/src/qpdf/libqpdf/Pl_DCT.cc
Line | Count | Source (jump to first uncovered line) |
1 | | #include <qpdf/Pl_DCT.hh> |
2 | | |
3 | | #include <qpdf/QIntC.hh> |
4 | | #include <qpdf/QTC.hh> |
5 | | |
6 | | #include <csetjmp> |
7 | | #include <stdexcept> |
8 | | #include <string> |
9 | | |
10 | | #if BITS_IN_JSAMPLE != 8 |
11 | | # error "qpdf does not support libjpeg built with BITS_IN_JSAMPLE != 8" |
12 | | #endif |
13 | | |
14 | | namespace |
15 | | { |
16 | | class FunctionCallbackConfig: public Pl_DCT::CompressConfig |
17 | | { |
18 | | public: |
19 | | explicit FunctionCallbackConfig(std::function<void(jpeg_compress_struct*)> f) : |
20 | 0 | f(std::move(f)) |
21 | 0 | { |
22 | 0 | } |
23 | 0 | ~FunctionCallbackConfig() override = default; |
24 | | void |
25 | | apply(jpeg_compress_struct* config) override |
26 | 0 | { |
27 | 0 | f(config); |
28 | 0 | }; |
29 | | |
30 | | std::function<void(jpeg_compress_struct*)> f; |
31 | | }; |
32 | | |
33 | | struct qpdf_jpeg_error_mgr |
34 | | { |
35 | | struct jpeg_error_mgr pub; |
36 | | jmp_buf jmpbuf; |
37 | | std::string msg; |
38 | | }; |
39 | | |
40 | | long memory_limit{0}; |
41 | | int scan_limit{0}; |
42 | | bool throw_on_corrupt_data{true}; |
43 | | } // namespace |
44 | | |
45 | | static void |
46 | | error_handler(j_common_ptr cinfo) |
47 | 13.1k | { |
48 | 13.1k | auto* jerr = reinterpret_cast<qpdf_jpeg_error_mgr*>(cinfo->err); |
49 | 13.1k | char buf[JMSG_LENGTH_MAX]; |
50 | 13.1k | (*cinfo->err->format_message)(cinfo, buf); |
51 | 13.1k | jerr->msg = buf; |
52 | 13.1k | longjmp(jerr->jmpbuf, 1); |
53 | 13.1k | } |
54 | | |
55 | | static void |
56 | | emit_message(j_common_ptr cinfo, int msg_level) |
57 | 1.56M | { |
58 | 1.56M | if (msg_level == -1) { |
59 | 21.1k | auto* jerr = reinterpret_cast<qpdf_jpeg_error_mgr*>(cinfo->err); |
60 | 21.1k | jerr->msg = "Pl_DCT::decompress: JPEG data is corrupt"; |
61 | 21.1k | longjmp(jerr->jmpbuf, 1); |
62 | 21.1k | } |
63 | 1.56M | } |
64 | | |
65 | | static void |
66 | | progress_monitor(j_common_ptr cinfo) |
67 | 91.8M | { |
68 | 91.8M | if (cinfo->is_decompressor && |
69 | 91.8M | reinterpret_cast<jpeg_decompress_struct*>(cinfo)->input_scan_number > scan_limit) { |
70 | 29 | auto* jerr = reinterpret_cast<qpdf_jpeg_error_mgr*>(cinfo->err); |
71 | 29 | jerr->msg = "Pl_DCT::decompress: JPEG data has too many scans"; |
72 | 29 | longjmp(jerr->jmpbuf, 1); |
73 | 29 | } |
74 | 91.8M | } |
75 | | |
76 | | class Pl_DCT::Members |
77 | | { |
78 | | public: |
79 | | // For compression |
80 | | Members( |
81 | | JDIMENSION image_width, |
82 | | JDIMENSION image_height, |
83 | | int components, |
84 | | J_COLOR_SPACE color_space, |
85 | | CompressConfig* config_callback) : |
86 | 0 | action(a_compress), |
87 | 0 | buf("DCT uncompressed image"), |
88 | 0 | image_width(image_width), |
89 | 0 | image_height(image_height), |
90 | 0 | components(components), |
91 | 0 | color_space(color_space), |
92 | 0 | config_callback(config_callback) |
93 | 0 | { |
94 | 0 | } |
95 | | |
96 | | // For decompression |
97 | | Members() : |
98 | 66.3k | action(a_decompress), |
99 | 66.3k | buf("DCT compressed image") |
100 | 66.3k | { |
101 | 66.3k | } |
102 | | |
103 | | Members(Members const&) = delete; |
104 | | |
105 | 66.3k | ~Members() = default; |
106 | | |
107 | | action_e action; |
