summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-11-17Merge pull request #1218 from rouault/fix_broken_abi_checkEven Rouault
abi-check.sh: fix false postive ABI error, and display output error log
2019-11-17abi-check.sh: fix false postive ABI error, and display output error logEven Rouault
There is currently a false positive ABI check failure between v2.3.1 and current. It disappears when removing the generated reports of v2.3.1 and recreating them. It is likely that some tooling has evolved since the initial v2.3.1 report generation.
2019-11-17pi.c: avoid integer overflow, resulting in later invalid access to memory in ↵Even Rouault
opj_t2_decode_packets(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
2019-10-03opj_tcd_mct_decode()/opj_mct_decode()/opj_mct_encode_real()/opj_mct_decode_r ↵Even Rouault
eal(): proper deal with a number of samples larger than 4 billion (refs #1151)
2019-09-03Merge pull request #1164 from sebras/masterEven Rouault
openjp2/j2k: Report error if all wanted components are not decoded.
2019-06-15opj_decompress_fuzzer: remove checks regarding input dimensions (fixes #1079)Even Rouault
2019-05-26test_decode_area.c: assign tdy to *ptileh instead of *ptilew (fixes #1195)Even Rouault
2019-04-26Merge pull request #1185 from Young-X/fixEven Rouault
Fix several potential vulnerabilities
2019-04-25Merge pull request #1192 from rouault/poc_fixesEven Rouault
compression: emit POC marker when only one single POC is requested (f…
2019-04-25Change opj_j2k_check_poc_val() to take into account tile numberEven Rouault
2019-04-25Add test for previous commitEven Rouault
2019-04-25Fix POC in multi-tile scenarios: avoid almost endless loop when a tile has ↵Even Rouault
no POC settings
2019-04-25Add test for previous commitEven Rouault
2019-04-25opj_j2k_check_poc_val(): prevent potential write outside of allocated arrayEven Rouault
2019-04-25opj_j2k_check_poc_val(): fix starting index for checking layer dimensionEven Rouault
The standard mandates that the layer index always starts at zero for every progression.
2019-04-25compression: emit POC marker when only one single POC is requested (fixes #1191)Even Rouault
2019-04-23j2k.c: use correct naming convention for total_data_size variableEven Rouault
2019-04-15bmp_read_rle4_data(): avoid potential infinite loopYoung Xiao
2019-04-15convertbmp: detect invalid file dimensions earlyYoung Xiao
width/length dimensions read from bmp headers are not necessarily valid. For instance they may have been maliciously set to very large values with the intention to cause DoS (large memory allocation, stack overflow). In these cases we want to detect the invalid size as early as possible. This commit introduces a counter which verifies that the number of written bytes corresponds to the advertized width/length. See commit 8ee335227bbc for details. Signed-off-by: Young Xiao <YangX92@hotmail.com>
2019-04-02Comment back opj_previous_version in abi_check.shAntonin Descampe
2019-04-02Update version number for automatic abi checkAntonin Descampe
2019-04-02update token for appveyor auto releasev2.3.1Antonin Descampe
2019-04-02update token for automatic releaseAntonin Descampe
2019-04-02Update for release 2.3.1Antonin Descampe
2019-04-02Update for release 2.3.1Antonin Descampe
2019-04-02update for release 2.3.1Antonin Descampe
2019-04-02Update BUILD version for release 2.3.1Antonin Descampe
2019-03-29Merge pull request #1188 from rouault/fix_abi_checkEven Rouault
abi-check.sh: fix broken download URL
2019-03-29abi-check.sh: fix broken download URLEven Rouault
2019-03-29Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblksEven Rouault
opj_t1_encode_cblks: fix UBSAN signed integer overflow
2019-03-29opj_t1_encode_cblks: fix UBSAN signed integer overflowEven Rouault
Fixes #1053 / CVE-2018-5727 Note: I don't consider this issue to be a security vulnerability, in practice. At least with gcc or clang compilers on x86_64 which generate the same assembly code with or without that fix.
2019-03-29Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"Even Rouault
This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28. This commit doesn't compile due to missing OPJ_UINT64 type
2019-03-29Revert "[MJ2] Avoid index out of bounds access to pi->include[]"Even Rouault
This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc. The commit didn't compile. include_size is not defined in openmj2
2019-02-21openjp2/j2k: Report error if all wanted components are not decoded.Sebastian Rasmussen
Previously the caller had to check whether each component data had been decoded. This means duplicating the checking in every user of openjpeg which is unnecessary. If the caller wantes to decode all or a set of, or a specific component then openjpeg ought to error out if it was unable to do so. Fixes #1158.
2018-12-21Merge pull request #1172 from hlef/masterEven Rouault
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
2018-12-14convertbmp: detect invalid file dimensions earlyHugo Lefeuvre
width/length dimensions read from bmp headers are not necessarily valid. For instance they may have been maliciously set to very large values with the intention to cause DoS (large memory allocation, stack overflow). In these cases we want to detect the invalid size as early as possible. This commit introduces a counter which verifies that the number of written bytes corresponds to the advertized width/length. Fixes #1059 (CVE-2018-6616).
2018-12-07Merge pull request #1168 from Young-X/fix_devEven Rouault
Fix multiple potential vulnerabilities and bugs
2018-11-28[JPWL] tgatoimage(): avoid excessive memory allocation attempt,Young Xiao
and fixes unaligned load Signed-off-by: Young Xiao <YangX92@hotmail.com>
2018-11-28 [JP3D] To avoid divisions by zero / undefined behaviour on shift ↵Young_X
(CVE-2018-14423 Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 [JPWL] opj_compress: reorder checks related to code block dimensions to ↵Young_X
avoid potential int overflow Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in functionYoung_X
opj_get_encoding_parameters Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28[MJ2] Avoid index out of bounds access to pi->include[]Young_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28Merge pull request #1170 from rouault/fix_color_apply_icc_profileEven Rouault
color_apply_icc_profile: avoid potential heap buffer overflow
2018-11-27color_apply_icc_profile: avoid potential heap buffer overflowEven Rouault
Derived from a patch by Thuan Pham
2018-11-23[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)Young_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23[JPWL] fix CVE-2018-16375Young_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23[MJ2] To avoid divisions by zero / undefined behaviour on shiftYoung_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-16Merge pull request #1160 from hlef/masterEven Rouault
jp3d/jpwl convert: fix write stack buffer overflow
2018-11-16openjp3d: Int overflow fixed (#1159)ichlubna
When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
2018-11-07jp2: convert: fix null pointer dereferenceHugo Lefeuvre
Tile components in a JP2 image might have null data pointer by defining a zero component size (for example using large horizontal or vertical sampling periods). This null data pointer leads to null image component data pointer, causing crash when dereferenced without != null check in imagetopnm. Add != null check. This commit addresses #1152 (CVE-2018-18088).
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-22 18:19:43 +0000