Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix chunk end iteration and track APNG frames #216

Merged
merged 7 commits into from
Jun 3, 2020
Merged

Fix chunk end iteration and track APNG frames #216

merged 7 commits into from
Jun 3, 2020

Conversation

HeroicKatora
Copy link
Member

Closes: #214
Closes: #215

@HeroicKatora
Fix consuming data at frame end
a4ee6e3 
Iterating decoding events after a frame was finished would incorrectly
consume data in the input buffer when it was not yet handled completely
for ignored events.
@HeroicKatora
Add a fuzz target testing independence of BufRead
8460c58
@HeroicKatora
Fix subframe iteration when reading
c21d717 
The decoder would previously only very roughly be able to differentiate
between the full IDAT frame and frames with frame control. Since each
frame control chunk can set its own width and height data that overrides
the global IHDR width and height (which one should think of as
dimensions of a background canvas) this would then cause interlace and
row iteration to process wrong data. In particular it would mix pixel
values and predictor bytes leading to the observable error having
encountered an incorrect filter that is far outside the range of
specified values.
@HeroicKatora
Add limits to the decode fuzzer
ab2d441 
This dramatically speeds up fuzzer execution, quite naturally.
@HeroicKatora
Valid subframes are smaller than main frame
da7f8bd 
This fixes an DOS through OOM as well, as the decoder would allocate a
buffer with the full line width of the subframe before trying to decode
it and before the user provides their own buffer.
@HeroicKatora
Strengthen similarity in buf_independent fuzzer
d1e89d6
@HeroicKatora
Add test case for non-consumed data on finish
bc5a452 
The test is added into the usual bug fix test directory but included
into the binary for an internal regression test. This makes more sense
as it test 'internal' properties. It was also minimized before.
@HeroicKatora HeroicKatora changed the title Fix chunk end iteration Fix chunk end iteration and track APNG frames Jun 2, 2020
@HeroicKatora
Copy link
Member Author

I've fuzzed after this and no results for ~5 hours of fuzzing while the faults introduced were found after 20 minutes each. Should be fine.

@HeroicKatora HeroicKatora merged commit a800f63 into image-rs:master Jun 3, 2020
@HeroicKatora HeroicKatora deleted the fix-chunk-end-iteration branch June 3, 2020 15:01
@Shnatsel Shnatsel mentioned this pull request Jan 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Panic when reading multiple images Decoder parses, but doesn't consume, some buffer data
1 participant
@HeroicKatora