* Validate dimensions in the SIZ marker segment after reading it from a codestream (#253)

Validate SIZ marker segment content after reading it from a codestream.

Author: palemieux

CMakeLists.txt

@@ -232,24 +232,11 @@ install(FILES "${CMAKE_BINARY_DIR}/${PROJECT_NAME}.pc"
 )
 
 ################################################################################################
-# Testing (OJPH_BUILD_TESTS)
+# Testing and fuzzing (OJPH_BUILD_TESTS)
 ################################################################################################
 
 if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME AND OJPH_BUILD_TESTS)
   enable_testing()
   add_subdirectory(tests)
-endif()
-
-################################################################################################
-# Fuzzing
-################################################################################################
-
-if(OJPH_BUILD_FUZZER)
-  if(NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang")
-    message(FATAL_ERROR "Fuzzing requires a Clang toolchain.")
-  endif()
-
-  message(STATUS "Building fuzzer target")
-
   add_subdirectory(fuzzing)
-endif()
+endif()

fuzzing/CMakeLists.txt

@@ -1,4 +1,8 @@
-link_libraries($ENV{LIB_FUZZING_ENGINE})
+if(DEFINED ENV{LIB_FUZZING_ENGINE})
+  link_libraries($ENV{LIB_FUZZING_ENGINE})
+else()
+  add_compile_definitions(OJPH_FUZZ_TARGET_MAIN)
+endif()
 
 add_executable(ojph_expand_fuzz_target fuzz_targets/ojph_expand_fuzz_target.cpp)
 target_link_libraries(ojph_expand_fuzz_target PRIVATE openjph)

fuzzing/fuzz_targets/ojph_expand_fuzz_target.cpp

@@ -33,9 +33,10 @@
 // Date: 17 February 2026
 //***************************************************************************/
 
-#include <unistd.h>
-#include <stdlib.h>
 #include <cstdint>
+#include <cstdio>
+#include <cstdlib>
+#include <vector>
 
 #include <ojph_arch.h>
 #include <ojph_file.h>
@@ -94,3 +95,27 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
   }
   return 0;
 }
+
+#ifdef OJPH_FUZZ_TARGET_MAIN
+int main(int argc, char **argv) {
+  if (argc != 2) {
+    return -1;
+  }
+  FILE *f = fopen(argv[1], "rb");
+  if (!f) { return -1; }
+  fseek(f, 0, SEEK_END);
+  long len = ftell(f);
+  if (len < 0) {
+    return -1;
+  }
+  rewind(f);
+  std::vector<uint8_t> buf(len);
+  size_t n = fread(buf.data(), 1, len, f);
+  if(n != static_cast<size_t>(len)) {
+    return -1;
+  }
+  fclose(f);
+  LLVMFuzzerTestOneInput(buf.data(), buf.size());
+  return 0;
+}
+#endif

src/core/codestream/ojph_codestream_local.cpp

@@ -548,7 +548,15 @@ namespace ojph {
                                    ui32 num_comments)
     {
       //finalize
-      siz.check_validity(cod);
+      siz.set_cod(cod);
+      // set the tile size if it was not set by the user
+      size tile_size = siz.get_tile_size();
+      if (tile_size.h == 0 && tile_size.w == 0)
+      {
+        point img_offset = siz.get_image_offset();
+        siz.set_tile_size(size(tile_size.w + img_offset.x, tile_size.h + img_offset.y));
+      }
+      siz.check_validity();
       cod.check_validity(siz);
       cod.update_atk(&atk);
       qcd.check_validity(siz, cod);

src/core/codestream/ojph_params.cpp

@@ -58,29 +58,25 @@ namespace ojph {
   ////////////////////////////////////////////////////////////////////////////
   void param_siz::set_image_extent(point dims)
   {
-    state->Xsiz = dims.x;
-    state->Ysiz = dims.y;
+    state->set_image_extent(dims);
   }
 
   ////////////////////////////////////////////////////////////////////////////
   void param_siz::set_tile_size(size s)
   {
-    state->XTsiz = s.w;
-    state->YTsiz = s.h;
+    state->set_tile_size(s);
   }
 
   ////////////////////////////////////////////////////////////////////////////
   void param_siz::set_image_offset(point offset)
-  { // WARNING need to check if these are valid
-    state->XOsiz = offset.x;
-    state->YOsiz = offset.y;
+  {
+    state->set_image_offset(offset);
   }
 
