9e |
diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_tsfb.c jasper-1.900.1/src/libjasper/jpc/jpc_tsfb.c
|
|
|
83be9e |
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_tsfb.c 2007-01-19 22:43:07.000000000 +0100
|
|
|
83be9e |
+++ jasper-1.900.1/src/libjasper/jpc/jpc_tsfb.c 2017-03-31 14:09:06.000000000 +0200
|
|
|
83be9e |
@@ -148,7 +148,8 @@ int jpc_tsfb_analyze2(jpc_tsfb_t *tsfb,
|
|
|
83be9e |
|
|
|
83be9e |
int jpc_tsfb_synthesize(jpc_tsfb_t *tsfb, jas_seq2d_t *a)
|
|
|
83be9e |
{
|
|
|
83be9e |
- return (tsfb->numlvls > 0) ? jpc_tsfb_synthesize2(tsfb,
|
|
|
83be9e |
+ return (tsfb->numlvls > 0 && jas_seq2d_size(a)) ?
|
|
|
83be9e |
+ jpc_tsfb_synthesize2(tsfb,
|
|
|
83be9e |
jas_seq2d_getref(a, jas_seq2d_xstart(a), jas_seq2d_ystart(a)),
|
|
|
83be9e |
jas_seq2d_xstart(a), jas_seq2d_ystart(a), jas_seq2d_width(a),
|
|
|
83be9e |
jas_seq2d_height(a), jas_seq2d_rowstep(a), tsfb->numlvls - 1) : 0;
|