Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add buffer size validation to FastHuf decode #896

Merged
merged 1 commit into from
Jan 13, 2021
Merged

add buffer size validation to FastHuf decode #896

merged 1 commit into from
Jan 13, 2021

Conversation

peterhillman
Copy link
Contributor

address https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29106 by adding extra sanity check to buffer size

Signed-off-by: Peter Hillman peterh@wetafx.co.nz

@peterhillman
add buffer size validation to FastHuf decode
a814f2e 
Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
cary-ilm
cary-ilm approved these changes Jan 13, 2021
View reviewed changes
Copy link
Member

@cary-ilm cary-ilm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cary-ilm cary-ilm merged commit 1c0d8f7 into AcademySoftwareFoundation:master Jan 13, 2021
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Mar 17, 2021
ilmbase, openexr: update to 2.5.5
d54cded 
## Version 2.5.5 (February 12, 2021)

Patch release with various bug/sanitizer/security fixes, primarily
related to reading corrupted input files, but also a fix for universal
build support on macOS.

Specific OSS-fuzz issues include:

* OSS-fuzz [#30291](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30291)
* OSS-fuzz [#29106](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29106)
* OSS-fuzz [#28971](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28971)
* OSS-fuzz [#29829](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29829)
* OSS-fuzz [#30121](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30121)

### Merged Pull Requests

* [#914](AcademySoftwareFoundation/openexr#914) additional verification of DWA data sizes
* [#910](AcademySoftwareFoundation/openexr#910) update tileoffset sanitycheck to handle ripmaps
* [#903](AcademySoftwareFoundation/openexr#903) prevent overflows by using Int64 for all vars in DWA initialize
* [#901](AcademySoftwareFoundation/openexr#901) Use size_t for DWA buffersize calculation
* [#897](AcademySoftwareFoundation/openexr#897) prevent overflow in RgbaFile cachePadding
* [#896](AcademySoftwareFoundation/openexr#896) add buffer size validation to FastHuf decode
* [#893](AcademySoftwareFoundation/openexr#893) Include <limits> where required by newer compilers
* [#889](AcademySoftwareFoundation/openexr#889) Add explicit #include <limits> for numeric_limits
* [#854](AcademySoftwareFoundation/openexr#854) Fix Apple Universal 2 (arm64/x86_64) builds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cary-ilm cary-ilm cary-ilm approved these changes

Assignees
No one assigned
Labels
oss-fuzz v2.5.5
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@peterhillman @cary-ilm