Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2021-04-01 14:17:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Thu Apr 1 14:17:16 2021 rev:9 rq:882023 version:2.0.28 Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2021-03-18 22:55:20.467556802 +0100 +++ /work/SRC/openSUSE:Factory/.jasper.new.2401/jasper.changes 2021-04-01 14:18:31.232092921 +0200 @@ -1,0 +2,11 @@ +Mon Mar 29 17:09:03 UTC 2021 - Michael Vetter <[email protected]> + +- Update to 2.0.28: + * Fix potential null pointer dereference in the JP2/JPC decoder. + (#269) + * Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. + (#286) + * Fix integral type sizing problem in JP2 codec. (#284) + + +------------------------------------------------------------------- Old: ---- version-2.0.27.tar.gz New: ---- version-2.0.28.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.y0dHYR/_old 2021-04-01 14:18:31.804093811 +0200 +++ /var/tmp/diff_new_pack.y0dHYR/_new 2021-04-01 14:18:31.808093817 +0200 @@ -17,7 +17,7 @@ Name: jasper -Version: 2.0.27 +Version: 2.0.28 Release: 0 Summary: An Implementation of the JPEG-2000 Standard, Part 1 License: SUSE-Public-Domain ++++++ version-2.0.27.tar.gz -> version-2.0.28.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/CMakeLists.txt new/jasper-version-2.0.28/CMakeLists.txt --- old/jasper-version-2.0.27/CMakeLists.txt 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/CMakeLists.txt 2021-03-29 16:57:11.000000000 +0200 @@ -17,7 +17,7 @@ # The major, minor, and micro version numbers of the project. set(JAS_VERSION_MAJOR 2) set(JAS_VERSION_MINOR 0) -set(JAS_VERSION_PATCH 27) +set(JAS_VERSION_PATCH 28) # The project version. set(JAS_VERSION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/NEWS new/jasper-version-2.0.28/NEWS --- old/jasper-version-2.0.27/NEWS 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/NEWS 2021-03-29 16:57:11.000000000 +0200 @@ -1,3 +1,10 @@ +2.0.28 (2021-03-29) +=================== + +* Fix potential null pointer dereference in the JP2/JPC decoder. (#269) +* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286) +* Fix integral type sizing problem in JP2 codec. (#284) + 2.0.27 (2021-03-18) =================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/build/my_build new/jasper-version-2.0.28/build/my_build --- old/jasper-version-2.0.27/build/my_build 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/build/my_build 2021-03-29 16:57:11.000000000 +0200 @@ -67,29 +67,30 @@ rm -rf "$tmp_dir" || panic "cannot remove directory $tmp_dir" fi -opts=() -opts+=(-B"$build_dir") -opts+=(-H"$source_dir") +configure_opts=() +configure_opts+=(-B"$build_dir") +configure_opts+=(-H"$source_dir") #if [ -n "$sde_top_dir" ]; then -# opts+=("-DCMAKE_C_COMPILER=$sde_gcc") +# configure_opts+=("-DCMAKE_C_COMPILER=$sde_gcc") #fi -opts+=("-DCMAKE_INSTALL_PREFIX=$install_dir") -opts+=("-DJAS_ENABLE_STRICT=true") +configure_opts+=("-DCMAKE_INSTALL_PREFIX=$install_dir") +configure_opts+=("-DJAS_ENABLE_STRICT=true") if [ "$enable_debug" -ne 0 ]; then - opts+=("-DCMAKE_BUILD_TYPE=Debug") - opts+=("-DJAS_ENABLE_SHARED=false") + configure_opts+=("-DCMAKE_BUILD_TYPE=Debug") + configure_opts+=("-DJAS_ENABLE_SHARED=false") else - opts+=("-DCMAKE_BUILD_TYPE=Release") + configure_opts+=("-DCMAKE_BUILD_TYPE=Release") fi if [ "$enable_asan" -ne 0 ]; then - opts+=("-DJAS_ENABLE_ASAN=true") + configure_opts+=("-DJAS_ENABLE_ASAN=true") fi if [ "$enable_usan" -ne 0 ]; then - opts+=("-DJAS_ENABLE_USAN=true") + configure_opts+=("-DJAS_ENABLE_USAN=true") fi -opts+=("$@") -echo "Running cmake ${opts[@]}" -cmake "${opts[@]}" || panic "cmake failed" +configure_opts+=("-DJAS_ENABLE_DANGEROUS_INTERNAL_TESTING_MODE=true") +configure_opts+=("$@") +echo "Running cmake ${configure_opts[@]}" +cmake "${configure_opts[@]}" || panic "cmake