108 | | Pl_Buffer buf; |
109 | | |
110 | | // Used for compression |
111 | | JDIMENSION image_width{0}; |
112 | | JDIMENSION image_height{0}; |
113 | | int components{1}; |
114 | | J_COLOR_SPACE color_space{JCS_GRAYSCALE}; |
115 | | |
116 | | CompressConfig* config_callback{nullptr}; |
117 | | }; |
118 | | |
119 | | Pl_DCT::Pl_DCT(char const* identifier, Pipeline* next) : |
120 | 66.3k | Pipeline(identifier, next), |
121 | 66.3k | m(std::make_unique<Members>()) |
122 | 66.3k | { |
123 | 66.3k | if (!next) { |
124 | 0 | throw std::logic_error("Attempt to create Pl_DCT with nullptr as next"); |
125 | 0 | } |
126 | 66.3k | } |
127 | | |
128 | | void |
129 | | Pl_DCT::setMemoryLimit(long limit) |
130 | 280k | { |
131 | 280k | memory_limit = limit; |
132 | 280k | } |
133 | | |
134 | | void |
135 | | Pl_DCT::setScanLimit(int limit) |
136 | 280k | { |
137 | 280k | scan_limit = limit; |
138 | 280k | } |
139 | | |
140 | | void |
141 | | Pl_DCT::setThrowOnCorruptData(bool treat_as_error) |
142 | 280k | { |
143 | 280k | throw_on_corrupt_data = treat_as_error; |
144 | 280k | } |
145 | | |
146 | | Pl_DCT::Pl_DCT( |
147 | | char const* identifier, |
148 | | Pipeline* next, |
149 | | JDIMENSION image_width, |
150 | | JDIMENSION image_height, |
151 | | int components, |
152 | | J_COLOR_SPACE color_space, |
153 | | CompressConfig* compress_callback) : |
154 | 0 | Pipeline(identifier, next), |
155 | 0 | m(std::make_unique<Members>( |
156 | 0 | image_width, image_height, components, color_space, compress_callback)) |
157 | 0 | { |
158 | 0 | } |
159 | | |
160 | | // Must be explicit and not inline -- see QPDF_DLL_CLASS in README-maintainer |
161 | 66.3k | Pl_DCT::~Pl_DCT() = default; |
162 | | |
163 | | void |
164 | | Pl_DCT::write(unsigned char const* data, size_t len) |
165 | 1.62M | { |
166 | 1.62M | m->buf.write(data, len); |
167 | 1.62M | } |
168 | | |
169 | | void |
170 | | Pl_DCT::finish() |
171 | 66.2k | { |
172 | 66.2k | m->buf.finish(); |
173 | | |
174 | | // Using a std::shared_ptr<Buffer> here and passing it into compress and decompress causes a |
175 | | // memory leak with setjmp/longjmp. Just use a pointer and delete it. |
176 | 66.2k | Buffer* b = m->buf.getBuffer(); |
177 | 66.2k | if (b->getSize() == 0) { |
178 | | // Special case: empty data will never succeed and probably means we're calling finish a |
179 | | // second time from an exception handler. |
180 | 1.02k | delete b; |
181 | 1.02k | next()->finish(); |
182 | 1.02k | return; |
183 | 1.02k | } |
184 | | |
185 | 65.2k | struct jpeg_compress_struct cinfo_compress; |
186 | 65.2k | struct jpeg_decompress_struct cinfo_decompress; |
187 | 65.2k | struct qpdf_jpeg_error_mgr jerr; |
188 | | |
189 | 65.2k | cinfo_compress.err = jpeg_std_error(&(jerr.pub)); |
190 | 65.2k | cinfo_decompress.err = jpeg_std_error(&(jerr.pub)); |
191 | 65.2k | jerr.pub.error_exit = error_handler; |
192 | 65.2k | if (m->action == a_decompress && throw_on_corrupt_data) { |
193 | 65.2k | jerr.pub.emit_message = emit_message; |
194 | 65.2k | } |
195 | | |
196 | 65.2k | bool error = false; |
197 | | // The jpeg library is a "C" library, so we use setjmp and longjmp for exception handling. |
198 | 65.2k | if (setjmp(jerr.jmpbuf) == 0) { |
199 | 65.2k | try { |
200 | 65.2k | if (m->action == a_compress) { |
201 | 0 | compress(reinterpret_cast<void*>(&cinfo_compress), b); |
