Skip to content

Commit

Permalink
len
Browse files Browse the repository at this point in the history
  • Loading branch information
radarhere committed Dec 25, 2024
1 parent 5032bb8 commit 92388bd
Show file tree
Hide file tree
Showing 7 changed files with 41 additions and 21 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -86,4 +86,4 @@ jobs:
- name: Test
run: |
python3 -m pip install psutil
python3 -c "import psutil;process = psutil.Process();from PIL import Image;im = Image.open('clusterfuzz-testcase-minimized-fuzz_pillow-5015640213159936');print('memory1', process.memory_info().rss);im.load();print('memory2', process.memory_info().rss)"
python3 -c "import psutil;process = psutil.Process();from PIL import Image;im = Image.open('clusterfuzz-testcase-minimized-fuzz_pillow-5015640213159936');print(im);print('memory1', process.memory_info().rss);im.load();print('memory2', process.memory_info().rss)"
3 changes: 3 additions & 0 deletions src/PIL/Jpeg2KImagePlugin.py
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,9 @@ def _open(self) -> None:
self.fp.seek(pos)
except Exception:
length = -1
print("codec", self.codec)
print("tell", self.fp.tell())
print("length", length)

self.tile = [
ImageFile._Tile(
Expand Down
9 changes: 9 additions & 0 deletions src/libImaging/Jpeg2KDecode.c
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ j2k_read(void *p_buffer, OPJ_SIZE_T p_nb_bytes, void *p_user_data) {
ImagingCodecState state = (ImagingCodecState)p_user_data;

size_t len = _imaging_read_pyFd(state->fd, p_buffer, p_nb_bytes);
printf("len %zu\n", len);

return len ? len : (OPJ_SIZE_T)-1;
}
Expand Down Expand Up @@ -692,13 +693,15 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) {
opj_setup_decoder(codec, &params);

if (!opj_read_header(stream, codec, &image)) {
printf("exit5\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
}

/* Check that this image is something we can handle */
if (image->numcomps < 1 || image->numcomps > 4) {
printf("exit6\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
Expand Down Expand Up @@ -801,6 +804,7 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) {
&tile_info.nb_comps,
&should_continue
)) {
printf("exit7\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
Expand All @@ -826,12 +830,14 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) {
(OPJ_UINT32)tile_info.y0 < image->y0 ||
(OPJ_INT32)(tile_info.x1 - image->x0) > im->xsize ||
(OPJ_INT32)(tile_info.y1 - image->y0) > im->ysize) {
printf("exit8\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
}

if (tile_info.nb_comps != image->numcomps) {
printf("exit8b\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
Expand Down Expand Up @@ -859,6 +865,7 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) {
(tile_height > UINT_MAX / total_component_width) ||
(tile_width > UINT_MAX / (tile_height * total_component_width)) ||
(tile_height > UINT_MAX / (tile_width * total_component_width))) {
printf("exit9\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
Expand Down Expand Up @@ -893,6 +900,7 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) {
tile_info.data_size,
stream
)) {
printf("exit10\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
Expand All @@ -902,6 +910,7 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) {
}

if (!opj_end_decompress(codec, stream)) {
printf("exit11\n");
state->errcode = IMAGING_CODEC_BROKEN;
state->state = J2K_STATE_FAILED;
goto quick_exit;
Expand Down
6 changes: 6 additions & 0 deletions winbuild/build/src/openjpeg-2.5.3/src/lib/openjp2/j2k.c
Original file line number Diff line number Diff line change
Expand Up @@ -10128,12 +10128,14 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k,

if (!(p_j2k->m_specific_param.m_decoder.m_state & J2K_STATE_DATA)
|| (p_tile_index != p_j2k->m_current_tile_number)) {
printf("here1\n");
return OPJ_FALSE;
}

l_tcp = &(p_j2k->m_cp.tcps[p_tile_index]);
if (! l_tcp->m_data) {
opj_j2k_tcp_destroy(l_tcp);
printf("here2\n");
return OPJ_FALSE;
}

Expand All @@ -10158,6 +10160,7 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k,
opj_j2k_tcp_destroy(l_tcp);
p_j2k->m_specific_param.m_decoder.m_state |= J2K_STATE_ERR;
opj_event_msg(p_manager, EVT_ERROR, "Failed to decode.\n");
printf("here3\n");
return OPJ_FALSE;
}

Expand All @@ -10166,6 +10169,7 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k,
/* tile decoding optimization. */
if (p_data != NULL) {
if (! opj_tcd_update_tile_data(p_j2k->m_tcd, p_data, p_data_size)) {
printf("here4\n");
return OPJ_FALSE;
}