failed" make_opts=() if [ "$verbose" -ne 0 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/src/libjasper/base/jas_stream.c new/jasper-version-2.0.28/src/libjasper/base/jas_stream.c --- old/jasper-version-2.0.27/src/libjasper/base/jas_stream.c 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/src/libjasper/base/jas_stream.c 2021-03-29 16:57:11.000000000 +0200 @@ -1420,9 +1420,11 @@ jas_stream_fileobj_t *fileobj; JAS_DBGLOG(100, ("file_close(%p)\n", obj)); fileobj = JAS_CAST(jas_stream_fileobj_t *, obj); - ret = close(fileobj->fd); - if (fileobj->flags & JAS_STREAM_FILEOBJ_DELONCLOSE) { - unlink(fileobj->pathname); + if (!(fileobj->flags & JAS_STREAM_FILEOBJ_NOCLOSE)) { + ret = close(fileobj->fd); + if (fileobj->flags & JAS_STREAM_FILEOBJ_DELONCLOSE) { + unlink(fileobj->pathname); + } } jas_free(fileobj); return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/src/libjasper/include/jasper/jas_math.h new/jasper-version-2.0.28/src/libjasper/include/jasper/jas_math.h --- old/jasper-version-2.0.27/src/libjasper/include/jasper/jas_math.h 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/src/libjasper/include/jasper/jas_math.h 2021-03-29 16:57:11.000000000 +0200 @@ -367,6 +367,25 @@ #endif } +#if 0 +/* +This function is potentially useful but not currently used. +So, it is commented out. +*/ +inline static bool jas_safe_uint_mul(unsigned x, unsigned y, unsigned *result) +{ + /* Check if overflow would occur */ + if (x && y > UINT_MAX / x) { + /* Overflow would occur. */ + return false; + } + if (result) { + *result = x * y; + } + return true; +} +#endif + #ifdef __cplusplus } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/src/libjasper/jp2/jp2_cod.c new/jasper-version-2.0.28/src/libjasper/jp2/jp2_cod.c --- old/jasper-version-2.0.27/src/libjasper/jp2/jp2_cod.c 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/src/libjasper/jp2/jp2_cod.c 2021-03-29 16:57:11.000000000 +0200 @@ -86,8 +86,7 @@ static inline uint_fast32_t ones(int n) { assert(n >= 0); - return (((uint_fast32_t) 1) << n) - 1; - //return ((1 << (n)) - 1); + return (JAS_CAST(uint_fast32_t, 1) << n) - 1; } static const jp2_boxinfo_t *jp2_boxinfolookup(int type); @@ -931,7 +930,8 @@ m = (n + 7) / 8; - if (n < 0 || n > JAS_CAST(int, 8 * sizeof(int_fast32_t))) { + // Ensure that the integer to be read has a valid size. + if (n < 0 || n > 32) { jas_eprintf("jp2_getint: invalid integer size (%d bits)\n", n); return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/src/libjasper/jp2/jp2_dec.c new/jasper-version-2.0.28/src/libjasper/jp2/jp2_dec.c --- old/jasper-version-2.0.27/src/libjasper/jp2/jp2_dec.c 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/src/libjasper/jp2/jp2_dec.c 2021-03-29 16:57:11.000000000 +0200 @@ -368,6 +368,12 @@ dec->chantocmptlut[i] = i; } } else { + /* Check to ensure that CMAP/PCLR/CDEF were initialized. */ + if (!dec->cmap || !dec->pclr || !dec->cdef) { + jas_eprintf("missing CMAP/PCLR/CDEF box\n"); + goto error; + } + cmapd = &dec->cmap->data.cmap; pclrd = &dec->pclr->data.pclr; cdefd = &dec->cdef->data.cdef; @@ -379,17 +385,21 @@ if (!pclrd->numlutents) { goto error; } - lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); - if (!lutents) { + if (!(lutents = jas_alloc2(pclrd->numlutents, + sizeof(int_fast32_t)))) { goto error; } for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } newcmptno = jas_image_numcmpts(dec->image); - jas_image_depalettize(dec->image, cmapent->cmptno, + if (jas_image_depalettize(dec->image, cmapent->cmptno, pclrd->numlutents, lutents, - JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno); + JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno)) { + jas_eprintf("jas_image_depalettize failed\n"); + jas_free(lutents); + goto error; + } dec->chantocmptlut[channo] = newcmptno; jas_free(lutents); #if 