Overview

File openjpeg2-CVE-2016-3183.patch of Package openjpeg2.36921

Index: openjpeg-2.1.0/src/bin/common/color.c
===================================================================
--- openjpeg-2.1.0.orig/src/bin/common/color.c
+++ openjpeg-2.1.0/src/bin/common/color.c
@@ -91,12 +91,13 @@ static void sycc444_to_rgb(opj_image_t *
 {
 	int *d0, *d1, *d2, *r, *g, *b;
 	const int *y, *cb, *cr;
-	int maxw, maxh, max, i, offset, upb;
+	size_t maxw, maxh, max, i;
+	int offset, upb;
 
 	i = (int)img->comps[0].prec;
 	offset = 1<<(i - 1); upb = (1<<i)-1;
 
-	maxw = (int)img->comps[0].w; maxh = (int)img->comps[0].h;
+	maxw = (size_t)img->comps[0].w; maxh = (size_t)img->comps[0].h;
 	max = maxw * maxh;
 
 	y = img->comps[0].data;
@@ -116,20 +117,21 @@ static void sycc444_to_rgb(opj_image_t *
 	free(img->comps[0].data); img->comps[0].data = d0;
 	free(img->comps[1].data); img->comps[1].data = d1;
 	free(img->comps[2].data); img->comps[2].data = d2;
-
+	img->color_space = OPJ_CLRSPC_SRGB;
 }/* sycc444_to_rgb() */
 
 static void sycc422_to_rgb(opj_image_t *img)
 {	
 	int *d0, *d1, *d2, *r, *g, *b;
 	const int *y, *cb, *cr;
-	int maxw, maxh, max, offset, upb;
-	int i, j;
+	size_t maxw, maxh, max, offx, loopmaxw;
+	int offset, upb;
+	size_t i, j;
 
-	i = (int)img->comps[0].prec;
+	i = (size_t)img->comps[0].prec;
 	offset = 1<<(i - 1); upb = (1<<i)-1;
 
-	maxw = (int)img->comps[0].w; maxh = (int)img->comps[0].h;
+	maxw = (size_t)img->comps[0].w; maxh = (size_t)img->comps[0].h;
 	max = maxw * maxh;
 
 	y = img->comps[0].data;
@@ -140,9 +142,18 @@ static void sycc422_to_rgb(opj_image_t *
 	d1 = g = (int*)malloc(sizeof(int) * (size_t)max);
 	d2 = b = (int*)malloc(sizeof(int) * (size_t)max);
 
+	/* if img->x0 is odd, then first column shall use Cb/Cr = 0 */
+	offx = img->x0 & 1U;
+	loopmaxw = maxw - offx;
+
 	for(i=0; i < maxh; ++i)
    {
-	for(j=0; j < maxw; j += 2)
+	   if (offx > 0U) {
+		   sycc_to_rgb (offset, upb, *y, 0, 0, r, g, b);
+		   ++y; ++r; ++g; ++b;
+	   }
+
+	for(j=0; j < (loopmaxw & ~(size_t)1U); j += 2)
   {
 	sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
 
@@ -152,36 +163,37 @@ static void sycc422_to_rgb(opj_image_t *
 
 	++y; ++r; ++g; ++b; ++cb; ++cr;
   }
+
+	if (j < loopmaxw) {
+		sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+		++y; ++r; ++g; ++b; ++cb; ++cr;
+	}
    }
 	free(img->comps[0].data); img->comps[0].data = d0;
 	free(img->comps[1].data); img->comps[1].data = d1;
 	free(img->comps[2].data); img->comps[2].data = d2;
 
-#if defined(USE_JPWL) || defined(USE_MJ2)
 	img->comps[1].w = maxw; img->comps[1].h = maxh;
 	img->comps[2].w = maxw; img->comps[2].h = maxh;
-#else
-	img->comps[1].w = (OPJ_UINT32)maxw; img->comps[1].h = (OPJ_UINT32)maxh;
-	img->comps[2].w = (OPJ_UINT32)maxw; img->comps[2].h = (OPJ_UINT32)maxh;
-#endif
 	img->comps[1].dx = img->comps[0].dx;
 	img->comps[2].dx = img->comps[0].dx;
 	img->comps[1].dy = img->comps[0].dy;
 	img->comps[2].dy = img->comps[0].dy;
-
+	img->color_space = OPJ_CLRSPC_SRGB;
 }/* sycc422_to_rgb() */
 
 static void sycc420_to_rgb(opj_image_t *img)
 {
 	int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb;
 	const int *y, *cb, *cr, *ny;
-	int maxw, maxh, max, offset, upb;
-	int i, j;
+	size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh;
+	int offset, upb;
+	size_t i, j;
 
