shithub: jbig2

Info  •  Files  •  Log

Fix some small bugs and add additional error checking to the
huffman decoding support.


git-svn-id: http://svn.ghostscript.com/jbig2dec/trunk@434 ded80894-8fb9-0310-811b-c03f3676ab4d

--- a/jbig2_huffman.c

+++ b/jbig2_huffman.c

@@ -90,10 +90,9 @@

 /** debug routines **/

 #ifdef JBIG2_DEBUG

-#include <stdio.h>

+

 /** print current huffman state */

-void jbig2_dump_huffman_state(Jbig2HuffmanState *hs)

-{

+void jbig2_dump_huffman_state(Jbig2HuffmanState *hs) {

   fprintf(stderr, "huffman state %08x %08x offset %d.%d\n",

 	hs->this_word, hs->next_word, hs->offset, hs->offset_bits); 

 }

@@ -109,6 +108,7 @@

     fprintf(stderr, ((word >> i) & 1) ? "1" : "0");

   fprintf(stderr, "\n");

 }

+

 #endif /* JBIG2_DEBUG */

 /** Skip bits up to the next byte boundary

@@ -174,7 +174,7 @@

 {

   uint32_t this_word = hs->this_word;

   int32_t result;

-	

+

   result = this_word >> (32 - bits);

   hs->offset_bits += bits;

   if (hs->offset_bits >= 32) {

@@ -182,8 +182,12 @@

     hs->offset_bits -= 32;

     hs->this_word = hs->next_word;

     hs->next_word = hs->ws->get_next_word(hs->ws, hs->offset + 4);

-    hs->this_word = (hs->this_word << hs->offset_bits) |

+    if (hs->offset_bits) {

+      hs->this_word = (hs->this_word << hs->offset_bits) |

 	(hs->next_word >> (32 - hs->offset_bits));

+    } else {

+      hs->this_word = (hs->this_word << hs->offset_bits);

+    }

   } else {

     hs->this_word = (this_word << bits) |

 	(hs->next_word >> (32 - hs->offset_bits));

@@ -225,9 +229,9 @@

 	  hs->next_word = next_word;

 	  PREFLEN = offset_bits;

 	}

-if (PREFLEN)

-      this_word = (this_word << PREFLEN) |

-	(next_word >> (32 - offset_bits));

+      if (PREFLEN)

+	this_word = (this_word << PREFLEN) |

+	  (next_word >> (32 - offset_bits));

       if (flags & JBIG2_HUFFMAN_FLAGS_ISEXT)

 	{

 	  table = entry->u.ext_table;

@@ -272,10 +276,10 @@

   return result;

 }

-/* TODO: 10 bits here is wasteful of memory. We have support for 

-   sub-trees in jbig2_huffman_get() above, but don't use it here.

+/* TODO: more than 8 bits here is wasteful of memory. We have support 

+   for sub-trees in jbig2_huffman_get() above, but don't use it here.

    We should, and then revert to 8 bits */

-#define LOG_TABLE_SIZE_MAX 10

+#define LOG_TABLE_SIZE_MAX 16

 /** Build an in-memory representation of a Huffman table from the

  *  set of template params provided by the spec or a table segment

@@ -288,6 +292,7 @@

   const Jbig2HuffmanLine *lines = params->lines;

   int n_lines = params->n_lines;

   int i, j;

+  int max_j;

   int log_table_size = 0;

   Jbig2HuffmanTable *result;

   Jbig2HuffmanEntry *entries;

@@ -316,9 +321,13 @@

       if (lts <= LOG_TABLE_SIZE_MAX && log_table_size < lts)

 		log_table_size = lts;

     }

+  jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1,

+	"constructing huffman table log size %d", log_table_size);

+  max_j = 1 << log_table_size;

+

   result = (Jbig2HuffmanTable *)jbig2_alloc(ctx->allocator, sizeof(Jbig2HuffmanTable));

   result->log_table_size = log_table_size;

-  entries = (Jbig2HuffmanEntry *)jbig2_alloc(ctx->allocator, sizeof(Jbig2HuffmanEntry) << log_table_size);

+  entries = (Jbig2HuffmanEntry *)jbig2_alloc(ctx->allocator, max_j * sizeof(Jbig2HuffmanEntry));

   result->entries = entries;