Expand All @@ -10188,6 +10192,7 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k,
if (opj_stream_read_data(p_stream, l_data, 2, p_manager) != 2) {
opj_event_msg(p_manager, p_j2k->m_cp.strict ? EVT_ERROR : EVT_WARNING,
"Stream too short\n");
printf("here5\n");
return p_j2k->m_cp.strict ? OPJ_FALSE : OPJ_TRUE;
}
opj_read_bytes(l_data, &l_current_marker, 2);
Expand All @@ -10202,6 +10207,7 @@ OPJ_BOOL opj_j2k_decode_tile(opj_j2k_t * p_j2k,
return OPJ_TRUE;
}
opj_event_msg(p_manager, EVT_ERROR, "Stream too short, expected SOT\n");
printf("here6\n");
return OPJ_FALSE;
}
}
Expand Down
2 changes: 2 additions & 0 deletions winbuild/build/src/openjpeg-2.5.3/src/lib/openjp2/openjpeg.c
Original file line number Diff line number Diff line change
Expand Up @@ -599,6 +599,7 @@ OPJ_BOOL OPJ_CALLCONV opj_decode_tile_data(opj_codec_t *p_codec,
opj_stream_private_t * l_stream = (opj_stream_private_t *) p_stream;

if (! l_codec->is_decompressor) {
printf("inside51\n");
return OPJ_FALSE;
}

Expand All @@ -610,6 +611,7 @@ OPJ_BOOL OPJ_CALLCONV opj_decode_tile_data(opj_codec_t *p_codec,
l_stream,
&(l_codec->m_event_mgr));
}
printf("inside52\n");
return OPJ_FALSE;
}

Expand Down
10 changes: 5 additions & 5 deletions winbuild/build/src/openjpeg-2.5.3/src/lib/openjp2/t2.c
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
/* create a packet iterator */
l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager);
if (!l_pi) {
return OPJ_FALSE;
printf("what1\n");return OPJ_FALSE;
}


Expand All @@ -445,13 +445,13 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
if (l_current_pi->poc.prg == OPJ_PROG_UNKNOWN) {
/* TODO ADE : add an error */
opj_pi_destroy(l_pi, l_nb_pocs);
return OPJ_FALSE;
printf("what2\n");return OPJ_FALSE;
}

first_pass_failed = (OPJ_BOOL*)opj_malloc(l_image->numcomps * sizeof(OPJ_BOOL));
if (!first_pass_failed) {
opj_pi_destroy(l_pi, l_nb_pocs);
return OPJ_FALSE;
printf("what3\n");return OPJ_FALSE;
}
memset(first_pass_failed, OPJ_TRUE, l_image->numcomps * sizeof(OPJ_BOOL));

Expand Down Expand Up @@ -511,7 +511,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
&l_nb_bytes_read, p_max_len, l_pack_info, p_manager)) {
opj_pi_destroy(l_pi, l_nb_pocs);
opj_free(first_pass_failed);
return OPJ_FALSE;
printf("what4\n");return OPJ_FALSE;
}

l_img_comp = &(l_image->comps[l_current_pi->compno]);
Expand All @@ -523,7 +523,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd,
&l_nb_bytes_read, p_max_len, l_pack_info, p_manager)) {
opj_pi_destroy(l_pi, l_nb_pocs);
opj_free(first_pass_failed);
return OPJ_FALSE;
printf("what5\n");return OPJ_FALSE;
}
}

Expand Down
30 changes: 15 additions & 15 deletions winbuild/build/src/openjpeg-2.5.3/src/lib/openjp2/tcd.c
Original file line number Diff line number Diff line change
Expand Up @@ -1574,7 +1574,7 @@ OPJ_BOOL opj_tcd_decode_tile(opj_tcd_t *p_tcd,
OPJ_BOOL* used_component = (OPJ_BOOL*) opj_calloc(sizeof(OPJ_BOOL),
p_tcd->image->numcomps);
if (used_component == NULL) {
return OPJ_FALSE;
printf("here3a\n");return OPJ_FALSE;
}
for (compno = 0; compno < numcomps_to_decode; compno++) {
used_component[ comps_indices[compno] ] = OPJ_TRUE;
Expand Down Expand Up @@ -1613,14 +1613,14 @@ OPJ_BOOL opj_tcd_decode_tile(opj_tcd_t *p_tcd,
if (res_h > 0 && res_w > SIZE_MAX / res_h) {
opj_event_msg(p_manager, EVT_ERROR,
"Size of tile data exceeds system limits\n");
return OPJ_FALSE;
printf("here3b\n");return OPJ_FALSE;
}
l_data_size = res_w * res_h;

if (SIZE_MAX / sizeof(OPJ_UINT32) < l_data_size) {
opj_event_msg(p_manager, EVT_ERROR,
"Size of tile data exceeds system limits\n");
return OPJ_FALSE;
printf("here3c\n");return OPJ_FALSE;
}
l_data_size *= sizeof(OPJ_UINT32);