   ////////////////////////////////////////////////////////////////////////////
   void param_siz::set_tile_offset(point offset)
-  { // WARNING need to check if these are valid
-    state->XTOsiz = offset.x;
-    state->YTOsiz = offset.y;
+  {
+    state->set_tile_offset(offset);
   }
 
   ////////////////////////////////////////////////////////////////////////////
@@ -703,24 +699,24 @@ namespace ojph {
       if (file->read(&Ysiz, 4) != 4)
         OJPH_ERROR(0x00050046, "error reading SIZ marker");
       Ysiz = swap_byte(Ysiz);
-      if (file->read(&XOsiz, 4) != 4)
+      ui32 t_XOsiz, t_YOsiz;
+      if (file->read(&t_XOsiz, 4) != 4)
         OJPH_ERROR(0x00050047, "error reading SIZ marker");
-      XOsiz = swap_byte(XOsiz);
-      if (file->read(&YOsiz, 4) != 4)
+      if (file->read(&t_YOsiz, 4) != 4)
         OJPH_ERROR(0x00050048, "error reading SIZ marker");
-      YOsiz = swap_byte(YOsiz);
-      if (file->read(&XTsiz, 4) != 4)
+      set_image_offset(point(swap_byte(t_XOsiz), swap_byte(t_YOsiz)));
+      ui32 t_XTsiz, t_YTsiz;
+      if (file->read(&t_XTsiz, 4) != 4)
         OJPH_ERROR(0x00050049, "error reading SIZ marker");
-      XTsiz = swap_byte(XTsiz);
-      if (file->read(&YTsiz, 4) != 4)
+      if (file->read(&t_YTsiz, 4) != 4)
         OJPH_ERROR(0x0005004A, "error reading SIZ marker");
-      YTsiz = swap_byte(YTsiz);
-      if (file->read(&XTOsiz, 4) != 4)
+      set_tile_size(size(swap_byte(t_XTsiz), swap_byte(t_YTsiz)));
+      ui32 t_XTOsiz, t_YTOsiz;
+      if (file->read(&t_XTOsiz, 4) != 4)
         OJPH_ERROR(0x0005004B, "error reading SIZ marker");
-      XTOsiz = swap_byte(XTOsiz);
-      if (file->read(&YTOsiz, 4) != 4)
+      if (file->read(&t_YTOsiz, 4) != 4)
         OJPH_ERROR(0x0005004C, "error reading SIZ marker");
-      YTOsiz = swap_byte(YTOsiz);
+      set_tile_offset(point(swap_byte(t_XTOsiz), swap_byte(t_YTOsiz)));
       if (file->read(&Csiz, 2) != 2)
         OJPH_ERROR(0x0005004D, "error reading SIZ marker");
       Csiz = swap_byte(Csiz);
@@ -745,6 +741,8 @@ namespace ojph {
 
       ws_kern_support_needed = (Rsiz & 0x20) != 0;
       dfs_support_needed = (Rsiz & 0x80) != 0;
+
+      check_validity();
     }
 
     //////////////////////////////////////////////////////////////////////////

src/core/codestream/ojph_params_local.h

@@ -217,12 +217,47 @@ namespace ojph {
         cptr[comp_num].YRsiz = (ui8)downsampling.y;
       }
 
-      void check_validity(const param_cod& cod)
+      void set_image_extent(point dims)
+      {
+        Xsiz = dims.x;
+        Ysiz = dims.y;
+      }
+
+      void set_tile_size(size s)
+      {
+        XTsiz = s.w;
+        YTsiz = s.h;
+      }
+
+      size get_tile_size() const
+      {
+        return size(XTsiz, YTsiz);
+      }
+
+      void set_image_offset(point offset)
+      {
+        XOsiz = offset.x;
+        YOsiz = offset.y;
+      }
+
+      point get_image_offset() const
+      {
+        return point(XOsiz, YOsiz);
+      }
+
+      void set_tile_offset(point offset)
+      {
+        XTOsiz = offset.x;
+        YTOsiz = offset.y;
+      }
+
+      void set_cod(const param_cod& cod)
       {
         this->cod = &cod;
+      }
 
-        if (XTsiz == 0 && YTsiz == 0)
-        { XTsiz = Xsiz + XOsiz; YTsiz = Ysiz + YOsiz; }
+      void check_validity()
+      {
         if (Xsiz == 0 || Ysiz == 0 || XTsiz == 0 || YTsiz == 0)
           OJPH_ERROR(0x00040001,
             "You cannot set image extent nor tile size to zero");