   LENCOUNT[0] = 0;

@@ -341,25 +350,28 @@

 	      int end_j = (CURCODE + 1) << shift;

 	      byte eflags = 0;

+	      if (end_j > max_j) {

+		jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1,

+		  "ran off the end of the entries table! (%d >= %d)",

+		  end_j, max_j);

+		jbig2_free(ctx->allocator, result->entries);

+		jbig2_free(ctx->allocator, result);

+		return NULL;

+	      }

 	      /* todo: build extension tables */

 	      if (params->HTOOB && CURTEMP == n_lines - 1)

 		eflags |= JBIG2_HUFFMAN_FLAGS_ISOOB;

 	      if (CURTEMP == n_lines - (params->HTOOB ? 3 : 2))

 		eflags |= JBIG2_HUFFMAN_FLAGS_ISLOW;

-	      if (PREFLEN + RANGELEN > LOG_TABLE_SIZE_MAX)

-		{

-		  for (j = start_j; j < end_j; j++)

-		    {

+	      if (PREFLEN + RANGELEN > LOG_TABLE_SIZE_MAX) {

+		  for (j = start_j; j < end_j; j++) {

 		      entries[j].u.RANGELOW = lines[CURTEMP].RANGELOW;

 		      entries[j].PREFLEN = PREFLEN;

 		      entries[j].RANGELEN = RANGELEN;

 		      entries[j].flags = eflags;

 		    }

-		}

-	      else

-		{

-		  for (j = start_j; j < end_j; j++)

-		    {

+	      } else {

+		  for (j = start_j; j < end_j; j++) {

 		      int32_t HTOFFSET = (j >> (shift - RANGELEN)) &

 			((1 << RANGELEN) - 1);

 		      if (eflags & JBIG2_HUFFMAN_FLAGS_ISLOW)

--- a/jbig2_text.c

+++ b/jbig2_text.c

@@ -187,7 +187,6 @@

 	/* decode the symbol id codelengths using the runlength table */

 	symcodelengths = jbig2_alloc(ctx->allocator, SBNUMSYMS*sizeof(Jbig2HuffmanLine));

-	/* todo: could save considerable space by growing the lines array as needed */

 	if (symcodelengths == NULL) {

 	  jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,

 	    "memory allocation failure reading symbol ID huffman table!");

@@ -213,23 +212,30 @@

 	      return -1;

 	    }

 	    len = symcodelengths[index-1].PREFLEN;

-	    if (code == 32) range = jbig2_huffman_get_bits(hs, 2) + 3;

+	    if (code == 32) range = jbig2_huffman_get_bits(hs, 2) + 2;

 	    else if (code == 33) range = jbig2_huffman_get_bits(hs, 3) + 3;

 	    else if (code == 34) range = jbig2_huffman_get_bits(hs, 7) + 11;

 	  }

 	  jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number,

 	    "  read runcode%d at index %d (length %d range %d)", code, index, len, range);

+	  if (index+range > SBNUMSYMS) {

+	    jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,

+	      "runlength extends %d entries beyond the end of symbol id table!",

+		index+range - SBNUMSYMS);

+	    range = SBNUMSYMS - index;

+	  }

 	  for (r = 0; r < range; r++) {

 	    symcodelengths[index+r].PREFLEN = len; 

 	    symcodelengths[index+r].RANGELEN = 0; 

-	    symcodelengths[index+r].RANGELOW = index;

+	    symcodelengths[index+r].RANGELOW = index + r;

 	  }

 	  index += r;

-	  if (index > SBNUMSYMS) {

-	    jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,

-	      "runlength extends beyond the end of symbol id table");

-	  }

 	}

+

+	if (index < SBNUMSYMS) {

+	  jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,

+	    "runlength codes do not cover the available symbol set");

+	}

 	symcodeparams.HTOOB = 0;

 	symcodeparams.lines = symcodelengths;

 	symcodeparams.n_lines = SBNUMSYMS;

@@ -242,6 +248,12 @@

 	jbig2_free(ctx->allocator, symcodelengths);

 	jbig2_release_huffman_table(ctx, runcodes);

+

+	if (SBSYMCODES == NULL) {

+	    jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,

+		"could not construct Symbol ID huffman table!");

+	    return NULL;

+	}

     }

     /* 6.4.5 (1) */