summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-04-25Add test for previous commitEven Rouault
2019-04-25opj_j2k_check_poc_val(): prevent potential write outside of allocated arrayEven Rouault
2019-04-25opj_j2k_check_poc_val(): fix starting index for checking layer dimensionEven Rouault
The standard mandates that the layer index always starts at zero for every progression.
2019-04-25compression: emit POC marker when only one single POC is requested (fixes #1191)Even Rouault
2019-04-23j2k.c: use correct naming convention for total_data_size variableEven Rouault
2019-04-15bmp_read_rle4_data(): avoid potential infinite loopYoung Xiao
2019-04-15convertbmp: detect invalid file dimensions earlyYoung Xiao
width/length dimensions read from bmp headers are not necessarily valid. For instance they may have been maliciously set to very large values with the intention to cause DoS (large memory allocation, stack overflow). In these cases we want to detect the invalid size as early as possible. This commit introduces a counter which verifies that the number of written bytes corresponds to the advertized width/length. See commit 8ee335227bbc for details. Signed-off-by: Young Xiao <YangX92@hotmail.com>
2019-04-02Comment back opj_previous_version in abi_check.shAntonin Descampe
2019-04-02Update version number for automatic abi checkAntonin Descampe
2019-04-02update token for appveyor auto releasev2.3.1Antonin Descampe
2019-04-02update token for automatic releaseAntonin Descampe
2019-04-02Update for release 2.3.1Antonin Descampe
2019-04-02Update for release 2.3.1Antonin Descampe
2019-04-02update for release 2.3.1Antonin Descampe
2019-04-02Update BUILD version for release 2.3.1Antonin Descampe
2019-03-29Merge pull request #1188 from rouault/fix_abi_checkEven Rouault
abi-check.sh: fix broken download URL
2019-03-29abi-check.sh: fix broken download URLEven Rouault
2019-03-29Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblksEven Rouault
opj_t1_encode_cblks: fix UBSAN signed integer overflow
2019-03-29opj_t1_encode_cblks: fix UBSAN signed integer overflowEven Rouault
Fixes #1053 / CVE-2018-5727 Note: I don't consider this issue to be a security vulnerability, in practice. At least with gcc or clang compilers on x86_64 which generate the same assembly code with or without that fix.
2019-03-29Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"Even Rouault
This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28. This commit doesn't compile due to missing OPJ_UINT64 type
2019-03-29Revert "[MJ2] Avoid index out of bounds access to pi->include[]"Even Rouault
This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc. The commit didn't compile. include_size is not defined in openmj2
2019-02-21openjp2/j2k: Report error if all wanted components are not decoded.Sebastian Rasmussen
Previously the caller had to check whether each component data had been decoded. This means duplicating the checking in every user of openjpeg which is unnecessary. If the caller wantes to decode all or a set of, or a specific component then openjpeg ought to error out if it was unable to do so. Fixes #1158.
2018-12-21Merge pull request #1172 from hlef/masterEven Rouault
convertbmp: detect invalid file dimensions early (CVE-2018-6616)
2018-12-14convertbmp: detect invalid file dimensions earlyHugo Lefeuvre
width/length dimensions read from bmp headers are not necessarily valid. For instance they may have been maliciously set to very large values with the intention to cause DoS (large memory allocation, stack overflow). In these cases we want to detect the invalid size as early as possible. This commit introduces a counter which verifies that the number of written bytes corresponds to the advertized width/length. Fixes #1059 (CVE-2018-6616).
2018-12-07Merge pull request #1168 from Young-X/fix_devEven Rouault
Fix multiple potential vulnerabilities and bugs
2018-11-28[JPWL] tgatoimage(): avoid excessive memory allocation attempt,Young Xiao
and fixes unaligned load Signed-off-by: Young Xiao <YangX92@hotmail.com>
2018-11-28 [JP3D] To avoid divisions by zero / undefined behaviour on shift ↵Young_X
(CVE-2018-14423 Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28 [JPWL] opj_compress: reorder checks related to code block dimensions to ↵Young_X
avoid potential int overflow Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in functionYoung_X
opj_get_encoding_parameters Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28[MJ2] Avoid index out of bounds access to pi->include[]Young_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-28Merge pull request #1170 from rouault/fix_color_apply_icc_profileEven Rouault
color_apply_icc_profile: avoid potential heap buffer overflow
2018-11-27color_apply_icc_profile: avoid potential heap buffer overflowEven Rouault
Derived from a patch by Thuan Pham
2018-11-23[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)Young_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23[JPWL] fix CVE-2018-16375Young_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23[MJ2] To avoid divisions by zero / undefined behaviour on shiftYoung_X
Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-16Merge pull request #1160 from hlef/masterEven Rouault
jp3d/jpwl convert: fix write stack buffer overflow
2018-11-16openjp3d: Int overflow fixed (#1159)ichlubna
When compressing a lot of slices (starting from 44 FullHD slices with 3 8bit components in our experiments) the rate values are high enough to cause an int overflow that leads to negative lengths and wrong results. The cast happens too late.
2018-11-07jp2: convert: fix null pointer dereferenceHugo Lefeuvre
Tile components in a JP2 image might have null data pointer by defining a zero component size (for example using large horizontal or vertical sampling periods). This null data pointer leads to null image component data pointer, causing crash when dereferenced without != null check in imagetopnm. Add != null check. This commit addresses #1152 (CVE-2018-18088).
2018-11-01jp3d/jpwl convert: fix write stack buffer overflowHugo Lefeuvre
Missing buffer length formatter in fscanf call might lead to write stack buffer overflow. fixes #1044 (CVE-2017-17480)
2018-10-31Fix some potential overflow issues (#1161)Stefan Weil
* Fix some potential overflow issues Put sizeof to the beginning of the multiplication to enforce that size_t instead of smaller integer types is used for the calculation. This fixes warnings from LGTM: Multiplication result may overflow 'unsigned int' before it is converted to 'unsigned long'. It also allows removing some type casts. Signed-off-by: Stefan Weil <sw@weilnetz.de> * Fix code indentation Signed-off-by: Stefan Weil <sw@weilnetz.de>
2018-10-31Merge pull request #1163 from nforro/memory-and-resource-leaksEven Rouault
Fix several memory and resource leaks
2018-10-31Fix several memory and resource leaksNikola Forró
Signed-off-by: Nikola Forró <nforro@redhat.com>
2018-10-18opj_thread_pool_setup(): fix infinite waiting if a thread creation failedEven Rouault
2018-09-22Merge pull request #1148 from hlef/masterEven Rouault
CVE-2018-5785: fix issues with zero bitmasks
2018-09-22opj_jp2_apply_pclr(): remove useless assert that can trigger on some files ↵Even Rouault
(fixes #1125)
2018-09-22Merge branch 'pr1095'Even Rouault
2018-09-22opj_mj2_extract: Check provided output prefix for lengthKarol Babioch
This uses snprintf() with correct buffer length instead of sprintf(), which prevents a buffer overflow when providing a long output prefix. Furthermore the program exits with an error when the provided output prefix is too long. Fixes #1088.
2018-09-22Merge branch 'pr1107'Even Rouault
2018-09-22opj_mj2_extract: Avoid segfault for long filenamesszukw000
2018-09-22Merge pull request #1136 from reverson/masterEven Rouault
Cast on uint ceildiv
generated by cgit v1.2.3 (git 2.46.0) at 2026-05-22 21:26:35 +0000