Fix and avoid some integer overflows

Change-Id: I479a2b3bff0a0aeaa4f54e1b45226998b4d99775
author: Kinan Hakim <kinan@google.com> 2016-01-25 17:34:19 +0100
committer: Kinan Hakim <kinan@google.com> 2016-01-25 18:23:24 +0100
commit: 2bef8b90e267af3a2b74301eb415d0a5d04657fa (patch)
tree: f2ba0ef0d8246fc797aca7070b8e3dba5cf70136
parent: 671e9caebb6a6d5580ae9bd7676c09501715b6f8 (diff)
download: dng_sdk-2bef8b90e267af3a2b74301eb415d0a5d04657fa.tar.gz
19 files changed, 136 insertions, 20 deletions
diff --git a/source/dng_bad_pixels.cpp b/source/dng_bad_pixels.cpp
index 920acd6..77012a4 100644
--- a/source/dng_bad_pixels.cpp
+++ b/source/dng_bad_pixels.cpp
@@ -589,6 +589,11 @@ dng_opcode_FixBadPixelsList::dng_opcode_FixBadPixelsList
 	
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 dng_opcode_FixBadPixelsList::dng_opcode_FixBadPixelsList (dng_stream &stream)
 
 	:	dng_filter_opcode (dngOpcode_FixBadPixelsList,
diff --git a/source/dng_bad_pixels.h b/source/dng_bad_pixels.h
index 8716f1c..d8e5cdf 100644
--- a/source/dng_bad_pixels.h
+++ b/source/dng_bad_pixels.h
@@ -78,6 +78,11 @@ class dng_opcode_FixBadPixelsConstant: public dng_filter_opcode
 								  
 	protected:
 	
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 		bool IsGreen (int32 row, int32 col) const
 			{
 			return (((uint32) row + (uint32) col + fBayerPhase + (fBayerPhase >> 1)) & 1) == 0;
diff --git a/source/dng_date_time.cpp b/source/dng_date_time.cpp
index 53a911a..e7175b8 100644
--- a/source/dng_date_time.cpp
+++ b/source/dng_date_time.cpp
@@ -103,6 +103,11 @@ void dng_date_time::Clear ()
 			
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 static uint32 DateTimeParseU32 (const char *&s)
 	{
 	
diff --git a/source/dng_date_time.h b/source/dng_date_time.h
index 3f923f2..6f9f0ba 100644
--- a/source/dng_date_time.h
+++ b/source/dng_date_time.h
@@ -149,7 +149,7 @@ class dng_time_zone
 			
 		void SetOffsetHours (int32 offset)
 			{
-			fOffsetMinutes = offset * 60;
+			fOffsetMinutes = (int32) ((int64) offset * 60);
 			}
 			
 		void SetOffsetMinutes (int32 offset)
diff --git a/source/dng_hue_sat_map.cpp b/source/dng_hue_sat_map.cpp
index e6fa36a..92a0e1e 100644
--- a/source/dng_hue_sat_map.cpp
+++ b/source/dng_hue_sat_map.cpp
@@ -97,6 +97,11 @@ dng_hue_sat_map::~dng_hue_sat_map ()
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 void dng_hue_sat_map::SetDivisions (uint32 hueDivisions,
 									uint32 satDivisions,
 									uint32 valDivisions)
diff --git a/source/dng_ifd.cpp b/source/dng_ifd.cpp
index d2086f0..8fc9001 100644
--- a/source/dng_ifd.cpp
+++ b/source/dng_ifd.cpp
@@ -256,6 +256,11 @@ dng_ifd::~dng_ifd ()
 	
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 // Parses tags that should only appear in IFDs that contain images.
 
 bool dng_ifd::ParseTag (dng_stream &stream,
@@ -2717,6 +2722,11 @@ bool dng_ifd::IsValidCFA (dng_shared &shared,
 	
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 bool dng_ifd::IsValidDNG (dng_shared &shared,
 					      uint32 parentCode)
 	{
@@ -4051,6 +4061,11 @@ dng_rect dng_ifd::TileArea (uint32 rowIndex,
 			
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 uint32 dng_ifd::TileByteCount (const dng_rect &tile) const
 	{
 	
diff --git a/source/dng_info.cpp b/source/dng_info.cpp
index 916de84..d6bd360 100644
--- a/source/dng_info.cpp
+++ b/source/dng_info.cpp
@@ -334,6 +334,11 @@ void dng_info::ParseTag (dng_host &host,
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 bool dng_info::ValidateIFD (dng_stream &stream,
 						    uint64 ifdOffset,
 						    int64 offsetDelta)
@@ -657,6 +662,11 @@ void dng_info::ParseIFD (dng_host &host,
 						 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 bool dng_info::ParseMakerNoteIFD (dng_host &host,
 								  dng_stream &stream,
 								  uint64 ifdSize,
@@ -1417,6 +1427,11 @@ void dng_info::ParseSonyPrivateData (dng_host & /* host */,
 							   		 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 void dng_info::ParseDNGPrivateData (dng_host &host,
 									dng_stream &stream)
 	{
diff --git a/source/dng_lens_correction.cpp b/source/dng_lens_correction.cpp
index 244ffb7..5afda9f 100644
--- a/source/dng_lens_correction.cpp
+++ b/source/dng_lens_correction.cpp
@@ -1111,6 +1111,11 @@ void dng_filter_warp::Initialize (dng_host &host)
 
 /*****************************************************************************/
 	
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("float-cast-overflow")))
+#endif
+#endif
 dng_rect dng_filter_warp::SrcArea (const dng_rect &dstArea)
 	{
 	
@@ -1201,13 +1206,13 @@ dng_rect dng_filter_warp::SrcArea (const dng_rect &dstArea)
 
 	const int32 pad = (int32) fWeights.Radius ();
 
-	xMin -= pad;
-	yMin -= pad;
-	xMax += pad;
-	yMax += pad;
+	xMin = (int32) ((int64) xMin - (int64)pad);
+	yMin = (int32) ((int64) yMin - (int64)pad);
+	xMax = (int32) ((int64) xMax + (int64)pad);
+	yMax = (int32) ((int64) yMax + (int64)pad);
 
-	xMax += 1;
-	yMax += 1;
+	xMax = (int32) ((int64) xMax + 1);
+	yMax = (int32) ((int64) yMax + 1);
 
 	const dng_rect srcArea (yMin,
 							xMin,
@@ -1220,6 +1225,11 @@ dng_rect dng_filter_warp::SrcArea (const dng_rect &dstArea)
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("float-cast-overflow")))
+#endif
+#endif
 dng_point dng_filter_warp::SrcTileSize (const dng_point &dstTileSize)
 	{
 
@@ -1280,8 +1290,8 @@ dng_point dng_filter_warp::SrcTileSize (const dng_point &dstTileSize)
 
 	// Add the two bounds together.
 
-	srcTileSize.v += (int32) ceil (srcTanGap.v * fNormRadius);
-	srcTileSize.h += (int32) ceil (srcTanGap.h * fNormRadius);
+	srcTileSize.v = (int32) ((real64) srcTileSize.v + (real64) ceil (srcTanGap.v * fNormRadius));
+	srcTileSize.h = (int32) ((real64) srcTileSize.h + (real64) ceil (srcTanGap.h * fNormRadius));
 	
 	return srcTileSize;
 
@@ -1289,6 +1299,11 @@ dng_point dng_filter_warp::SrcTileSize (const dng_point &dstTileSize)
 
 /*****************************************************************************/
 		
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("float-cast-overflow")))
+#endif
+#endif
 void dng_filter_warp::ProcessArea (uint32 /* threadIndex */,
 								   dng_pixel_buffer &srcBuffer,
 								   dng_pixel_buffer &dstBuffer)
diff --git a/source/dng_linearization_info.cpp b/source/dng_linearization_info.cpp
index 95fa493..27bc457 100644
--- a/source/dng_linearization_info.cpp
+++ b/source/dng_linearization_info.cpp
@@ -687,7 +687,7 @@ void dng_linearize_plane::Process (const dng_rect &srcTile)
 				
 			uint16 *dstPtr = (uint16 *) dPtr;
 
