Even Rouault
024b840739
opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX ( fixes #1228 )
2020-01-11 01:51:58 +01:00
Even Rouault
ac3737372a
Merge pull request #1217 from rouault/fix_ossfuzz_18979
...
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
2019-11-17 13:08:41 +01:00
Robert Ancell
9701b3305d
JPWL: convert: Fix buffer overflow reading an image file less than four characters ( #1196 )
...
Fixes #1068
2019-11-17 03:09:59 +01:00
Even Rouault
cb332992a7
Merge pull request #1218 from rouault/fix_broken_abi_check
...
abi-check.sh: fix false postive ABI error, and display output error log
2019-11-17 02:47:26 +01:00
Even Rouault
016f80ae21
abi-check.sh: fix false postive ABI error, and display output error log
...
There is currently a false positive ABI check failure between v2.3.1
and current. It disappears when removing the generated reports of v2.3.1
and recreating them. It is likely that some tooling has evolved since
the initial v2.3.1 report generation.
2019-11-17 02:26:54 +01:00
Even Rouault
4cb1f66304
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
2019-11-17 01:18:26 +01:00
Even Rouault
5875a6b446
opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151 )
2019-10-03 11:04:30 +02:00
Even Rouault
e66125fe26
Merge pull request #1164 from sebras/master
...
openjp2/j2k: Report error if all wanted components are not decoded.
2019-09-03 17:03:54 +02:00
Even Rouault
8db9d25dcf
opj_decompress_fuzzer: remove checks regarding input dimensions ( fixes #1079 )
2019-06-15 09:55:16 +02:00
Even Rouault
f4d6578359
test_decode_area.c: assign tdy to *ptileh instead of *ptilew ( fixes #1195 )
2019-05-26 11:06:30 +02:00
Even Rouault
9b7620ee7a
Merge pull request #1185 from Young-X/fix
...
Fix several potential vulnerabilities
2019-04-26 19:52:52 +02:00
Even Rouault
4f447c6e18
Merge pull request #1192 from rouault/poc_fixes
...
compression: emit POC marker when only one single POC is requested (f…
2019-04-25 15:32:22 +02:00
Even Rouault
a94cfbd533
Change opj_j2k_check_poc_val() to take into account tile number
2019-04-25 15:06:45 +02:00
Even Rouault
bdec5ae272
Add test for previous commit
2019-04-25 14:40:56 +02:00
Even Rouault
6423163141
Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
2019-04-25 14:40:56 +02:00
Even Rouault
b86717fdd3
Add test for previous commit
2019-04-25 14:40:56 +02:00
Even Rouault
23883458b9
opj_j2k_check_poc_val(): prevent potential write outside of allocated array
2019-04-25 14:40:56 +02:00
Even Rouault
6589c609f6
opj_j2k_check_poc_val(): fix starting index for checking layer dimension
...
The standard mandates that the layer index always starts at zero for every
progression.
2019-04-25 14:40:55 +02:00
Even Rouault
1e3a57563d
compression: emit POC marker when only one single POC is requested ( fixes #1191 )
2019-04-25 14:40:55 +02:00
Even Rouault
5dd75f62e2
j2k.c: use correct naming convention for total_data_size variable
2019-04-23 16:52:21 +02:00
Young Xiao
3aef207f90
bmp_read_rle4_data(): avoid potential infinite loop
2019-04-15 16:10:18 +08:00
Young Xiao
21399f6b7d
convertbmp: detect invalid file dimensions early
...