Expand All @@ -1629,7 +1629,7 @@ OPJ_BOOL opj_tcd_decode_tile(opj_tcd_t *p_tcd,
if (!opj_alloc_tile_component_data(tilec)) {
opj_event_msg(p_manager, EVT_ERROR,
"Size of tile data exceeds system limits\n");
return OPJ_FALSE;
printf("here3d\n");return OPJ_FALSE;
}
}
} else {
Expand Down Expand Up @@ -1666,7 +1666,7 @@ OPJ_BOOL opj_tcd_decode_tile(opj_tcd_t *p_tcd,
/* Upper level logic should not even try to decode that tile */
opj_event_msg(p_manager, EVT_ERROR,
"Invalid tilec->win_xxx values\n");
return OPJ_FALSE;
printf("here3e\n");return OPJ_FALSE;
}

for (resno = 0; resno < tilec->numresolutions; ++resno) {
Expand Down Expand Up @@ -1712,15 +1712,15 @@ OPJ_BOOL opj_tcd_decode_tile(opj_tcd_t *p_tcd,
l_data_read = 0;
if (! opj_tcd_t2_decode(p_tcd, p_src, &l_data_read, p_max_length, p_cstr_index,
p_manager)) {
return OPJ_FALSE;
printf("here3f\n");return OPJ_FALSE;
}
/* FIXME _ProfStop(PGROUP_T2); */

/*------------------TIER1-----------------*/

/* FIXME _ProfStart(PGROUP_T1); */
if (! opj_tcd_t1_decode(p_tcd, p_manager)) {
return OPJ_FALSE;
printf("here3g\n");return OPJ_FALSE;
}
/* FIXME _ProfStop(PGROUP_T1); */

Expand All @@ -1747,21 +1747,21 @@ OPJ_BOOL opj_tcd_decode_tile(opj_tcd_t *p_tcd,
if (w > SIZE_MAX / h) {
opj_event_msg(p_manager, EVT_ERROR,
"Size of tile data exceeds system limits\n");
return OPJ_FALSE;
printf("here3h\n");return OPJ_FALSE;
}
l_data_size = w * h;
if (l_data_size > SIZE_MAX / sizeof(OPJ_INT32)) {
opj_event_msg(p_manager, EVT_ERROR,
"Size of tile data exceeds system limits\n");
return OPJ_FALSE;
printf("here3i\n");return OPJ_FALSE;
}
l_data_size *= sizeof(OPJ_INT32);

tilec->data_win = (OPJ_INT32*) opj_image_data_alloc(l_data_size);
if (tilec->data_win == NULL) {
opj_event_msg(p_manager, EVT_ERROR,
"Size of tile data exceeds system limits\n");
return OPJ_FALSE;
printf("here3j\n");return OPJ_FALSE;
}
}
}
Expand All @@ -1772,22 +1772,22 @@ OPJ_BOOL opj_tcd_decode_tile(opj_tcd_t *p_tcd,
/* FIXME _ProfStart(PGROUP_DWT); */
if
(! opj_tcd_dwt_decode(p_tcd)) {
return OPJ_FALSE;
printf("here3k\n");return OPJ_FALSE;
}
/* FIXME _ProfStop(PGROUP_DWT); */

/*----------------MCT-------------------*/
/* FIXME _ProfStart(PGROUP_MCT); */
if
(! opj_tcd_mct_decode(p_tcd, p_manager)) {
return OPJ_FALSE;
printf("here3l\n");return OPJ_FALSE;
}
/* FIXME _ProfStop(PGROUP_MCT); */

/* FIXME _ProfStart(PGROUP_DC_SHIFT); */
if
(! opj_tcd_dc_level_shift_decode(p_tcd)) {
return OPJ_FALSE;
printf("here3m\n");return OPJ_FALSE;
}
/* FIXME _ProfStop(PGROUP_DC_SHIFT); */

Expand Down Expand Up @@ -2018,7 +2018,7 @@ static OPJ_BOOL opj_tcd_t2_decode(opj_tcd_t *p_tcd,

l_t2 = opj_t2_create(p_tcd->image, p_tcd->cp);
if (l_t2 == 00) {
return OPJ_FALSE;
printf("here3f\1n");return OPJ_FALSE;
}

if (! opj_t2_decode_packets(
Expand All @@ -2032,7 +2032,7 @@ static OPJ_BOOL opj_tcd_t2_decode(opj_tcd_t *p_tcd,
p_cstr_index,
p_manager)) {
opj_t2_destroy(l_t2);
return OPJ_FALSE;
printf("here3f2\n");return OPJ_FALSE;
}

opj_t2_destroy(l_t2);
Expand Down

0 comments on commit 92388bd

Please sign in to comment.