fix(dpx): Several safety fixes for corrupt DPX files#5170
Merged
lgritz merged 2 commits intoAcademySoftwareFoundation:mainfrom May 4, 2026
Merged
fix(dpx): Several safety fixes for corrupt DPX files#5170lgritz merged 2 commits intoAcademySoftwareFoundation:mainfrom
lgritz merged 2 commits intoAcademySoftwareFoundation:mainfrom
Conversation
* SWAPRGBABytes convert to span-based * check_open for dpx files to check for reasonable/legal resolutions and channel counts * comment out function declarations not used by OIIO * overflow safety, replace int with size_t and use safe_mult64 Signed-off-by: Larry Gritz <lg@larrygritz.com>
Signed-off-by: Larry Gritz <lg@larrygritz.com>
lgritz
added a commit
to lgritz/OpenImageIO
that referenced
this pull request
May 4, 2026
…Foundation#5170) * SWAPRGBABytes: convert to from raw pointers to span-based. * A variety of overflow safety fixes, replace int (32 bit) with size_t or int64_t and use safe_mult64. * Use ImageInput::check_open() for dpx files to check for reasonable/legal resolutions and channel counts * Comment out more function declarations not used by OIIO. Aside: I should say, this code was originally imported/vendored from another project by Patrick Palmer: https://github.com/PatrickPalmer/dpx We imagined it might be an ongoing/improving work, so we made some very minor changes here and there but endeavoured to make as little change as possible -- even excluding it from our clang-format rules! -- so that we could diff against the changing dpx project and pull in any changes or even use it as an external dependency. But as you can see if you go there, it hasn't had any modifications for 17 years! So we never needed the "feature" of minimizing divergence from the original. And now I think with the rate of discovery and reporting of vulnerabilities and bugs accelerating, the pressure is on to make this code "safer," for example with these changes in this PR. I think it's time to give up the pretense entirely and just allow ourselves to fully absorb this code as our own, be unconcerned about divergence. So after this PR is merged, I expect follow-ons to: - Once and for all, fully remove the "dead code" parts that we commented out because they aren't used in OIIO. - Allow clang-format to process these files and bring them into formatting unity with the rest of OIIO. - Convert all the raw pointer use to spans - Remove redundant code -- functions in the original dpx project that were functionality equivalent to things already in OIIO -- where we kept the originals in place for the sake of minimizing divergence. Let's just use the OIIO ones we use everywhere else, in cases where they already exist. - Root out all remaining overflow and bounds issues, some of the new LLM based tools are really good at finding those. --------- Signed-off-by: Larry Gritz <lg@larrygritz.com>
lgritz
added a commit
to lgritz/OpenImageIO
that referenced
this pull request
May 4, 2026
…Foundation#5170) * SWAPRGBABytes: convert to from raw pointers to span-based. * A variety of overflow safety fixes, replace int (32 bit) with size_t or int64_t and use safe_mult64. * Use ImageInput::check_open() for dpx files to check for reasonable/legal resolutions and channel counts * Comment out more function declarations not used by OIIO. Aside: I should say, this code was originally imported/vendored from another project by Patrick Palmer: https://github.com/PatrickPalmer/dpx We imagined it might be an ongoing/improving work, so we made some very minor changes here and there but endeavoured to make as little change as possible -- even excluding it from our clang-format rules! -- so that we could diff against the changing dpx project and pull in any changes or even use it as an external dependency. But as you can see if you go there, it hasn't had any modifications for 17 years! So we never needed the "feature" of minimizing divergence from the original. And now I think with the rate of discovery and reporting of vulnerabilities and bugs accelerating, the pressure is on to make this code "safer," for example with these changes in this PR. I think it's time to give up the pretense entirely and just allow ourselves to fully absorb this code as our own, be unconcerned about divergence. So after this PR is merged, I expect follow-ons to: - Once and for all, fully remove the "dead code" parts that we commented out because they aren't used in OIIO. - Allow clang-format to process these files and bring them into formatting unity with the rest of OIIO. - Convert all the raw pointer use to spans - Remove redundant code -- functions in the original dpx project that were functionality equivalent to things already in OIIO -- where we kept the originals in place for the sake of minimizing divergence. Let's just use the OIIO ones we use everywhere else, in cases where they already exist. - Root out all remaining overflow and bounds issues, some of the new LLM based tools are really good at finding those. --------- Signed-off-by: Larry Gritz <lg@larrygritz.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Aside:
I should say, this code was originally imported/vendored from another project by Patrick Palmer: https://github.com/PatrickPalmer/dpx
We imagined it might be an ongoing/improving work, so we made some very minor changes here and there but endeavoured to make as little change as possible -- even excluding it from our clang-format rules! -- so that we could diff against the changing dpx project and pull in any changes or even use it as an external dependency.
But as you can see if you go there, it hasn't had any modifications for 17 years! So we never needed the "feature" of minimizing divergence from the original. And now I think with the rate of discovery and reporting of vulnerabilities and bugs accelerating, the pressure is on to make this code "safer," for example with these changes in this PR.
I think it's time to give up the pretense entirely and just allow ourselves to fully absorb this code as our own, be unconcerned about divergence. So after this PR is merged, I expect follow-ons to: