Fix C++ DeepTile reading in Imf::CheckFile #1199

peterhillman · 2021-11-10T02:12:22Z

Various fixes:

Slice strides were incorrect
Remove extraneous loop level in mipmap reading code
Skip reading tiles that have zero total samples to prevent warnings of indexing unallocated vectors

Fixes oss-fuzz issues:

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>

cary-ilm

LGTM

…#1199) * fix readDeepTile offsets and loops Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * skip reading empty tiles in ImfCheckFile Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>

* fix readDeepTile offsets and loops Signed-off-by: Peter Hillman <peterh@wetafx.co.nz> * skip reading empty tiles in ImfCheckFile Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>

## Version 3.1.4 (January 26, 2022) Patch release that addresses various issues: * Several bug fixes to properly reject invalid input upon read * A check to enable SSE2 when building with Visual Studio * A check to fix building with VisualStudio on ARM64 * Update the automatically-downloaded version of Imath to v3.1.4 * Miscellaneous documentation improvements This addresses one public security vulnerability: * [CVE-2021-45942](https://nvd.nist.gov/vuln/detail/CVE-2021-45942) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute Specific OSS-fuzz issues: * OSS-fuzz [43961](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43961) Heap-buffer-overflow in generic_unpack * OSS-fuzz [43916](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43916) Heap-buffer-overflow in hufDecode * OSS-fuzz [43763](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43763) Heap-buffer-overflow in internal_huf_decompress * OSS-fuzz [43745](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43745) Floating-point-exception in internal_exr_compute_tile_information * OSS-fuzz [43744](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43744) Divide-by-zero in internal_exr_compute_tile_information * OSS-fuzz [42197](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42197) Out-of-memory in openexr_exrcheck_fuzzer * OSS-fuzz [42001](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42001) Timeout in openexr_exrcheck_fuzzer * OSS-fuzz [41999](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute * OSS-fuzz [41669](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41669) Integer-overflow in Imf_3_1::rleUncompress * OSS-fuzz [41625](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41625) Heap-buffer-overflow in uncompress_b44_impl * OSS-fuzz [41416](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416) Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute * OSS-fuzz [41075](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41075) Integer-overflow in Imf_3_1::copyIntoDeepFrameBuffer * OSS-fuzz [40704](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40704) Crash in Imf_3_1::DeepTiledInputFile::readPixelSampleCounts * OSS-fuzz [40702](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40702) Null-dereference in bool Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputFile> * OSS-fuzz [40701](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40701) Null-dereference in bool Imf_3_1::readDeepTile<Imf_3_1::DeepTiledInputPart> * OSS-fuzz [40423](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40423) Out-of-memory in openexr_exrcheck_fuzzer * OSS-fuzz [40234](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40234) Heap-buffer-overflow in generic_unpack * OSS-fuzz [40231](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40231) Heap-buffer-overflow in hufDecode * OSS-fuzz [40091](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40091) Heap-buffer-overflow in hufDecode Merged Pull Requests: * [1225](AcademySoftwareFoundation/openexr#1225) Bazel build: Update Imath * [1224](AcademySoftwareFoundation/openexr#1224) Add error check to prevent corrupt files trying to unpack * [1223](AcademySoftwareFoundation/openexr#1223) Fix issues with a a "short" huf table and checking boundary conditions, missing return value * [1222](AcademySoftwareFoundation/openexr#1222) Fix OSS Fuzz 43763, 43745 * [1218](AcademySoftwareFoundation/openexr#1218) OSS-Fuzz pass 15jan2022 * [1217](AcademySoftwareFoundation/openexr#1217) Added missing check _M_IX86 or _M_X64 when using __lzcnt. * [1216](AcademySoftwareFoundation/openexr#1216) Corrected the check to enable SSE2 when building with Visual Studio. * [1214](AcademySoftwareFoundation/openexr#1214) prevent overflow in allocation of RLE buufer * [1213](AcademySoftwareFoundation/openexr#1213) add check for decompressed deepscanline datasize * [1209](AcademySoftwareFoundation/openexr#1209) enforce xSampling/ySampling==1 in CompositeDeepScanLine * [1208](AcademySoftwareFoundation/openexr#1208) Reduce memory consumption with very large deepscanline images * [1206](AcademySoftwareFoundation/openexr#1206) Update INSTALL.md * [1205](AcademySoftwareFoundation/openexr#1205) DeepScanlineInputFile now uses chunk size test from DeepTiledInputFile * [1200](AcademySoftwareFoundation/openexr#1200) Corrected Deep Docs & Example Code * [1199](AcademySoftwareFoundation/openexr#1199) Fix C++ DeepTile reading in Imf::CheckFile * [1195](AcademySoftwareFoundation/openexr#1195) Fix bugs in ImfCheckFile.cpp:readDeepTile() * [1193](AcademySoftwareFoundation/openexr#1193) mention multipart files in multiview doc * [1191](AcademySoftwareFoundation/openexr#1191) Replace Doxygen/Sphinx targets with "docs" * [1190](AcademySoftwareFoundation/openexr#1190) Add Compression section to "Reading and Writing Image Files" doc * [1189](AcademySoftwareFoundation/openexr#1189) Fix typo in readthedocs url

peterhillman added 2 commits November 10, 2021 12:12

fix readDeepTile offsets and loops

6c38c91

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>

skip reading empty tiles in ImfCheckFile

320ed25

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>

cary-ilm approved these changes Nov 12, 2021

View reviewed changes

cary-ilm merged commit dec6ddd into AcademySoftwareFoundation:master Nov 12, 2021

cary-ilm added the v3.1.4 label Mar 22, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix C++ DeepTile reading in Imf::CheckFile #1199

Fix C++ DeepTile reading in Imf::CheckFile #1199

peterhillman commented Nov 10, 2021

cary-ilm left a comment

Fix C++ DeepTile reading in Imf::CheckFile #1199

Fix C++ DeepTile reading in Imf::CheckFile #1199

Conversation

peterhillman commented Nov 10, 2021

cary-ilm left a comment

Choose a reason for hiding this comment