Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issues with "short" huf table and checking boundary conditions #1223

Merged
merged 1 commit into from
Jan 22, 2022
Merged

Fix issues with "short" huf table and checking boundary conditions #1223

merged 1 commit into from
Jan 22, 2022

Conversation

kdt3rd
Copy link
Contributor

@kdt3rd kdt3rd commented Jan 22, 2022

there was also a missing return value assign. Clean up macro definition to look like more natural code

Fixes OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43916

Signed-off-by: Kimball Thurston kdt3rd@gmail.com

@kdt3rd
Fix issues with a a "short" huf table and checking boundary condition…
6e9ef93 
…s, missing return value

Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
cary-ilm
cary-ilm approved these changes Jan 22, 2022
View reviewed changes
Copy link
Member

@cary-ilm cary-ilm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cary-ilm cary-ilm merged commit 12529bf into AcademySoftwareFoundation:master Jan 22, 2022
cary-ilm pushed a commit to cary-ilm/openexr that referenced this pull request Jan 23, 2022
@kdt3rd @cary-ilm
Fix issues with a a "short" huf table and checking boundary condition…
0eb4a0e 
…s, missing return value (AcademySoftwareFoundation#1223)

Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
cary-ilm pushed a commit that referenced this pull request Jan 23, 2022
@kdt3rd @cary-ilm
Fix issues with a a "short" huf table and checking boundary condition…
8493a0b 
…s, missing return value (#1223)

Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Feb 2, 2022
@0-wiz-0
openexr: update to 3.1.4.
7005372 
## Version 3.1.4 (January 26, 2022)

Patch release that addresses various issues:

* Several bug fixes to properly reject invalid input upon read
* A check to enable SSE2 when building with Visual Studio
* A check to fix building with VisualStudio on ARM64
* Update the automatically-downloaded version of Imath to v3.1.4
* Miscellaneous documentation improvements

This addresses one public security vulnerability:

* [CVE-2021-45942](https://nvd.nist.gov/vuln/detail/CVE-2021-45942) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

Specific OSS-fuzz issues:

* OSS-fuzz [43961](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43961) Heap-buffer-overflow in generic_unpack
* OSS-fuzz [43916](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43916) Heap-buffer-overflow in hufDecode
* OSS-fuzz [43763](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43763) Heap-buffer-overflow in internal_huf_decompress
* OSS-fuzz [43745](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43745) Floating-point-exception in internal_exr_compute_tile_information
* OSS-fuzz [43744](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43744) Divide-by-zero in internal_exr_compute_tile_information
* OSS-fuzz [42197](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42197) Out-of-memory in openexr_exrcheck_fuzzer
* OSS-fuzz [42001](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42001) Timeout in openexr_exrcheck_fuzzer
* OSS-fuzz [41999](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
* OSS-fuzz [41669](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41669) Integer-overflow in Imf_3_1::rleUncompress
* OSS-fuzz [41625](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41625) Heap-buffer-overflow in uncompress_b44_impl
* OSS-fuzz [41416](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
* OSS-fuzz [41075](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41075) Integer-overflow in Imf_3_1::copyIntoDeepFrameBuffer
* OSS-fuzz [40704](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40704) Crash in Imf_3_1::DeepTiledInputFile::readPixelSampleCounts
* OSS-fuzz [40702](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40702) Null-dereference in bool Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputFile>
* OSS-fuzz [40701](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40701) Null-dereference in bool Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputPart>
* OSS-fuzz [40423](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40423) Out-of-memory in openexr_exrcheck_fuzzer
* OSS-fuzz [40234](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40234) Heap-buffer-overflow in generic_unpack
* OSS-fuzz [40231](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40231) Heap-buffer-overflow in hufDecode
* OSS-fuzz [40091](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40091) Heap-buffer-overflow in hufDecode

Merged Pull Requests:

* [1225](AcademySoftwareFoundation/openexr#1225)
Bazel build: Update Imath
* [1224](AcademySoftwareFoundation/openexr#1224)
Add error check to prevent corrupt files trying to unpack
* [1223](AcademySoftwareFoundation/openexr#1223)
Fix issues with a a "short" huf table and checking boundary conditions, missing return value
* [1222](AcademySoftwareFoundation/openexr#1222)
Fix OSS Fuzz 43763, 43745
* [1218](AcademySoftwareFoundation/openexr#1218)
OSS-Fuzz pass 15jan2022
* [1217](AcademySoftwareFoundation/openexr#1217)
Added missing check _M_IX86 or _M_X64 when using __lzcnt.
* [1216](AcademySoftwareFoundation/openexr#1216)
Corrected the check to enable SSE2 when building with Visual Studio.
* [1214](AcademySoftwareFoundation/openexr#1214)
prevent overflow in allocation of RLE buufer
* [1213](AcademySoftwareFoundation/openexr#1213)
add check for decompressed deepscanline datasize
* [1209](AcademySoftwareFoundation/openexr#1209)
enforce xSampling/ySampling==1 in CompositeDeepScanLine
* [1208](AcademySoftwareFoundation/openexr#1208)
Reduce memory consumption with very large deepscanline images
* [1206](AcademySoftwareFoundation/openexr#1206)
Update INSTALL.md
* [1205](AcademySoftwareFoundation/openexr#1205)
DeepScanlineInputFile now uses chunk size test from DeepTiledInputFile
* [1200](AcademySoftwareFoundation/openexr#1200)
Corrected Deep Docs & Example Code
* [1199](AcademySoftwareFoundation/openexr#1199)
Fix C++ DeepTile reading in Imf::CheckFile
* [1195](AcademySoftwareFoundation/openexr#1195)
Fix bugs in ImfCheckFile.cpp:readDeepTile()
* [1193](AcademySoftwareFoundation/openexr#1193)
mention multipart files in multiview doc
* [1191](AcademySoftwareFoundation/openexr#1191)
Replace Doxygen/Sphinx targets with "docs"
* [1190](AcademySoftwareFoundation/openexr#1190)
Add Compression section to "Reading and Writing Image Files" doc
* [1189](AcademySoftwareFoundation/openexr#1189)
Fix typo in readthedocs url
@kdt3rd kdt3rd deleted the fix_short_huf_bounds branch February 12, 2022 21:10
@devernay
Copy link

@kdt3rd it seems like it's possible to have legitimate EXR files that trigger this condition, so maybe this should not be an error: syoyo/tinyexr#160 (comment)

Also, should it be fixed in /~https://github.com/AcademySoftwareFoundation/openexr/blob/main/src/lib/OpenEXR/ImfHuf.cpp hich has a similar getCode() macro?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cary-ilm cary-ilm cary-ilm approved these changes

Assignees
No one assigned
Labels
v3.1.4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kdt3rd @devernay @cary-ilm