add sanity check for reading multipart files with no parts #840
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Peter Hillman <[email protected]>
meshula
approved these changes
Sep 18, 2020
peterhillman
added a commit
to peterhillman/openexr
that referenced
this pull request
Dec 7, 2020
…ftwareFoundation#840) Signed-off-by: Peter Hillman <[email protected]>
cary-ilm
added a commit
that referenced
this pull request
Dec 30, 2020
…tests (#875) * ignore unused bits in B44 mode detection Signed-off-by: Peter Hillman <[email protected]> * apply #832: use unsigned values in shift to prevent undefined behavior Signed-off-by: Peter Hillman <[email protected]> * apply #818: compute Huf codelengths using 64 bit to prevent shift overflow Signed-off-by: Peter Hillman <[email protected]> * apply #817: double-check unpackedBuffer created in DWA uncompress Signed-off-by: Peter Hillman <[email protected]> * apply #820: suppress sanitizer warnings when writing invalid enums Signed-off-by: Peter Hillman <[email protected]> * apply #825: Avoid overflow in calculateNumTiles when size=MAX_INT Signed-off-by: Peter Hillman <[email protected]> * apply #826: restrict maximum tile size to INT_MAX byte limit Signed-off-by: Peter Hillman <[email protected]> * apply #827: lighter weight reading of Luma-only images via RgbaInputFile Signed-off-by: Peter Hillman <[email protected]> * refactor channel filling in InputFile API with tiled source Signed-off-by: Peter Hillman <[email protected]> * handle edge-case of empty framebuffer Signed-off-by: Peter Hillman <[email protected]> * apply #829: fix buffer overflow check in PIZ decompression Signed-off-by: Peter Hillman <[email protected]> * Use Int64 in dataWindowForTile to prevent integer overflow (#831) * Use Int64 in dataWindowForTile to prevent integer overflow Signed-off-by: Peter Hillman <[email protected]> * use signed 64 bit instead for dataWindow calculation Signed-off-by: Peter Hillman <[email protected]> Co-authored-by: Cary Phillips <[email protected]> Signed-off-by: Peter Hillman <[email protected]> * prevent overflow in hufUncompress if nBits is large (#836) Signed-off-by: Peter Hillman <[email protected]> * add sanity check for reading multipart files with no parts (#840) Signed-off-by: Peter Hillman <[email protected]> * reduce B44 _tmpBufferSize (was allocating two bytes per byte) (#843) Signed-off-by: Peter Hillman <[email protected]> * check for valid Huf code lengths (#849) * check for valid Huf code lengths * test non-fast huf decoder in testHuf Signed-off-by: Peter Hillman <[email protected]> * check 1 part files with 'nonimage' bit have type attribute (#860) Signed-off-by: Peter Hillman <[email protected]> Co-authored-by: Cary Phillips <[email protected]> Signed-off-by: Peter Hillman <[email protected]> * Fix overflow computing deeptile sample table size (#861) Signed-off-by: Peter Hillman <[email protected]> * re-order shift/compare in FastHuf to prevent undefined shift overflow warning (#819) Signed-off-by: Peter Hillman <[email protected]> Co-authored-by: Cary Phillips <[email protected]> Signed-off-by: Peter Hillman <[email protected]> * more elegant exception handling in exrmaketiled (#841) Signed-off-by: Peter Hillman <[email protected]> * check EXRAllocAligned succeeded to allocate ScanlineInputFile lineBuffers (#844) Signed-off-by: Peter Hillman <[email protected]> * test channels are DCT compressed before DWA decompression (#845) Signed-off-by: Peter Hillman <[email protected]> * Merge ABI-compatible changes from #842 Signed-off-by: Peter Hillman <[email protected]> Co-authored-by: Cary Phillips <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add test to protect against reading files with no parts/headers.
There is a check to prevent files with no parts being written, and the Technical Introduction declares that files must have at least one part.
Addresses https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25743
Signed-off-by: Peter Hillman [email protected]