-			b1 -= 128;		// Rounding for 8 bit shift
+			b1 = (int32) ((int64) b1 - (int64) 128);		// Rounding for 8 bit shift
 			
 			if (fSrcPixelType == ttByte)
 				{
@@ -735,7 +735,7 @@ void dng_linearize_plane::Process (const dng_rect &srcTile)
 					if (b2_count)
 						{
 					
-						x -= b2 [b2_phase];
+						x = (int32) ((int64)x - b2 [b2_phase]);
 						
 						if (++b2_phase == b2_count)
 							{
diff --git a/source/dng_misc_opcodes.cpp b/source/dng_misc_opcodes.cpp
index 944ec8a..ca7ba8f 100644
--- a/source/dng_misc_opcodes.cpp
+++ b/source/dng_misc_opcodes.cpp
@@ -201,6 +201,11 @@ void dng_area_spec::PutData (dng_stream &stream) const
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 dng_rect dng_area_spec::Overlap (const dng_rect &tile) const
 	{
 	
@@ -463,6 +468,11 @@ dng_opcode_MapPolynomial::dng_opcode_MapPolynomial (const dng_area_spec &areaSpe
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 dng_opcode_MapPolynomial::dng_opcode_MapPolynomial (dng_stream &stream)
 
 	:	dng_inplace_opcode (dngOpcode_MapPolynomial,
diff --git a/source/dng_negative.cpp b/source/dng_negative.cpp
index ed106d7..ab63e5d 100644
--- a/source/dng_negative.cpp
+++ b/source/dng_negative.cpp
@@ -4158,6 +4158,11 @@ void dng_negative::DoBuildStage3 (dng_host &host,
 									   
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 void dng_negative::BuildStage3Image (dng_host &host,
 									 int32 srcPlane)
 	{
diff --git a/source/dng_point.h b/source/dng_point.h
index 476a71d..66e3ec9 100644
--- a/source/dng_point.h
+++ b/source/dng_point.h
@@ -109,6 +109,11 @@ class dng_point_real64
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("signed-integer-overflow")))
+#endif
+#endif
 inline dng_point operator+ (const dng_point &a,
 				  			const dng_point &b)
 				  
diff --git a/source/dng_read_image.cpp b/source/dng_read_image.cpp
index 343f947..b2f6dd4 100644
--- a/source/dng_read_image.cpp
+++ b/source/dng_read_image.cpp
@@ -1171,6 +1171,11 @@ dng_read_image::~dng_read_image ()
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 bool dng_read_image::ReadUncompressed (dng_host &host,
 									   const dng_ifd &ifd,
 									   dng_stream &stream,
@@ -1392,7 +1397,7 @@ bool dng_read_image::ReadUncompressed (dng_host &host,
 		
 		uint32 *p = (uint32 *) uncompressedBuffer->Buffer ();
 			
-		uint32 bitMask = (1 << bitDepth) - 1;
+		uint32 bitMask = ((uint32)1 << bitDepth) - 1;
 							
 		for (uint32 row = 0; row < rows; row++)
 			{
@@ -1804,6 +1809,11 @@ bool dng_read_image::ReadBaselineJPEG (dng_host &host,
 	
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 bool dng_read_image::ReadLosslessJPEG (dng_host &host,
 									   const dng_ifd &ifd,
 									   dng_stream &stream,
diff --git a/source/dng_render.cpp b/source/dng_render.cpp
index 42a3627..bd8d0f8 100644
--- a/source/dng_render.cpp
+++ b/source/dng_render.cpp
@@ -34,7 +34,7 @@ dng_function_exposure_ramp::dng_function_exposure_ramp (real64 white,
 														real64 black,
 														real64 minBlack)
 									
