Even Rouault
8db9d25dcf
opj_decompress_fuzzer: remove checks regarding input dimensions ( fixes #1079 )
2019-06-15 09:55:16 +02:00
Even Rouault
f4d6578359
test_decode_area.c: assign tdy to *ptileh instead of *ptilew ( fixes #1195 )
2019-05-26 11:06:30 +02:00
Even Rouault
9b7620ee7a
Merge pull request #1185 from Young-X/fix
...
Fix several potential vulnerabilities
2019-04-26 19:52:52 +02:00
Even Rouault
4f447c6e18
Merge pull request #1192 from rouault/poc_fixes
...
compression: emit POC marker when only one single POC is requested (f…
2019-04-25 15:32:22 +02:00
Even Rouault
a94cfbd533
Change opj_j2k_check_poc_val() to take into account tile number
2019-04-25 15:06:45 +02:00
Even Rouault
bdec5ae272
Add test for previous commit
2019-04-25 14:40:56 +02:00
Even Rouault
6423163141
Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has no POC settings
2019-04-25 14:40:56 +02:00
Even Rouault
b86717fdd3
Add test for previous commit
2019-04-25 14:40:56 +02:00
Even Rouault
23883458b9
opj_j2k_check_poc_val(): prevent potential write outside of allocated array
2019-04-25 14:40:56 +02:00
Even Rouault
6589c609f6
opj_j2k_check_poc_val(): fix starting index for checking layer dimension
...
The standard mandates that the layer index always starts at zero for every
progression.
2019-04-25 14:40:55 +02:00
Even Rouault
1e3a57563d
compression: emit POC marker when only one single POC is requested ( fixes #1191 )
2019-04-25 14:40:55 +02:00
Even Rouault
5dd75f62e2
j2k.c: use correct naming convention for total_data_size variable
2019-04-23 16:52:21 +02:00
Young Xiao
3aef207f90
bmp_read_rle4_data(): avoid potential infinite loop
2019-04-15 16:10:18 +08:00
Young Xiao
21399f6b7d
convertbmp: detect invalid file dimensions early
...
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
See commit 8ee335227b
for details.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
2019-04-15 16:10:18 +08:00
Antonin Descampe
d0dd894ae2
Comment back opj_previous_version in abi_check.sh
2019-04-02 15:37:38 +02:00
Antonin Descampe
291e45bb04
Update version number for automatic abi check
2019-04-02 15:12:59 +02:00
Antonin Descampe
5709632545
update token for appveyor auto release
2019-04-02 14:45:15 +02:00
Antonin Descampe
8b9a89bc2e
update token for automatic release
2019-04-02 14:25:09 +02:00
Antonin Descampe
d1d422c126
Update for release 2.3.1
2019-04-02 12:08:52 +02:00
Antonin Descampe
d3b0b8927a
Update for release 2.3.1
2019-04-02 11:03:16 +02:00
Antonin Descampe
c7798bb0c6
update for release 2.3.1
2019-04-02 11:02:20 +02:00
Antonin Descampe
8196ab531e
Update BUILD version for release 2.3.1
2019-04-02 11:00:58 +02:00
Even Rouault
69a7a312dc
Merge pull request #1188 from rouault/fix_abi_check
...
abi-check.sh: fix broken download URL
2019-03-29 12:25:39 +01:00
Even Rouault
5151426d6e
abi-check.sh: fix broken download URL
2019-03-29 11:53:23 +01:00
Even Rouault
d6b8aed561
Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
...
opj_t1_encode_cblks: fix UBSAN signed integer overflow
2019-03-29 11:52:38 +01:00
Even Rouault
a1d32a596a
opj_t1_encode_cblks: fix UBSAN signed integer overflow
...
Fixes #1053 / CVE-2018-5727
Note: I don't consider this issue to be a security vulnerability, in
practice.
At least with gcc or clang compilers on x86_64 which generate the same
assembly code with or without that fix.
2019-03-29 11:17:39 +01:00
Even Rouault
25b815dc46
Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
...
This reverts commit 05be308446
.
This commit doesn't compile due to missing OPJ_UINT64 type
2019-03-29 10:44:35 +01:00
Even Rouault
e1740e7ce7
Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
...
