Skip to content
This repository has been archived by the owner on Sep 17, 2023. It is now read-only.

Commit

Permalink
Update openjpeg to 2.2.0 to address multiple CVEs
Browse files Browse the repository at this point in the history 
Summary:
This new release includes a significant number of improvements and bug fixes. In particular:
- Multi-threading support at decoding side
- Several speed optimisations both at encoder and decoder, and both on Wavelet
  Transform and Entropy Coding parts. On our test set, a single-threaded
  execution is now around 20% faster (encoding or decoding).
- Huge memory consumption reduction at decoding side (~60% reduction on
  large images)
- Several important bug fixes, in particular the one that was preventing
  OpenJPEG to encode lossless in some specific situations, as well as those
  related to mode switches (BYPASS/LAZY, RESTART/TERMALL, etc).
- Several security fixes thanks to the inclusion of OpenJPEG in the Google
  OSS Fuzz project.
Beside that, several improvements have been brought to the project maintenance, like inclusion of benchmarking scripts to compare speed with latest available kakadu binaries.

Security fixes:
- CVE-2016-5139, CVE-2016-5152, CVE-2016-5158, CVE-2016-5159 [#854](uclouvain/openjpeg#854)
- CVE-2016-1626 and CVE-2016-1628 [#850](uclouvain/openjpeg#850)

For more info check the [NEWS](https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md) and the [Changelog](https://github.com/uclouvain/openjpeg/blob/v2.2.0/CHANGELOG.md)

Signed-off-by: Pierre-Yves <[email protected]>

Test Plan:
```
$ opj_compress -i test.png -o test.j2k

[INFO] tile number 1 / 1
[INFO] Generated outfile test.j2k
encode time: 283 ms
```

