reduce size limit for scanline files; prevent large chunkoffset allocations #824
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…et allocations Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
…into memorylimit
|
Moving the test earlier in the function should also address https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25156 |
cary-ilm
reviewed
Aug 27, 2020
OpenEXR/IlmImf/ImfMisc.h
Outdated
| // return the number of scanlines in each chunk of a scanlineimage for the given scheme | ||
| // | ||
| IMF_EXPORT int | ||
| numLinesInBuffer(Compression comp); |
There was a problem hiding this comment.
Since this is declared in ImfCompressor.h, does it need to be declared here, too?
cary-ilm
reviewed
Aug 27, 2020
| // | ||
| // avoid allocating excessive memory. | ||
| // If the chunktablesize claims to be large, | ||
| // check the file is big enough to contain the file before allocating memory |
There was a problem hiding this comment.
What do you mean "file is big enough to contain the file"? And is the trick here that the read with throw an exception if the size is off? If so, it would be good to state that's the expectation.
Same comment in ImfScanLineInputFile below, too.
There was a problem hiding this comment.
good catches: Dumb typing errors. It should make more sense now
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
cary-ilm
pushed a commit
to cary-ilm/openexr
that referenced
this pull request
May 12, 2021
…ations (AcademySoftwareFoundation#824) * reduce size limit for scanline files; protect against large chunkoffset allocations Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * bugfix for memory limit changes Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * rearrange chunkoffset test to protect bytesperline table too Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * remove extraneous function declaration; tidy comments Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm
pushed a commit
to cary-ilm/openexr
that referenced
this pull request
May 12, 2021
…ations (AcademySoftwareFoundation#824) * reduce size limit for scanline files; protect against large chunkoffset allocations Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * bugfix for memory limit changes Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * rearrange chunkoffset test to protect bytesperline table too Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * remove extraneous function declaration; tidy comments Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com>
cary-ilm
added a commit
that referenced
this pull request
May 16, 2021
* double-check unpackedBuffer created in DWA uncompress Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com> * compute Huf codelengths using 64 bit to prevent shift overflow Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com> * Avoid overflow in calculateNumTiles when size=MAX_INT (#825) * Avoid overflow in calculateNumTiles when size=MAX_INT Signed-off-by: Cary Phillips <cary@ilm.com> * Compute level size with 64 bits to avoid overflow Signed-off-by: Cary Phillips <cary@ilm.com> * More efficient handling of filled channels reading tiles with scanline API (#830) * refactor channel filling in InputFile API with tiled source Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * handle edge-case of empty framebuffer Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com> * fix undefined behavior: ignore unused bits in B44 mode detection (#832) Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com> * Fix overflow computing deeptile sample table size (#861) Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com> * sanity check ScanlineInput bytesPerLine instead of lineOffset size (#863) Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Co-authored-by: Cary Phillips <cary@ilm.com> Signed-off-by: Cary Phillips <cary@ilm.com> * Release notes for v2.4.3 Signed-off-by: Cary Phillips <cary@ilm.com> * Bump version for v2.4.3 Signed-off-by: Cary Phillips <cary@ilm.com> * reduce size limit for scanline files; prevent large chunkoffset allocations (#824) * reduce size limit for scanline files; protect against large chunkoffset allocations Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * bugfix for memory limit changes Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * rearrange chunkoffset test to protect bytesperline table too Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * remove extraneous function declaration; tidy comments Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> Signed-off-by: Cary Phillips <cary@ilm.com> * Change v2.4.3 release date to May 17, and clean up urls Signed-off-by: Cary Phillips <cary@ilm.com> Co-authored-by: Peter Hillman <peterh@wetafx.co.nz>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change introduces a new function into the API
Specially crafted OpenEXR files can cause large amounts of memory to be allocated by the library when reading code, even if the file is very small. This PR proposes two ways to mitigate this:
It is not known if any legitimate EXRs exist that have more than 2GB of uncompressed data per scanline chunk. If so, they will rely on effective compression to prevent the compressed data size exceeding 2GB. Such files will have many channels (in which case using multiple parts would be more appropriate) or very wide scanlines (in which case tiled images would be more appropriate). Uncompressed files, and zip-single compressed files, are not affected by this change.
This PR moves
int numLinesInBuffer(Compression comp)into ImfCompressor.h and makes it part of the API. It previously was in an anonymous namespace.Addresses the following oss-fuzz issues:
Signed-off-by: Peter Hillman peterh@wetafx.co.nz