6c1225989a
Update j2k.c
2019-11-18 07:16:29 +11:00
64fa86061c
Update t2.c
2019-11-18 00:27:29 +11:00
4f36758ba6
Update j2k.c
2019-11-18 00:17:26 +11:00
25552ac45b
Update j2k.c
2019-11-18 00:15:37 +11:00
ac3737372a
Merge pull request #1217 from rouault/fix_ossfuzz_18979
...
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets()
2019-11-17 13:08:41 +01:00
9701b3305d
JPWL: convert: Fix buffer overflow reading an image file less than four characters ( #1196 )
...
Fixes #1068
2019-11-17 03:09:59 +01:00
cb332992a7
Merge pull request #1218 from rouault/fix_broken_abi_check
...
abi-check.sh: fix false postive ABI error, and display output error log
2019-11-17 02:47:26 +01:00
016f80ae21
abi-check.sh: fix false postive ABI error, and display output error log
...
There is currently a false positive ABI check failure between v2.3.1
and current. It disappears when removing the generated reports of v2.3.1
and recreating them. It is likely that some tooling has evolved since
the initial v2.3.1 report generation.
2019-11-17 02:26:54 +01:00
4cb1f66304
pi.c: avoid integer overflow, resulting in later invalid access to memory in opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
2019-11-17 01:18:26 +01:00
5875a6b446
opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_real(): proper deal with a number of samples larger than 4 billion (refs #1151 )
2019-10-03 11:04:30 +02:00
e66125fe26
Merge pull request #1164 from sebras/master
...
openjp2/j2k: Report error if all wanted components are not decoded.
2019-09-03 17:03:54 +02:00
8db9d25dcf
opj_decompress_fuzzer: remove checks regarding input dimensions ( fixes #1079 )
2019-06-15 09:55:16 +02:00
f4d6578359
test_decode_area.c: assign tdy to *ptileh instead of *ptilew ( fixes #1195 )
2019-05-26 11:06:30 +02:00
9b7620ee7a
Merge pull request #1185 from Young-X/fix
...
Fix several potential vulnerabilities
2019-04-26 19:52:52 +02:00
4f447c6e18
Merge pull request #1192 from rouault/poc_fixes
...
compression: emit POC marker when only one single POC is requested (f…
2019-04-25 15:32:22 +02:00
a94cfbd533
Change opj_j2k_check_poc_val() to take into account tile number
2019-04-25 15:06:45 +02:00
bdec5ae272
Add test for previous commit
2019-04-25 14:40:56 +02:00
6423163141
Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
2019-04-25 14:40:56 +02:00
b86717fdd3
Add test for previous commit
2019-04-25 14:40:56 +02:00
23883458b9
opj_j2k_check_poc_val(): prevent potential write outside of allocated array
2019-04-25 14:40:56 +02:00
6589c609f6
opj_j2k_check_poc_val(): fix starting index for checking layer dimension
...
The standard mandates that the layer index always starts at zero for every
progression.
2019-04-25 14:40:55 +02:00
1e3a57563d
compression: emit POC marker when only one single POC is requested ( fixes #1191 )
2019-04-25 14:40:55 +02:00
5dd75f62e2
j2k.c: use correct naming convention for total_data_size variable
2019-04-23 16:52:21 +02:00
3aef207f90
bmp_read_rle4_data(): avoid potential infinite loop
2019-04-15 16:10:18 +08:00
21399f6b7d
convertbmp: detect invalid file dimensions early
...
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
See commit 8ee335227b
2019-04-15 16:10:18 +08:00
d0dd894ae2
Comment back opj_previous_version in abi_check.sh
2019-04-02 15:37:38 +02:00
291e45bb04
Update version number for automatic abi check
2019-04-02 15:12:59 +02:00
5709632545
update token for appveyor auto release
2019-04-02 14:45:15 +02:00
8b9a89bc2e
update token for automatic release
2019-04-02 14:25:09 +02:00
d1d422c126
Update for release 2.3.1
2019-04-02 12:08:52 +02:00
d3b0b8927a
Update for release 2.3.1
2019-04-02 11:03:16 +02:00
c7798bb0c6
update for release 2.3.1
2019-04-02 11:02:20 +02:00
8196ab531e
Update BUILD version for release 2.3.1
2019-04-02 11:00:58 +02:00
69a7a312dc
Merge pull request #1188 from rouault/fix_abi_check
...
abi-check.sh: fix broken download URL
2019-03-29 12:25:39 +01:00
5151426d6e
abi-check.sh: fix broken download URL
2019-03-29 11:53:23 +01:00
d6b8aed561
Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
...
opj_t1_encode_cblks: fix UBSAN signed integer overflow
2019-03-29 11:52:38 +01:00
a1d32a596a
opj_t1_encode_cblks: fix UBSAN signed integer overflow
...
Fixes #1053 / CVE-2018-5727
Note: I don't consider this issue to be a security vulnerability, in
practice.
At least with gcc or clang compilers on x86_64 which generate the same
assembly code with or without that fix.
2019-03-29 11:17:39 +01:00
25b815dc46
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
...
This reverts commit 05be308446
2019-03-29 10:44:35 +01:00
e1740e7ce7
Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
...
This reverts commit c277159986
2019-03-29 10:40:58 +01:00
b2751967ec
openjp2/j2k: Report error if all wanted components are not decoded.
...
Previously the caller had to check whether each component data had
been decoded. This means duplicating the checking in every user of
openjpeg which is unnecessary. If the caller wantes to decode all
or a set of, or a specific component then openjpeg ought to error
out if it was unable to do so.
Fixes #1158 .
2019-02-21 16:48:02 +08:00
51f097e6d5
Merge pull request #1172 from hlef/master
...
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
2018-12-21 16:41:00 +01:00
8ee335227b
convertbmp: detect invalid file dimensions early
...
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
Fixes #1059 (CVE-2018-6616).
2018-12-14 05:10:35 +01:00
e7640f58f1
Merge pull request #1168 from Young-X/fix_dev
...
Fix multiple potential vulnerabilities and bugs
2018-12-07 21:27:38 +01:00
05be308446
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
...
and fixes unaligned load
Signed-off-by: Young Xiao <YangX92@hotmail.com>
2018-11-28 14:44:06 +08:00
bd88611ed9
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:15 +08:00
ce9583d1d7
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
c58df14990
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
...
opj_get_encoding_parameters
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
c277159986
[MJ2] Avoid index out of bounds access to pi->include[]
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
e0f5212888
Merge pull request #1170 from rouault/fix_color_apply_icc_profile
...
color_apply_icc_profile: avoid potential heap buffer overflow
2018-11-28 00:04:30 +01:00
2e5ab1d998
color_apply_icc_profile: avoid potential heap buffer overflow
...
Derived from a patch by Thuan Pham
2018-11-27 23:31:30 +01:00
Jarrel Seah
Even Rouault
Robert Ancell
Young Xiao
Antonin Descampe
Antonin Descampe
Even Rouault
Sebastian Rasmussen
Hugo Lefeuvre