-	i = (int)img->comps[0].prec;
-	offset = 1<<(i - 1); upb = (1<<i)-1;
+	upb = img->comps[0].prec;
+	offset = 1<<(upb - 1); upb = (1<<upb)-1;
 
-	maxw = (int)img->comps[0].w; maxh = (int)img->comps[0].h;
+	maxw = (size_t)img->comps[0].w; maxh = (size_t)img->comps[0].h;
 	max = maxw * maxh;
 
 	y = img->comps[0].data;
@@ -192,12 +204,34 @@ static void sycc420_to_rgb(opj_image_t *
 	d1 = g = (int*)malloc(sizeof(int) * (size_t)max);
 	d2 = b = (int*)malloc(sizeof(int) * (size_t)max);
 
-	for(i=0; i < maxh; i += 2)
+	/* if img->x0 is odd, then first column shall use Cb/Cr = 0 */
+	offx = img->x0 & 1U;
+	loopmaxw = maxw - offx;
+	/* if img->y0 is odd, then first line shall use Cb/Cr = 0 */
+	offy = img->y0 & 1U;
+	loopmaxh = maxh - offy;
+
+	if (offy > 0U) {
+		for(j=0; j < maxw; ++j)
+		{
+			sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+			++y; ++r; ++g; ++b;
+		}
+	}
+
+	for(i=0; i < (loopmaxh & ~(size_t)1U); i += 2)
    {
 	ny = y + maxw;
 	nr = r + maxw; ng = g + maxw; nb = b + maxw;
 
-	for(j=0; j < maxw;  j += 2)
+	if (offx > 0U) {
+		sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+		++y; ++r; ++g; ++b;
+		sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
+		++ny; ++nr; ++ng; ++nb;
+	}
+
+	for(j=0; j < (loopmaxw & ~(size_t)1U);  j += 2)
   {
 	sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
 
@@ -215,24 +249,42 @@ static void sycc420_to_rgb(opj_image_t *
 
 	++ny; ++nr; ++ng; ++nb; ++cb; ++cr;
   }
+
+	if (j < loopmaxw) {
+		sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+		++y; ++r; ++g; ++b;
+
+		sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
+		++ny; ++nr; ++ng; ++nb; ++cb; ++cr;
+	}
+
 	y += maxw; r += maxw; g += maxw; b += maxw;
    }
+
+    if (i < loopmaxh) {
+		for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) {
+			sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+			++y; ++r; ++g; ++b;
+
+			sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+			++y; ++r; ++g; ++b; ++cb; ++cr;
+		}
+		if (j < maxw) {
+			sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+		}
+	}
+
 	free(img->comps[0].data); img->comps[0].data = d0;
 	free(img->comps[1].data); img->comps[1].data = d1;
 	free(img->comps[2].data); img->comps[2].data = d2;
 
-#if defined(USE_JPWL) || defined(USE_MJ2)
 	img->comps[1].w = maxw; img->comps[1].h = maxh;
 	img->comps[2].w = maxw; img->comps[2].h = maxh;
-#else
-	img->comps[1].w = (OPJ_UINT32)maxw; img->comps[1].h = (OPJ_UINT32)maxh;
-	img->comps[2].w = (OPJ_UINT32)maxw; img->comps[2].h = (OPJ_UINT32)maxh;
-#endif
 	img->comps[1].dx = img->comps[0].dx;
 	img->comps[2].dx = img->comps[0].dx;
 	img->comps[1].dy = img->comps[0].dy;
 	img->comps[2].dy = img->comps[0].dy;
-
+	img->color_space = OPJ_CLRSPC_SRGB;
 }/* sycc420_to_rgb() */
 
 void color_sycc_to_rgb(opj_image_t *img)
@@ -278,8 +330,6 @@ void color_sycc_to_rgb(opj_image_t *img)
 	 __FILE__,__LINE__);
 	return;
   }
-	img->color_space = OPJ_CLRSPC_SRGB;
-
 }/* color_sycc_to_rgb() */
 
 #if defined(OPJ_HAVE_LIBLCMS2) || defined(OPJ_HAVE_LIBLCMS1)
Index: openjpeg-2.1.0/src/bin/jp2/convert.c
===================================================================
--- openjpeg-2.1.0.orig/src/bin/jp2/convert.c
+++ openjpeg-2.1.0/src/bin/jp2/convert.c
@@ -1290,7 +1290,7 @@ int imagetobmp(opj_image_t * image, cons
             fprintf(fdest, "%c", (unsigned char)r);
 
             if ((i + 1) % w == 0) {
-                for (pad = w % 4 ? 4 - w % 4 : 0; pad > 0; pad--)	/* ADD */
+                for (pad = (w % 4) ? (4 - w % 4) : 0; pad > 0; pad--)	/* ADD */
                     fprintf(fdest, "%c", 0);
             }
         }
openSUSE Build Service is sponsored by
Places