-
Notifications
You must be signed in to change notification settings - Fork 628
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security fixes #401
security fixes #401
Conversation
This puts the version numbers into one file, and the settings and variables for building into another, that is then replicated and conditionally included when building a standalone package. Signed-off-by: Kimball Thurston <[email protected]>
Since these modules are binaries, not libraries, there is no need to support pkgconfig for them.
…ecifically calling out the proper Visual Studio version.
Signed-off-by: John Mertic <[email protected]>
Hey, I apologize, we needed to do a force push to fix up a couple of historical commits that were merged prior to clean up, could you rebase / cherry pick your commits against the new master and re-push this? And thanks for trying to fix these! Once we get our history cleaned up, will start the review - I have only briefly looked, but I think there are a couple of modifications for other corner cases we should add to make the fixes more complete. |
@kdt3rd, should I do right now? |
PR AcademySoftwareFoundation#401 had conflicts, and some of the checks were not in a central location. This incorporates those changes, moving the extra range checks to the central sanityCheck already in ImfHeader. Then adds a new utility function for computing the pointer offsets that can prevent simple overflow when there are large offsets from origin or widths with subsampling. Signed-off-by: Kimball Thurston <[email protected]> Co-Authored-By: pgajdos <[email protected]>
Hey, it looks like we were modifying some common places. I've added a new commit on my PR #414 that should include your fixes (although actually moves the range checks you added to the common sanityCheck in ImfHeader), and then added a utility function to fix the pointer math in a few places. Could you test that it still fixes the issues you were addressing? Thanks in advance |
@kdt3rd, I will happy to test. However I need compilable patch on the top of openexr-2.3.0 sources. See |
PR AcademySoftwareFoundation#401 had conflicts, and some of the checks were not in a central location. This incorporates those changes, moving the extra range checks to the central sanityCheck already in ImfHeader. Then adds a new utility function for computing the pointer offsets that can prevent simple overflow when there are large offsets from origin or widths with subsampling. Signed-off-by: Kimball Thurston <[email protected]> Co-Authored-By: pgajdos <[email protected]>
PR #401 had conflicts, and some of the checks were not in a central location. This incorporates those changes, moving the extra range checks to the central sanityCheck already in ImfHeader. Then adds a new utility function for computing the pointer offsets that can prevent simple overflow when there are large offsets from origin or widths with subsampling. Signed-off-by: Kimball Thurston <[email protected]> Co-Authored-By: pgajdos <[email protected]>
PR #401 had conflicts, and some of the checks were not in a central location. This incorporates those changes, moving the extra range checks to the central sanityCheck already in ImfHeader. Then adds a new utility function for computing the pointer offsets that can prevent simple overflow when there are large offsets from origin or widths with subsampling. Signed-off-by: Kimball Thurston <[email protected]> Co-Authored-By: pgajdos <[email protected]>
ah, sorry, patch is fixed against master, and now merged to the release/2.3 branch. If you could validate that I pulled in (or have a more general version) of your fixes, would appreciate it, and will close this one out. Thank you again for testing and helping! |
BEFORE
AFTER
BEFORE
AFTER
BEFORE
AFTER
BEFORE
AFTER
From my point of view, it is fixed in openexr-2.3.0 plus 45f9912, a7eec54 and ec64836. I would not claim me as coauthor of any of the changes, there's no line left from original patch, consider it rather as a hint. |
Thanks for confirming, I believe I used your fix for the image::black function still, but all good - appreciate the help. Hopefully with the revived project under the ASWF, we will handle these kinds of things a bit more expediently in the future. Closing this one out for now. |
PR AcademySoftwareFoundation#401 had conflicts, and some of the checks were not in a central location. This incorporates those changes, moving the extra range checks to the central sanityCheck already in ImfHeader. Then adds a new utility function for computing the pointer offsets that can prevent simple overflow when there are large offsets from origin or widths with subsampling. Signed-off-by: Kimball Thurston <[email protected]> Co-Authored-By: pgajdos <[email protected]>
Should fix #232 and #351.
#232 is little bit problematic, as same overflow will probably happen in applications using similar code as in exrmakepreview or exrmaketiled around setFrameBuffer(), for example kimageformats and vigra. Perhaps some other check could be introduced in library itself?