202 | 65.2k | } else { |
203 | 65.2k | decompress(reinterpret_cast<void*>(&cinfo_decompress), b); |
204 | 65.2k | } |
205 | 65.2k | } catch (std::exception& e) { |
206 | | // Convert an exception back to a longjmp so we can ensure that the right cleanup |
207 | | // happens. This will get converted back to an exception. |
208 | 14.9k | jerr.msg = e.what(); |
209 | 14.9k | longjmp(jerr.jmpbuf, 1); |
210 | 14.9k | } |
211 | 65.2k | } else { |
212 | 0 | error = true; |
213 | 0 | } |
214 | 16.0k | delete b; |
215 | | |
216 | 16.0k | if (m->action == a_compress) { |
217 | 0 | jpeg_destroy_compress(&cinfo_compress); |
218 | 0 | } |
219 | 65.2k | if (m->action == a_decompress) { |
220 | 65.2k | jpeg_destroy_decompress(&cinfo_decompress); |
221 | 65.2k | } |
222 | 49.1k | if (error) { |
223 | 49.1k | throw std::runtime_error(jerr.msg); |
224 | 49.1k | } |
225 | 16.0k | } |
226 | | |
227 | | namespace |
228 | | { |
229 | | struct dct_pipeline_dest |
230 | | { |
231 | | struct jpeg_destination_mgr pub; /* public fields */ |
232 | | unsigned char* buffer; |
233 | | size_t size; |
234 | | Pipeline* next; |
235 | | }; |
236 | | } // namespace |
237 | | |
238 | | static void |
239 | | init_pipeline_destination(j_compress_ptr) |
240 | 0 | { |
241 | 0 | } |
242 | | |
243 | | static boolean |
244 | | empty_pipeline_output_buffer(j_compress_ptr cinfo) |
245 | 0 | { |
246 | 0 | QTC::TC("libtests", "Pl_DCT empty_pipeline_output_buffer"); |
247 | 0 | auto* dest = reinterpret_cast<dct_pipeline_dest*>(cinfo->dest); |
248 | 0 | dest->next->write(dest->buffer, dest->size); |
249 | 0 | dest->pub.next_output_byte = dest->buffer; |
250 | 0 | dest->pub.free_in_buffer = dest->size; |
251 | 0 | return TRUE; |
252 | 0 | } |
253 | | |
254 | | static void |
255 | | term_pipeline_destination(j_compress_ptr cinfo) |
256 | 0 | { |
257 | 0 | QTC::TC("libtests", "Pl_DCT term_pipeline_destination"); |
258 | 0 | auto* dest = reinterpret_cast<dct_pipeline_dest*>(cinfo->dest); |
259 | 0 | dest->next->write(dest->buffer, dest->size - dest->pub.free_in_buffer); |
260 | 0 | } |
261 | | |
262 | | static void |
263 | | jpeg_pipeline_dest(j_compress_ptr cinfo, unsigned char* outbuffer, size_t size, Pipeline* next) |
264 | 0 | { |
265 | 0 | cinfo->dest = static_cast<struct jpeg_destination_mgr*>( |
266 | | // line-break |
267 | 0 | (*cinfo->mem->alloc_small)( |
268 | 0 | reinterpret_cast<j_common_ptr>(cinfo), JPOOL_PERMANENT, sizeof(dct_pipeline_dest))); |
269 | 0 | auto* dest = reinterpret_cast<dct_pipeline_dest*>(cinfo->dest); |
270 | 0 | dest->pub.init_destination = init_pipeline_destination; |
271 | 0 | dest->pub.empty_output_buffer = empty_pipeline_output_buffer; |
272 | 0 | dest->pub.term_destination = term_pipeline_destination; |
273 | 0 | dest->pub.next_output_byte = dest->buffer = outbuffer; |
274 | 0 | dest->pub.free_in_buffer = dest->size = size; |
275 | 0 | dest->next = next; |
276 | 0 | } |
277 | | |
278 | | static void |
279 | | init_buffer_source(j_decompress_ptr) |
280 | 65.2k | { |
281 | 65.2k | } |
282 | | |
283 | | static boolean |
284 | | fill_buffer_input_buffer(j_decompress_ptr) |
285 | 14.7k | { |
286 | | // The whole JPEG data is expected to reside in the supplied memory buffer, so any request for |
287 | | // more data beyond the given buffer size is treated as an error. |