0 @@ -487,6 +497,9 @@ return image; error: + if (image) { + jas_image_destroy(image); + } if (box) { jp2_box_destroy(box); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/src/libjasper/jpc/jpc_dec.c new/jasper-version-2.0.28/src/libjasper/jpc/jpc_dec.c --- old/jasper-version-2.0.27/src/libjasper/jpc/jpc_dec.c 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/src/libjasper/jpc/jpc_dec.c 2021-03-29 16:57:11.000000000 +0200 @@ -710,6 +710,11 @@ uint_fast32_t tmpyend; jpc_tsfb_band_t bnds[JPC_MAXBANDS]; jpc_pchg_t *pchg; + int retval = 0; + + if (jas_getdbglevel() >= 1) { + jas_eprintf("jpc_dec_tileinit called\n"); + } const jpc_dec_cp_t *cp = tile->cp; tile->realmode = 0; @@ -722,13 +727,17 @@ for (compno = 0, tcomp = tile->tcomps, cmpt = dec->cmpts; compno < dec->numcomps; ++compno, ++tcomp, ++cmpt) { const jpc_dec_ccp_t *ccp = &tile->cp->ccps[compno]; + if (jas_getdbglevel() >= 10) { + jas_eprintf("[compno %d]\n", compno); + } if (ccp->qmfbid == JPC_COX_INS) { tile->realmode = 1; } tcomp->numrlvls = ccp->numrlvls; if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls, sizeof(jpc_dec_rlvl_t)))) { - return -1; + retval = -1; + goto done; } for (rlvlno = 0, rlvl = tcomp->rlvls; rlvlno < tcomp->numrlvls; ++rlvlno, ++rlvl) { @@ -738,11 +747,13 @@ cmpt->hstep), JPC_CEILDIV(tile->ystart, cmpt->vstep), JPC_CEILDIV(tile->xend, cmpt->hstep), JPC_CEILDIV(tile->yend, cmpt->vstep)))) { - return -1; + retval = -1; + goto done; } if (!(tcomp->tsfb = jpc_cod_gettsfb(ccp->qmfbid, tcomp->numrlvls - 1))) { - return -1; + retval = -1; + goto done; } { jpc_tsfb_getbands(tcomp->tsfb, jas_seq2d_xstart(tcomp->data), @@ -776,6 +787,16 @@ rlvl->prcheightexpn; rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs; + if (jas_getdbglevel() >= 10) { + jas_eprintf( + "[compno %d rlvlno %d]: xstart %d ystart %d " + "xend %d yend %d prcwidthexpn %d prcheightexpn %d " + "numhprcs %d numvprcs %d numprcs %d\n", + compno, rlvlno, rlvl->xstart, rlvl->ystart, rlvl->xend, + rlvl->yend, rlvl->prcwidthexpn, rlvl->prcheightexpn, + rlvl->numhprcs, rlvl->numvprcs, rlvl->numprcs); + } + if (rlvl->numprcs >= 64 * 1024) { /* avoid out-of-memory due to malicious file; this limit is @@ -804,7 +825,8 @@ if (rlvl->prcwidthexpn < 1 || rlvl->prcheightexpn < 1) { /* the control block width/height offset exponent must not be negative */ - return -1; + retval = -1; + goto done; } rlvl->cbgwidthexpn = rlvl->prcwidthexpn - 1; rlvl->cbgheightexpn = rlvl->prcheightexpn - 1; @@ -817,7 +839,8 @@ rlvl->numbands = (!rlvlno) ? 1 : 3; if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_dec_band_t)))) { - return -1; + retval = -1; + goto done; } unsigned bandno; for (bandno = 0, band = rlvl->bands; @@ -826,6 +849,10 @@ bandno + 1); const jpc_tsfb_band_t *bnd = &bnds[bndno]; + if (jas_getdbglevel() >= 10) { + jas_eprintf("[compno %d rlvlno %d bandno %d]\n", compno, rlvlno, bandno); + } + band->orient = bnd->orient; band->stepsize = ccp->stepsizes[bndno]; band->analgain = JPC_NOMINALGAIN(ccp->qmfbid, @@ -842,11 +869,13 @@ continue; } if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) { - return -1; + retval = -1; + goto done; } if (jas_seq2d_bindsub(band->data, tcomp->data, bnd->locxstart, bnd->locystart, bnd->locxend, bnd->locyend)) { - return -1; + retval = -1; + goto done; } jas_seq2d_setshift(band->data, bnd->xstart, bnd->ystart); @@ -854,14 +883,19 @@ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) { - return -1; + retval = -1; + goto done; } /************************************************/ cbgxstart = tlcbgxstart; cbgystart = tlcbgystart; - unsigned prccnt; for (prccnt = rlvl->numprcs, prc = band->prcs; + unsigned prccnt; + for (prccnt = rlvl->numprcs, prc = band->prcs; prccnt > 0; --prccnt, ++prc) { + if (jas_getdbglevel() >= 10) { + jas_eprintf("[compno %d rlvlno %d bandno %d prccnt %d]\n", compno, rlvlno, bandno, prccnt); + } cbgxend = cbgxstart + (1 << rlvl->cbgwidthexpn); cbgyend = cbgystart + (1 << rlvl->cbgheightexpn); prc->xstart = JAS_MAX(cbgxstart, JAS_CAST(uint_fast32_t, @@ -888,17 +922,27 @@ prc->numcblks = prc->numhcblks * prc->numvcblks; assert(prc->numcblks > 0); + if (jas_getdbglevel() >= 10) { + jas_eprintf("[compno %d rlvlno %d bandno %d prccnt %d]: " + "numhcblks %d numvcblks %d numcblks %d\n", + compno, rlvlno, bandno, prccnt, prc->numhcblks, prc->numvcblks, + prc->numcblks); + } + if (!