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
See commit 8ee335227b
for details.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
2019-04-15 16:10:18 +08:00
Antonin Descampe
d0dd894ae2
Comment back opj_previous_version in abi_check.sh
2019-04-02 15:37:38 +02:00
Antonin Descampe
291e45bb04
Update version number for automatic abi check
2019-04-02 15:12:59 +02:00
Antonin Descampe
5709632545
update token for appveyor auto release
2019-04-02 14:45:15 +02:00
Antonin Descampe
8b9a89bc2e
update token for automatic release
2019-04-02 14:25:09 +02:00
Antonin Descampe
d1d422c126
Update for release 2.3.1
2019-04-02 12:08:52 +02:00
Antonin Descampe
d3b0b8927a
Update for release 2.3.1
2019-04-02 11:03:16 +02:00
Antonin Descampe
c7798bb0c6
update for release 2.3.1
2019-04-02 11:02:20 +02:00
Antonin Descampe
8196ab531e
Update BUILD version for release 2.3.1
2019-04-02 11:00:58 +02:00
Even Rouault
69a7a312dc
Merge pull request #1188 from rouault/fix_abi_check
...
abi-check.sh: fix broken download URL
2019-03-29 12:25:39 +01:00
Even Rouault
5151426d6e
abi-check.sh: fix broken download URL
2019-03-29 11:53:23 +01:00
Even Rouault
d6b8aed561
Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
...
opj_t1_encode_cblks: fix UBSAN signed integer overflow
2019-03-29 11:52:38 +01:00
Even Rouault
a1d32a596a
opj_t1_encode_cblks: fix UBSAN signed integer overflow
...
Fixes #1053 / CVE-2018-5727
Note: I don't consider this issue to be a security vulnerability, in
practice.
At least with gcc or clang compilers on x86_64 which generate the same
assembly code with or without that fix.
2019-03-29 11:17:39 +01:00
Even Rouault
25b815dc46
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
...
This reverts commit 05be308446
.
This commit doesn't compile due to missing OPJ_UINT64 type
2019-03-29 10:44:35 +01:00
Even Rouault
e1740e7ce7
Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
...
This reverts commit c277159986
.
The commit didn't compile. include_size is not defined in openmj2
2019-03-29 10:40:58 +01:00
Sebastian Rasmussen
b2751967ec
openjp2/j2k: Report error if all wanted components are not decoded.
...
Previously the caller had to check whether each component data had
been decoded. This means duplicating the checking in every user of
openjpeg which is unnecessary. If the caller wantes to decode all
or a set of, or a specific component then openjpeg ought to error
out if it was unable to do so.
Fixes #1158 .
2019-02-21 16:48:02 +08:00
Even Rouault
51f097e6d5
Merge pull request #1172 from hlef/master
...
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
2018-12-21 16:41:00 +01:00
Hugo Lefeuvre
8ee335227b
convertbmp: detect invalid file dimensions early
...
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
Fixes #1059 (CVE-2018-6616).
2018-12-14 05:10:35 +01:00
Even Rouault
e7640f58f1
Merge pull request #1168 from Young-X/fix_dev
...
Fix multiple potential vulnerabilities and bugs
2018-12-07 21:27:38 +01:00
Young Xiao
05be308446
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
...
and fixes unaligned load
Signed-off-by: Young Xiao <YangX92@hotmail.com>
2018-11-28 14:44:06 +08:00
Young_X
bd88611ed9
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:15 +08:00
Young_X
ce9583d1d7
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
Young_X
c58df14990
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
...
opj_get_encoding_parameters
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
Young_X
c277159986
[MJ2] Avoid index out of bounds access to pi->include[]
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
Even Rouault
e0f5212888
Merge pull request #1170 from rouault/fix_color_apply_icc_profile
...
color_apply_icc_profile: avoid potential heap buffer overflow
2018-11-28 00:04:30 +01:00
Even Rouault
2e5ab1d998
color_apply_icc_profile: avoid potential heap buffer overflow
...
Derived from a patch by Thuan Pham
2018-11-27 23:31:30 +01:00
Young_X
46822d0edd
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 ( #987 )
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 17:08:57 +08:00
Young_X
619e1b086e
[JPWL] fix CVE-2018-16375
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 17:08:56 +08:00
Young_X
c5bd64ea14
[MJ2] To avoid divisions by zero / undefined behaviour on shift
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 14:47:36 +08:00