Reviewers: #triage_team, JoshStrobl

Reviewed By: #triage_team, JoshStrobl

Subscribers: sunnyflunk, JoshStrobl

Tags: #security

Differential Revision: https://dev.solus-project.com/D794
  • Loading branch information
@kyrios123 @JoshStrobl
kyrios123 authored and JoshStrobl committed Aug 12, 2017
1 parent 5671fff commit 01687bc
Show file tree
Hide file tree
Showing 14 changed files with 104 additions and 723 deletions.
40 changes: 31 additions & 9 deletions abi_symbols
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ libopenjp2.so.7:j2k_get_cstr_info
libopenjp2.so.7:jp2_dump
libopenjp2.so.7:jp2_get_cstr_index
libopenjp2.so.7:jp2_get_cstr_info
libopenjp2.so.7:opj_aligned_32_malloc
libopenjp2.so.7:opj_aligned_32_realloc
libopenjp2.so.7:opj_aligned_free
libopenjp2.so.7:opj_aligned_malloc
libopenjp2.so.7:opj_aligned_realloc
Expand All @@ -23,6 +25,11 @@ libopenjp2.so.7:opj_bio_write
libopenjp2.so.7:opj_calculate_norms
libopenjp2.so.7:opj_calloc
libopenjp2.so.7:opj_clock
libopenjp2.so.7:opj_codec_set_threads
libopenjp2.so.7:opj_cond_create
libopenjp2.so.7:opj_cond_destroy
libopenjp2.so.7:opj_cond_signal
libopenjp2.so.7:opj_cond_wait
libopenjp2.so.7:opj_copy_image_header
libopenjp2.so.7:opj_create_compress
libopenjp2.so.7:opj_create_decompress
Expand All @@ -49,9 +56,13 @@ libopenjp2.so.7:opj_free
libopenjp2.so.7:opj_get_cstr_index
libopenjp2.so.7:opj_get_cstr_info
libopenjp2.so.7:opj_get_decoded_tile
libopenjp2.so.7:opj_get_num_cpus
libopenjp2.so.7:opj_has_thread_support
libopenjp2.so.7:opj_image_comp_header_update
libopenjp2.so.7:opj_image_create
libopenjp2.so.7:opj_image_create0
libopenjp2.so.7:opj_image_data_alloc
libopenjp2.so.7:opj_image_data_free
libopenjp2.so.7:opj_image_destroy
libopenjp2.so.7:opj_image_tile_create
libopenjp2.so.7:opj_j2k_convert_progression_order
Expand All @@ -68,6 +79,7 @@ libopenjp2.so.7:opj_j2k_read_header
libopenjp2.so.7:opj_j2k_read_tile_header
libopenjp2.so.7:opj_j2k_set_decode_area
libopenjp2.so.7:opj_j2k_set_decoded_resolution_factor
libopenjp2.so.7:opj_j2k_set_threads
libopenjp2.so.7:opj_j2k_setup_decoder
libopenjp2.so.7:opj_j2k_setup_encoder
libopenjp2.so.7:opj_j2k_setup_mct_encoding
Expand All @@ -85,6 +97,7 @@ libopenjp2.so.7:opj_jp2_read_header
libopenjp2.so.7:opj_jp2_read_tile_header
libopenjp2.so.7:opj_jp2_set_decode_area
libopenjp2.so.7:opj_jp2_set_decoded_resolution_factor
libopenjp2.so.7:opj_jp2_set_threads
libopenjp2.so.7:opj_jp2_setup_decoder
libopenjp2.so.7:opj_jp2_setup_encoder
libopenjp2.so.7:opj_jp2_start_compress
Expand All @@ -103,22 +116,24 @@ libopenjp2.so.7:opj_mct_getnorm
libopenjp2.so.7:opj_mct_getnorm_real
libopenjp2.so.7:opj_mqc_bypass_enc
libopenjp2.so.7:opj_mqc_bypass_flush_enc
libopenjp2.so.7:opj_mqc_bypass_get_extra_bytes
libopenjp2.so.7:opj_mqc_bypass_init_enc
libopenjp2.so.7:opj_mqc_create
libopenjp2.so.7:opj_mqc_decode
libopenjp2.so.7:opj_mqc_destroy
libopenjp2.so.7:opj_mqc_encode
libopenjp2.so.7:opj_mqc_erterm_enc
libopenjp2.so.7:opj_mqc_flush
libopenjp2.so.7:opj_mqc_init_dec
libopenjp2.so.7:opj_mqc_init_enc
libopenjp2.so.7:opj_mqc_numbytes
libopenjp2.so.7:opj_mqc_raw_init_dec
libopenjp2.so.7:opj_mqc_reset_enc
libopenjp2.so.7:opj_mqc_resetstates
libopenjp2.so.7:opj_mqc_restart_enc
libopenjp2.so.7:opj_mqc_restart_init_enc
libopenjp2.so.7:opj_mqc_segmark_enc
libopenjp2.so.7:opj_mqc_setstate
libopenjp2.so.7:opj_mutex_create
libopenjp2.so.7:opj_mutex_destroy
libopenjp2.so.7:opj_mutex_lock
libopenjp2.so.7:opj_mutex_unlock
libopenjp2.so.7:opj_pi_create_decode
libopenjp2.so.7:opj_pi_create_encode
libopenjp2.so.7:opj_pi_destroy
Expand All @@ -131,11 +146,6 @@ libopenjp2.so.7:opj_procedure_list_create
libopenjp2.so.7:opj_procedure_list_destroy
libopenjp2.so.7:opj_procedure_list_get_first_procedure
libopenjp2.so.7:opj_procedure_list_get_nb_procedures
libopenjp2.so.7:opj_raw_create
libopenjp2.so.7:opj_raw_decode
libopenjp2.so.7:opj_raw_destroy
libopenjp2.so.7:opj_raw_init_dec
libopenjp2.so.7:opj_raw_numbytes
libopenjp2.so.7:opj_read_bytes_BE
libopenjp2.so.7:opj_read_bytes_LE
libopenjp2.so.7:opj_read_double_BE
Expand Down Expand Up @@ -202,10 +212,12 @@ libopenjp2.so.7:opj_tcd_get_encoded_tile_size
libopenjp2.so.7:opj_tcd_init
libopenjp2.so.7:opj_tcd_init_decode_tile
libopenjp2.so.7:opj_tcd_init_encode_tile
libopenjp2.so.7:opj_tcd_is_band_empty
libopenjp2.so.7:opj_tcd_makelayer
libopenjp2.so.7:opj_tcd_makelayer_fixed
libopenjp2.so.7:opj_tcd_rateallocate
libopenjp2.so.7:opj_tcd_rateallocate_fixed
libopenjp2.so.7:opj_tcd_reinit_segment
libopenjp2.so.7:opj_tcd_update_tile_data
libopenjp2.so.7:opj_tgt_create
libopenjp2.so.7:opj_tgt_decode
Expand All @@ -214,6 +226,15 @@ libopenjp2.so.7:opj_tgt_encode
libopenjp2.so.7:opj_tgt_init
libopenjp2.so.7:opj_tgt_reset
libopenjp2.so.7:opj_tgt_setvalue
libopenjp2.so.7:opj_thread_create
libopenjp2.so.7:opj_thread_join
libopenjp2.so.7:opj_thread_pool_create
libopenjp2.so.7:opj_thread_pool_destroy
libopenjp2.so.7:opj_thread_pool_get_thread_count
libopenjp2.so.7:opj_thread_pool_submit_job
libopenjp2.so.7:opj_thread_pool_wait_completion
libopenjp2.so.7:opj_tls_get
libopenjp2.so.7:opj_tls_set
libopenjp2.so.7:opj_version
libopenjp2.so.7:opj_write_bytes_BE
libopenjp2.so.7:opj_write_bytes_LE
Expand All @@ -222,3 +243,4 @@ libopenjp2.so.7:opj_write_double_LE
libopenjp2.so.7:opj_write_float_BE
libopenjp2.so.7:opj_write_float_LE
libopenjp2.so.7:opj_write_tile
libopenjp2.so.7:opq_mqc_finish_dec
2 changes: 2 additions & 0 deletions abi_used_libs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,6 @@ libc.so.6
liblcms2.so.2
libm.so.6
libpng15.so.15
libpthread.so.0
librt.so.1
libtiff.so.5
153 changes: 0 additions & 153 deletions files/security/CVE-2016-9112.patch
View file

This file was deleted.

