From 94234bd04d6ec449686ac17b70c796b11deebe43 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sun, 18 Sep 2016 21:06:13 +0200 Subject: [PATCH 1/3] test_tile_decoder: Fix potential buffer overflow (coverity) CID 1190155 (#1 of 1): Unbounded source buffer (STRING_SIZE) Using a pointer instead of buffer of fixed size avoids the limit for the length of the input file name. Signed-off-by: Stefan Weil --- tests/test_tile_decoder.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_tile_decoder.c b/tests/test_tile_decoder.c index 26d3a16c8..e5b851e8f 100644 --- a/tests/test_tile_decoder.c +++ b/tests/test_tile_decoder.c @@ -178,7 +178,7 @@ int main (int argc, char *argv[]) int da_y0=0; int da_x1=1000; int da_y1=1000; - char input_file[64]; + const char *input_file; /* should be test_tile_decoder 0 0 1000 1000 tte1.j2k */ if( argc == 6 ) @@ -187,7 +187,7 @@ int main (int argc, char *argv[]) da_y0=atoi(argv[2]); da_x1=atoi(argv[3]); da_y1=atoi(argv[4]); - strcpy(input_file,argv[5]); + input_file = argv[5]; } else @@ -196,7 +196,7 @@ int main (int argc, char *argv[]) da_y0=0; da_x1=1000; da_y1=1000; - strcpy(input_file,"test.j2k"); + input_file = "test.j2k"; } if (! l_data) { From 6523a079a5760f400ff980bd11efd0b80ed33fea Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sun, 18 Sep 2016 21:12:03 +0200 Subject: [PATCH 2/3] test_tile_encoder: Fix potential buffer overflow (coverity) CID 1190154 (#1 of 1): Unbounded source buffer (STRING_SIZE) Using a pointer instead of buffer of fixed size avoids the limit for the length of the output file name. This implies that the length can exceed 255, so the data type for variable len had to be fixed, too. Signed-off-by: Stefan Weil --- tests/test_tile_encoder.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/test_tile_encoder.c b/tests/test_tile_encoder.c index d01a7e524..bd3fe351a 100644 --- a/tests/test_tile_encoder.c +++ b/tests/test_tile_encoder.c @@ -69,7 +69,7 @@ int main (int argc, char *argv[]) opj_stream_t * l_stream; OPJ_UINT32 l_nb_tiles; OPJ_UINT32 l_data_size; - unsigned char len; + size_t len; #ifdef USING_MCT const OPJ_FLOAT32 l_mct [] = @@ -96,7 +96,7 @@ int main (int argc, char *argv[]) int tile_height; int comp_prec; int irreversible; - char output_file[64]; + const char *output_file; /* should be test_tile_encoder 3 2000 2000 1000 1000 8 tte1.j2k */ if( argc == 9 ) @@ -108,7 +108,7 @@ int main (int argc, char *argv[]) tile_height = atoi( argv[5] ); comp_prec = atoi( argv[6] ); irreversible = atoi( argv[7] ); - strcpy(output_file, argv[8] ); + output_file = argv[8]; } else { @@ -119,7 +119,7 @@ int main (int argc, char *argv[]) tile_height = 1000; comp_prec = 8; irreversible = 1; - strcpy(output_file, "test.j2k" ); + output_file = "test.j2k"; } if( num_comps > NUM_COMPS_MAX ) { @@ -228,7 +228,7 @@ int main (int argc, char *argv[]) } /* should we do j2k or jp2 ?*/ - len = (unsigned char)strlen( output_file ); + len = strlen( output_file ); if( strcmp( output_file + len - 4, ".jp2" ) == 0 ) { l_codec = opj_create_compress(OPJ_CODEC_JP2); From f84e4b160c418940c4e3bc881815c383c6ccb486 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Wed, 21 Sep 2016 20:11:52 +0200 Subject: [PATCH 3/3] openjpip: Initialize data before returning it This fixes an error reported by Coverity: CID 1190143 (#1 of 1): Uninitialized scalar variable (UNINIT) Signed-off-by: Stefan Weil --- src/lib/openjpip/j2kheader_manager.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lib/openjpip/j2kheader_manager.c b/src/lib/openjpip/j2kheader_manager.c index 1e9645165..519a47b55 100644 --- a/src/lib/openjpip/j2kheader_manager.c +++ b/src/lib/openjpip/j2kheader_manager.c @@ -117,6 +117,7 @@ CODmarker_param_t get_CODmkrdata_from_j2kstream( Byte_t *CODstream) if( *CODstream++ != 0xff || *CODstream++ != 0x52){ fprintf( FCGI_stderr, "Error, COD marker not found in the reconstructed j2kstream\n"); + memset(&COD, 0, sizeof(COD)); return COD; }