Fix multiple potential vulnerabilities and bugs #1168
Conversation
Signed-off-by: Young_X <[email protected]>
Signed-off-by: Young_X <[email protected]>
…clouvain#987) Signed-off-by: Young_X <[email protected]>
| cmap_len = get_ushort(*(unsigned short*)(&tga[5])); | ||
| cmap_len = get_tga_ushort(*(unsigned short*)(&tga[5])); |
There was a problem hiding this comment.
I suspect this doesn't compile... Line 135 should be removed as it is effectively overrideen by line 136. Similar instances below
There was a problem hiding this comment.
I have fixed that by make a new pr.
rouault
changed the title
Signed-off-by: Young_X <[email protected]>
… function opj_get_encoding_parameters Signed-off-by: Young_X <[email protected]>
… to avoid potential int overflow Signed-off-by: Young_X <[email protected]>
…E-2018-14423 Signed-off-by: Young_X <[email protected]>
and fixes unaligned load Signed-off-by: Young Xiao <[email protected]>
|
Ping |
There was a problem hiding this comment.
I believe this commit is OK.But when looking a bit the context, the cast to OPJ_INT32 and the type of the p_tx0, etc argument is suspicious. They shoud likely be OPJ_UINT32 and in the opj_pi_update_encode_poc_and_final() and opj_pi_update_encode_not_poc() functions as well
rouault
changed the title
@rouault it seems commit e1740e7 was supposed to fix CVE-2018-20846, which is about out-of-bound accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl . With that commit reverted, is there a patch for that CVE? Thanks. |
no |
Fix multiple potential vulnerabilities and bugs