288 | 14.7k | throw std::runtime_error("invalid jpeg data reading from buffer"); |
289 | 0 | return TRUE; |
290 | 14.7k | } |
291 | | |
292 | | static void |
293 | | skip_buffer_input_data(j_decompress_ptr cinfo, long num_bytes) |
294 | 23.6k | { |
295 | 23.6k | if (num_bytes < 0) { |
296 | 0 | throw std::runtime_error( |
297 | 0 | "reading jpeg: jpeg library requested skipping a negative number of bytes"); |
298 | 0 | } |
299 | 23.6k | size_t to_skip = QIntC::to_size(num_bytes); |
300 | 23.6k | if ((to_skip > 0) && (to_skip <= cinfo->src->bytes_in_buffer)) { |
301 | 22.5k | cinfo->src->next_input_byte += to_skip; |
302 | 22.5k | cinfo->src->bytes_in_buffer -= to_skip; |
303 | 22.5k | } else if (to_skip != 0) { |
304 | 1.08k | cinfo->src->next_input_byte += cinfo->src->bytes_in_buffer; |
305 | 1.08k | cinfo->src->bytes_in_buffer = 0; |
306 | 1.08k | } |
307 | 23.6k | } |
308 | | |
309 | | static void |
310 | | term_buffer_source(j_decompress_ptr) |
311 | 16.0k | { |
312 | 16.0k | } |
313 | | |
314 | | static void |
315 | | jpeg_buffer_src(j_decompress_ptr cinfo, Buffer* buffer) |
316 | 65.2k | { |
317 | 65.2k | cinfo->src = reinterpret_cast<jpeg_source_mgr*>( |
318 | | // line-break |
319 | 65.2k | (*cinfo->mem->alloc_small)( |
320 | 65.2k | reinterpret_cast<j_common_ptr>(cinfo), JPOOL_PERMANENT, sizeof(jpeg_source_mgr))); |
321 | | |
322 | 65.2k | jpeg_source_mgr* src = cinfo->src; |
323 | 65.2k | src->init_source = init_buffer_source; |
324 | 65.2k | src->fill_input_buffer = fill_buffer_input_buffer; |
325 | 65.2k | src->skip_input_data = skip_buffer_input_data; |
326 | 65.2k | src->resync_to_restart = jpeg_resync_to_restart; /* use default method */ |
327 | 65.2k | src->term_source = term_buffer_source; |
328 | 65.2k | src->bytes_in_buffer = buffer->getSize(); |
329 | 65.2k | src->next_input_byte = buffer->getBuffer(); |
330 | 65.2k | } |
331 | | |
332 | | void |
333 | | Pl_DCT::compress(void* cinfo_p, Buffer* b) |
334 | 0 | { |
335 | 0 | auto* cinfo = reinterpret_cast<jpeg_compress_struct*>(cinfo_p); |
336 | |
|
337 | 0 | #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || defined(__clang__)) |
338 | 0 | # pragma GCC diagnostic push |
339 | 0 | # pragma GCC diagnostic ignored "-Wold-style-cast" |
340 | 0 | #endif |
341 | 0 | jpeg_create_compress(cinfo); |
342 | 0 | #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || defined(__clang__)) |
343 | 0 | # pragma GCC diagnostic pop |
344 | 0 | #endif |
345 | 0 | static int const BUF_SIZE = 65536; |
346 | 0 | auto outbuffer_ph = std::make_unique<unsigned char[]>(BUF_SIZE); |
347 | 0 | unsigned char* outbuffer = outbuffer_ph.get(); |
348 | 0 | jpeg_pipeline_dest(cinfo, outbuffer, BUF_SIZE, next()); |
349 | |
|
350 | 0 | cinfo->image_width = m->image_width; |
351 | 0 | cinfo->image_height = m->image_height; |
352 | 0 | cinfo->input_components = m->components; |
353 | 0 | cinfo->in_color_space = m->color_space; |
354 | 0 | jpeg_set_defaults(cinfo); |
355 | 0 | if (m->config_callback) { |
356 | 0 | m->config_callback->apply(cinfo); |
357 | 0 | } |
358 | |
|
359 | 0 | jpeg_start_compress(cinfo, TRUE); |
360 | |
|
361 | 0 | unsigned int width = cinfo->image_width * QIntC::to_uint(cinfo->input_components); |
362 | 0 | size_t expected_size = QIntC::to_size(cinfo->image_height) * |
