Avoid div by zero with test for bad chromaticities in RGBtoXYZ #1153
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
meshula
approved these changes
Sep 22, 2021
cary-ilm
reviewed
Sep 23, 2021
| @@ -66,6 +68,11 @@ RGBtoXYZ (const Chromaticities &chroma, float Y) | |||
| // X and Z values of RGB value (1, 1, 1), or "white" | |||
| // | |||
|
|
|||
| if (chroma.white.y==0.0f) | |||
There was a problem hiding this comment.
A better test here is to check for overflow, since very small y can cause problems, too:
if (chroma.white.x * Y >= chroma.white.y * FLT_MAX)
throw
In other words, validate that the result of the division (i.e. X) is < FLT_MAX before doing the division.
There was a problem hiding this comment.
Does that test only work for positive numbers?
| @@ -77,6 +84,16 @@ RGBtoXYZ (const Chromaticities &chroma, float Y) | |||
| chroma.blue.x * (chroma.green.y - chroma.red.y) + | |||
| chroma.green.x * (chroma.red.y - chroma.blue.y); | |||
|
|
|||
|
|
|||
| if (d==0.0f) | |||
There was a problem hiding this comment.
You can do the same below, although better to compute the numerators first.
cary-ilm
reviewed
Sep 24, 2021
| { | ||
| throw std::invalid_argument("Bad chromaticities: white.y cannot be zero"); | ||
| } | ||
|
|
There was a problem hiding this comment.
How about:
Suggested change
| if (abs(chroma.white.y) <= 1 && abs(chroma.white.x*Y) >= abs(chroma.white.y) * FLT_MAX) | |
| throw std::invalid_argument("Bad chromaticities: white.y cannot be zero") |
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
cary-ilm
pushed a commit
to cary-ilm/openexr
that referenced
this pull request
Sep 24, 2021
…mySoftwareFoundation#1153) * stop div by zero by catching bad chromaticities Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * add include to ImfChromaticities for new exception Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * better detection of division by zero Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
cary-ilm
pushed a commit
that referenced
this pull request
Sep 29, 2021
* stop div by zero by catching bad chromaticities Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * add include to ImfChromaticities for new exception Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * better detection of division by zero Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Address https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084
Test case has identical x,y coordinates for all chromaticities, but RGBtoXYZ will cause a division by zero with other degenerate chromaticities. This change throws an exception before doing a divide by zero, which is undefined behavior.
Maybe there should be a method that does a more complete check that the chromaticities are valid, and Header::sanityCheck should use that to disallow writing files with nonsensical chromaticities. (Primaries must form a triangle with non-zero area, the white point must be inside that triangle, and cannot have a zero y coordinate)
RGBtoXYZ is used to read Yuv-encoded files with the Rgba interface, and to read files with non-ACES primaries using the AcesInputFile API.
Signed-off-by: Peter Hillman peterh@wetafx.co.nz