From 65f9d417b53cfe16c05aec56486ff3b2c92aca42 Mon Sep 17 00:00:00 2001 From: Dan Bloomberg Date: Sat, 5 Jun 2021 11:23:35 -0700 Subject: [PATCH] Fix bug in calculating header size for jpeg2000. --- src/boxbasic.c | 15 ++++++++------- src/jp2kheader.c | 6 ++++-- src/jp2kio.c | 2 +- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/boxbasic.c b/src/boxbasic.c index 83a11bbaf..dfd05b01e 100644 --- a/src/boxbasic.c +++ b/src/boxbasic.c @@ -1563,16 +1563,16 @@ BOXA *boxa; * with copies of %boxa. Any existing boxa are destroyed. * After this operation, the number of boxa is equal to * the number of allocated ptrs. - * (2) Note that we use boxaaReplaceBox() instead of boxaInsertBox(). - * They both have the same effect when inserting into a NULL ptr - * in the boxa ptr array + * (2) Note that we use boxaaReplaceBoxa() which replaces a boxa, + * instead of boxaaInsertBoxa(), which is O(n) and shifts all + * the boxa pointers from the insertion point to the end. * (3) Example usage. This function is useful to prepare for a * random insertion (or replacement) of boxa into a boxaa. * To randomly insert boxa into a boxaa, up to some index "max": * Boxaa *baa = boxaaCreate(max); * // initialize the boxa * Boxa *boxa = boxaCreate(...); - * ... [optionally fix with boxes] + * ... [optionally fill with boxes] * boxaaInitFull(baa, boxa); * A typical use is to initialize the array with empty boxa, * and to replace only a subset that must be aligned with @@ -1695,9 +1695,10 @@ l_int32 n; *
  * Notes:
  *      (1) This shifts boxa[i] --> boxa[i + 1] for all i >= index,
- *          and then inserts boxa as boxa[index].
- *      (2) To insert at the beginning of the array, set index = 0.
- *      (3) To append to the array, it's easier to use boxaaAddBoxa().
+ *          and then inserts boxa as boxa[index].  It is typically used
+ *          when %baa is full of boxa.
+ *      (2) To insert at the beginning of the array, set %index = 0.
+ *      (3) To append to the array, it is equivalent to boxaaAddBoxa().
  *      (4) This should not be used repeatedly to insert into large arrays,
  *          because the function is O(n).
  * 
diff --git a/src/jp2kheader.c b/src/jp2kheader.c index 17c987dd7..803146180 100644 --- a/src/jp2kheader.c +++ b/src/jp2kheader.c @@ -212,9 +212,9 @@ l_uint8 ihdr[4] = {0x69, 0x68, 0x64, 0x72}; /* 'ihdr' */ } if (pcodec) *pcodec = codec; - if (4 * (12 + 3) >= size) - return ERROR_INT("header size is too small", procName, 1); if (codec == L_JP2_CODEC) { + if (size < 4 * (windex + 3)) + return ERROR_INT("header size is too small", procName, 1); val = *((l_uint32 *)data + windex); h = convertOnLittleEnd32(val); val = *((l_uint32 *)data + windex + 1); @@ -223,6 +223,8 @@ l_uint8 ihdr[4] = {0x69, 0x68, 0x64, 0x72}; /* 'ihdr' */ spp = convertOnLittleEnd16(val); bps = *(data + 4 * (windex + 2) + 2) + 1; } else { /* codec == L_J2K_CODEC */ + if (size < 4 * (windex + 9)) + return ERROR_INT("header size is too small", procName, 1); val = *((l_uint32 *)data + windex); w = convertOnLittleEnd32(val); val = *((l_uint32 *)data + windex + 1); diff --git a/src/jp2kio.c b/src/jp2kio.c index f009c229b..933492818 100644 --- a/src/jp2kio.c +++ b/src/jp2kio.c @@ -281,7 +281,7 @@ PIX *pix = NULL; return NULL; } - if (bps > 8) { + if (bps != 8) { L_ERROR("found %d bps; can only handle 8 bps\n", procName, bps); return NULL; }