363 | 0 | QIntC::to_size(cinfo->image_width) * QIntC::to_size(cinfo->input_components); |
364 | 0 | if (b->getSize() != expected_size) { |
365 | 0 | throw std::runtime_error( |
366 | 0 | "Pl_DCT: image buffer size = " + std::to_string(b->getSize()) + |
367 | 0 | "; expected size = " + std::to_string(expected_size)); |
368 | 0 | } |
369 | 0 | JSAMPROW row_pointer[1]; |
370 | 0 | unsigned char* buffer = b->getBuffer(); |
371 | 0 | while (cinfo->next_scanline < cinfo->image_height) { |
372 | | // We already verified that the buffer is big enough. |
373 | 0 | row_pointer[0] = &buffer[cinfo->next_scanline * width]; |
374 | 0 | (void)jpeg_write_scanlines(cinfo, row_pointer, 1); |
375 | 0 | } |
376 | 0 | jpeg_finish_compress(cinfo); |
377 | 0 | next()->finish(); |
378 | 0 | } |
379 | | |
380 | | void |
381 | | Pl_DCT::decompress(void* cinfo_p, Buffer* b) |
382 | 65.2k | { |
383 | 65.2k | auto* cinfo = reinterpret_cast<jpeg_decompress_struct*>(cinfo_p); |
384 | | |
385 | 65.2k | #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || defined(__clang__)) |
386 | 65.2k | # pragma GCC diagnostic push |
387 | 65.2k | # pragma GCC diagnostic ignored "-Wold-style-cast" |
388 | 65.2k | #endif |
389 | 65.2k | jpeg_create_decompress(cinfo); |
390 | 65.2k | #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || defined(__clang__)) |
391 | 65.2k | # pragma GCC diagnostic pop |
392 | 65.2k | #endif |
393 | | |
394 | 65.2k | if (memory_limit > 0) { |
395 | 65.2k | cinfo->mem->max_memory_to_use = memory_limit; |
396 | 65.2k | } |
397 | | |
398 | 65.2k | jpeg_buffer_src(cinfo, b); |
399 | | |
400 | 65.2k | (void)jpeg_read_header(cinfo, TRUE); |
401 | 65.2k | (void)jpeg_calc_output_dimensions(cinfo); |
402 | 65.2k | unsigned int width = cinfo->output_width * QIntC::to_uint(cinfo->output_components); |
403 | 65.2k | if (memory_limit > 0 && |
404 | 65.2k | width > (static_cast<unsigned long>(memory_limit) / (20U * cinfo->output_height))) { |
405 | | // Even if jpeglib does not run out of memory, qpdf will while buffering the data before |
406 | | // writing it. Furthermore, for very large images runtime can be significant before the |
407 | | // first warning is encountered causing a timeout in oss-fuzz. |
408 | 172 | throw std::runtime_error("Pl_DCT::decompress: JPEG data large - may be too slow"); |
409 | 172 | } |
410 | 65.0k | jpeg_progress_mgr progress_mgr; |
411 | 65.0k | if (scan_limit > 0) { |
412 | 52.0k | progress_mgr.progress_monitor = &progress_monitor; |
413 | 52.0k | cinfo->progress = &progress_mgr; |
414 | 52.0k | } |
415 | 65.0k | JSAMPARRAY buffer = |
416 | 65.0k | (*cinfo->mem->alloc_sarray)(reinterpret_cast<j_common_ptr>(cinfo), JPOOL_IMAGE, width, 1); |
417 | | |
418 | 65.0k | (void)jpeg_start_decompress(cinfo); |
419 | 79.8M | while (cinfo->output_scanline < cinfo->output_height) { |
420 | 79.7M | (void)jpeg_read_scanlines(cinfo, buffer, 1); |
421 | 79.7M | next()->write(buffer[0], width * sizeof(buffer[0][0])); |
422 | 79.7M | } |
423 | 65.0k | (void)jpeg_finish_decompress(cinfo); |
424 | 65.0k | next()->finish(); |
425 | 65.0k | } |
426 | | |
427 | | std::unique_ptr<Pl_DCT::CompressConfig> |
428 | | Pl_DCT::make_compress_config(std::function<void(jpeg_compress_struct*)> f) |
429 | 0 | { |
430 | 0 | return std::make_unique<FunctionCallbackConfig>(f); |
431 | 0 | } |