(prc->incltagtree = jpc_tagtree_create( prc->numhcblks, prc->numvcblks))) { - return -1; + retval = -1; + goto done; } if (!(prc->numimsbstagtree = jpc_tagtree_create( prc->numhcblks, prc->numvcblks))) { - return -1; + retval = -1; + goto done; } if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) { - return -1; + retval = -1; + goto done; } cblkxstart = cbgxstart; @@ -906,6 +950,9 @@ unsigned cblkcnt; for (cblkcnt = prc->numcblks, cblk = prc->cblks; cblkcnt > 0;) { + if (jas_getdbglevel() >= 10000) { + jas_eprintf("[compno %d rlvlno %d bandno %d prcno %d cblkcnt %d]\n", compno, rlvlno, bandno, prccnt, cblkcnt); + } cblkxend = cblkxstart + (1 << rlvl->cblkwidthexpn); cblkyend = cblkystart + (1 << rlvl->cblkheightexpn); tmpxstart = JAS_MAX(cblkxstart, prc->xstart); @@ -922,11 +969,13 @@ cblk->numlenbits = 3; if (!(cblk->data = jas_seq2d_create(0, 0, 0, 0))) { - return -1; + retval = -1; + goto done; } if (jas_seq2d_bindsub(cblk->data, band->data, tmpxstart, tmpystart, tmpxend, tmpyend)) { - return -1; + retval = -1; + goto done; } ++cblk; --cblkcnt; @@ -956,7 +1005,8 @@ } if (!(tile->pi = jpc_dec_pi_create(dec, tile))) { - return -1; + retval = -1; + goto done; } for (unsigned pchgno = 0; pchgno < jpc_pchglist_numpchgs(tile->cp->pchglist); @@ -967,7 +1017,13 @@ } jpc_pi_init(tile->pi); - return 0; +done: + + if (jas_getdbglevel() >= 1) { + jas_eprintf("jpc_dec_tileinit returning %d\n", retval); + } + + return retval; } static int jpc_dec_tilefini(jpc_dec_t *dec, jpc_dec_tile_t *tile) @@ -977,6 +1033,10 @@ jpc_dec_seg_t *seg; jpc_dec_cblk_t *cblk; + if (jas_getdbglevel() >= 1) { + jas_eprintf("jpc_dec_tilefini called\n"); + } + if (tile->tcomps) { unsigned compno; @@ -1947,7 +2007,15 @@ // a reconstruction parameter defined in E 1.1.2 of the ISO/IEC 15444-1 jpc_fix_t recparam = JPC_FIX_HALF; - assert(absstepsize >= 0); + // Note: + // Should anything special be done to handle the error case of + // absstepsize < 0 (which can arise due to numerical overflow). + // Using an assert is not appropriate, since this results in program + // termination when this type of error occurs. + // Simply allowing a decoded image with very high distortion would appear + // to be consistent with the policy adopted elsewhere in the codec. + // assert(absstepsize >= 0); + if (absstepsize == jpc_inttofix(1)) { return; } @@ -2053,7 +2121,7 @@ dec->cp = 0; dec->maxlyrs = impopts->maxlyrs; dec->maxpkts = impopts->maxpkts; -dec->numpkts = 0; + dec->numpkts = 0; dec->ppmseqno = 0; dec->state = 0; dec->cmpts = 0; @@ -2062,6 +2130,10 @@ dec->curtileendoff = 0; dec->max_samples = impopts->max_samples; + if (jas_getdbglevel() >= 1) { + jas_eprintf("debug %d\n", jas_getdbglevel()); + } + return dec; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.27/src/libjasper/pgx/pgx_dec.c new/jasper-version-2.0.28/src/libjasper/pgx/pgx_dec.c --- old/jasper-version-2.0.27/src/libjasper/pgx/pgx_dec.c 2021-03-18 12:23:26.000000000 +0100 +++ new/jasper-version-2.0.28/src/libjasper/pgx/pgx_dec.c 2021-03-29 16:57:11.000000000 +0200 @@ -362,7 +362,7 @@ j = bigendian ? (wordsize - 1 - i) : i; val = val | ((c & 0xffU) << (8 * j)); } - val &= (1 << prec) - 1; + val &= (JAS_CAST(uint_fast32_t, 1) << prec) - 1; return val; error:
