opj_{compress,decompress,dump}: fix possible buffer overflows in path manipulation functions

[kaniini]

If img_fol->imgdirpath is itself of OPJ_PATH_LEN length, other buffers on the stack will be overwritten by the image filename.

Any output of a function where paths are concatenated should likely be OBJ_PATH_LEN * 2, but I did not change this as it would cause an ABI break.

[kaniini]

Also include a fix for CVE-2021-29338.

[rouault]

Would you mind rebasing on top of latest master, now that master has solved the continuous integration issues ?

[kaniini]

Hi,

On Thu, 6 May 2021, Even Rouault wrote: Would you mind rebasing on top of latest master, now that master has solved the continuous integration issues ?

Done. Ariadne

[rouault]

Ah, our CI still uses MSVC 2010 in one of the setups, and it lacks snprintf()...
Could you add something along the following (untested!) in the files that use snprintf() ?

#if defined(_MSC_VER) && _MSC_VER < 1900
#define snprintf(buf, len, format,...) _snprintf_s((buf), (len), (len), (format), __VA_ARGS__)
#endif

[rouault]

There's also code formatting issues. See https://travis-ci.org/github/uclouvain/openjpeg/jobs/769723267 for directions to fix

[kaniini]

Hi,

On Thu, 6 May 2021, Even Rouault wrote: There's also code formatting issues. See https://travis-ci.org/github/uclouvain/openjpeg/jobs/769723267 for directions to fix

I'll take care of this over the weekend, unless you need it ASAP? Ariadne

[rouault]

I'll take care of this over the weekend, unless you need it ASAP?

that's fine. no emergency

[rouault]

This pull request is probably no longer needed since f0629cb . Closing it. If there are remaining elements, please issue a new pull request against latest master.

[rouault]

The changes to (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(char)); would still need to be done and haven't been addressed by f0629cb

[baparham]

@rouault @kaniini are there plans to follow up on making a new PR for the fix to CVE-2021-29338 to resolve #1338 ?