23 changes: 12 additions & 11 deletions files/security/CVE-2016-9113.patch
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,20 @@
From e0047b38dee408a63e0af72823d8a00eb8681779 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <[email protected]>
Date: Wed, 14 Dec 2016 21:34:11 +0100
Subject: [PATCH 03/10] CVE-2016-9113
From b5039e257dafbb58ddc60e78c887dd45de62e19d Mon Sep 17 00:00:00 2001
From: Pierre-Yves <[email protected]>
Date: Thu, 10 Aug 2017 11:43:01 +0200
Subject: [PATCH] CVE-2016-9113

Signed-off-by: Pierre-Yves <[email protected]>
---
src/bin/jp2/convertbmp.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index 40b0325..15942bf 100644
index b49e7a0..3356b23 100644
--- a/src/bin/jp2/convertbmp.c
+++ b/src/bin/jp2/convertbmp.c
@@ -1049,6 +1049,11 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
&& image->comps[0].prec == image->comps[1].prec
&& image->comps[1].prec == image->comps[2].prec) {
@@ -845,6 +845,11 @@ int imagetobmp(opj_image_t * image, const char *outfile)
&& image->comps[0].sgnd == image->comps[1].sgnd
&& image->comps[1].sgnd == image->comps[2].sgnd) {

+ if (!image->comps[0].data || !image->comps[1].data || !image->comps[2].data) {
+ fprintf(stderr, "ERROR -> Missing image data in input file\n");
Expand All @@ -23,9 +24,9 @@ index 40b0325..15942bf 100644
/* -->> -->> -->> -->>
24 bits color
<<-- <<-- <<-- <<-- */
@@ -1148,6 +1153,11 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
@@ -974,6 +979,11 @@ int imagetobmp(opj_image_t * image, const char *outfile)
fclose(fdest);
} else { /* Gray-scale */
} else { /* Gray-scale */

+ if (!image->comps[0].data) {
+ fprintf(stderr, "ERROR -> Missing image data in input file\n");
Expand All @@ -36,5 +37,5 @@ index 40b0325..15942bf 100644
8 bits non code (Gray scale)
<<-- <<-- <<-- <<-- */
--
1.8.4.5
2.13.4

41 changes: 21 additions & 20 deletions files/security/CVE-2016-9114.patch
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,35 @@
From 525525ecc7c70a078b5372df2484a8d0cd1c84e5 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <[email protected]>
Date: Wed, 14 Dec 2016 21:46:14 +0100
Subject: [PATCH 4/9] CVE-2016-9114
From de42fd16c5cacfc76c45771632946cffd3e8a3ec Mon Sep 17 00:00:00 2001
From: Pierre-Yves <[email protected]>
Date: Thu, 10 Aug 2017 13:25:42 +0200
Subject: [PATCH] CVE-2016-9114

Signed-off-by: Pierre-Yves <[email protected]>
---
src/bin/jp2/convert.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
index ee65920..63703a8 100644
index e2e1602..86743de 100644
--- a/src/bin/jp2/convert.c
+++ b/src/bin/jp2/convert.c
@@ -2153,7 +2153,7 @@ if(v > 65535) v = 65535; else if(v < 0) v = 0;
@@ -2137,7 +2137,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
adjustR =
(image->comps[compno].sgnd ? 1 << (image->comps[compno].prec - 1) : 0);
(image->comps[compno].sgnd ? 1 << (image->comps[compno].prec - 1) : 0);

- if(prec > 8)
+ if(prec > 8 && red)
{
for (i = 0; i < wr * hr; i++)
{
@@ -2173,7 +2173,7 @@ if(v > 65535) v = 65535; else if(v < 0) v = 0;
- if (prec > 8) {
+ if (prec > 8 && red) {
for (i = 0; i < wr * hr; i++) {
v = *red + adjustR;
++red;
@@ -2162,7 +2162,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
fprintf(fdest, "%c%c", (unsigned char)(v >> 8), (unsigned char)v);
}
}/* for(i */
}
- else /* prec <= 8 */
+ else if (red) /* prec <= 8 */
{
for(i = 0; i < wr * hr; ++i)
{
- } else { /* prec <= 8 */
+ } else if (red) { /* prec <= 8 */
for (i = 0; i < wr * hr; ++i) {
v = *red + adjustR;
++red;
--
1.8.4.5
2.13.4

Loading

0 comments on commit 01687bc

Please sign in to comment.