This reverts commit c277159986
.
The commit didn't compile. include_size is not defined in openmj2
2019-03-29 10:40:58 +01:00
Even Rouault
51f097e6d5
Merge pull request #1172 from hlef/master
...
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
2018-12-21 16:41:00 +01:00
Hugo Lefeuvre
8ee335227b
convertbmp: detect invalid file dimensions early
...
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
Fixes #1059 (CVE-2018-6616).
2018-12-14 05:10:35 +01:00
Even Rouault
e7640f58f1
Merge pull request #1168 from Young-X/fix_dev
...
Fix multiple potential vulnerabilities and bugs
2018-12-07 21:27:38 +01:00
Young Xiao
05be308446
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
...
and fixes unaligned load
Signed-off-by: Young Xiao <YangX92@hotmail.com>
2018-11-28 14:44:06 +08:00
Young_X
bd88611ed9
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:15 +08:00
Young_X
ce9583d1d7
[JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
Young_X
c58df14990
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
...
opj_get_encoding_parameters
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
Young_X
c277159986
[MJ2] Avoid index out of bounds access to pi->include[]
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 14:39:14 +08:00
Even Rouault
e0f5212888
Merge pull request #1170 from rouault/fix_color_apply_icc_profile
...
color_apply_icc_profile: avoid potential heap buffer overflow
2018-11-28 00:04:30 +01:00
Even Rouault
2e5ab1d998
color_apply_icc_profile: avoid potential heap buffer overflow
...
Derived from a patch by Thuan Pham
2018-11-27 23:31:30 +01:00
Young_X
46822d0edd
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 ( #987 )
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 17:08:57 +08:00
Young_X
619e1b086e
[JPWL] fix CVE-2018-16375
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 17:08:56 +08:00
Young_X
c5bd64ea14
[MJ2] To avoid divisions by zero / undefined behaviour on shift
...
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 14:47:36 +08:00
Even Rouault
92023cd6c3
Merge pull request #1160 from hlef/master
...
jp3d/jpwl convert: fix write stack buffer overflow
2018-11-16 09:42:19 +01:00
ichlubna
c196b23b90
openjp3d: Int overflow fixed ( #1159 )
...
When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
2018-11-16 09:40:31 +01:00
Hugo Lefeuvre
cab352e249
jp2: convert: fix null pointer dereference
...
Tile components in a JP2 image might have null data pointer by defining a
zero component size (for example using large horizontal or vertical
sampling periods). This null data pointer leads to null image component
data pointer, causing crash when dereferenced without != null check in
imagetopnm.
Add != null check.
This commit addresses #1152 (CVE-2018-18088).
2018-11-07 18:53:18 +01:00
Hugo Lefeuvre
0bc90e4062
jp3d/jpwl convert: fix write stack buffer overflow
...
Missing buffer length formatter in fscanf call might lead to write
stack buffer overflow.
fixes #1044 (CVE-2017-17480)
2018-11-01 09:05:26 +01:00
Stefan Weil
948332e6ed
Fix some potential overflow issues ( #1161 )
...
* Fix some potential overflow issues
Put sizeof to the beginning of the multiplication to enforce that
size_t instead of smaller integer types is used for the calculation.
This fixes warnings from LGTM:
Multiplication result may overflow 'unsigned int'
before it is converted to 'unsigned long'.
It also allows removing some type casts.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Fix code indentation
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-10-31 20:44:30 +01:00
Even Rouault
e52909f4c7
Merge pull request #1163 from nforro/memory-and-resource-leaks
...
Fix several memory and resource leaks
2018-10-31 20:41:52 +01:00
Nikola Forró
943db0f1c2
Fix several memory and resource leaks
...
Signed-off-by: Nikola Forró <nforro@redhat.com>
2018-10-31 16:16:22 +01:00
Even Rouault
cd900d9661
opj_thread_pool_setup(): fix infinite waiting if a thread creation failed
2018-10-18 11:45:45 +02:00
Even Rouault
0e6a5553cf
Merge pull request #1148 from hlef/master
...
CVE-2018-5785: fix issues with zero bitmasks
2018-09-22 23:54:12 +02:00