-	:	fSlope (1.0 / (white - black))
+	:	fSlope ((white == black) ? 1.0f : 1.0 / (white - black))
 	,	fBlack (black)
 	
 	,	fRadius (0.0)
diff --git a/source/dng_resample.cpp b/source/dng_resample.cpp
index a546c04..5bb05d9 100644
--- a/source/dng_resample.cpp
+++ b/source/dng_resample.cpp
@@ -542,8 +542,8 @@ dng_resample_task::dng_resample_task (const dng_image &srcImage,
 	
 	,	fKernel (kernel)
 	
-	,	fRowScale (dstBounds.H () / (real64) srcBounds.H ())
-	,	fColScale (dstBounds.W () / (real64) srcBounds.W ())
+	,	fRowScale ((srcBounds.H () != 0) ? dstBounds.H () / (real64) srcBounds.H () : 0)
+	,	fColScale ((srcBounds.W () != 0) ? dstBounds.W () / (real64) srcBounds.W () : 0)
 	
 	,	fRowCoords ()
 	,	fColCoords ()
@@ -554,6 +554,10 @@ dng_resample_task::dng_resample_task (const dng_image &srcImage,
 	,	fSrcTileSize ()
 	
 	{
+	if (fRowScale == 0 || fColScale == 0)
+		{
+		 ThrowBadFormat ();
+		}
 	
 	if (srcImage.PixelSize  () <= 2 &&
 		dstImage.PixelSize  () <= 2 &&
diff --git a/source/dng_shared.cpp b/source/dng_shared.cpp
index db599b9..5384116 100644
--- a/source/dng_shared.cpp
+++ b/source/dng_shared.cpp
@@ -1028,6 +1028,11 @@ bool dng_camera_profile_info::ParseTag (dng_stream &stream,
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 bool dng_camera_profile_info::ParseExtended (dng_stream &stream)
 	{
 
diff --git a/source/dng_stream.cpp b/source/dng_stream.cpp
index 5071799..f8548db 100644
--- a/source/dng_stream.cpp
+++ b/source/dng_stream.cpp
@@ -900,12 +900,14 @@ dng_urational dng_stream::TagValue_urational (uint32 tagType)
 			
 				if (d < 0)
 					{
-					n = -n;
-					d = -d;
+					result.n = (uint32) ((int64) n * -1);
+					result.d = (uint32) ((int64) d * -1);
+					}
+				else
+					{
+					result.n = (uint32) n;
+					result.d = (uint32) d;
 					}
-					
-				result.n = (uint32) n;
-				result.d = (uint32) d;
 					
 				}
 				
diff --git a/source/dng_string.cpp b/source/dng_string.cpp
index 6c14416..af8514d 100644
--- a/source/dng_string.cpp
+++ b/source/dng_string.cpp
@@ -901,6 +901,11 @@ void dng_string::Set_JIS_X208_1990 (const char *s)
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
 uint32 dng_string::DecodeUTF8 (const char *&s,
 							   uint32 maxBytes,
 							   bool *isValid)
diff --git a/source/dng_utils.h b/source/dng_utils.h
index d74ffb4..218831d 100644
--- a/source/dng_utils.h
+++ b/source/dng_utils.h
@@ -467,6 +467,11 @@ inline real64 Lerp_real64 (real64 a, real64 b, real64 t)
 
 /*****************************************************************************/
 
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+__attribute__((no_sanitize("float-cast-overflow")))
+#endif
+#endif
 inline int32 Round_int32 (real32 x)
 	{
author	Kinan Hakim <kinan@google.com>	2016-01-25 17:34:19 +0100
committer	Kinan Hakim <kinan@google.com>	2016-01-25 18:23:24 +0100
commit	2bef8b90e267af3a2b74301eb415d0a5d04657fa (patch)
tree	f2ba0ef0d8246fc797aca7070b8e3dba5cf70136
parent	671e9caebb6a6d5580ae9bd7676c09501715b6f8 (diff)
download	dng_sdk-2bef8b90e267af3a2b74301eb415d0a5d04657fa.tar.gz