Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added check for integer overflow in get_num_images #1397

Merged
merged 28 commits into from
Jan 15, 2022
Merged

Added check for integer overflow in get_num_images #1397

merged 28 commits into from
Jan 15, 2022

Conversation

Eharve14
Copy link
Contributor

As discussed in pull request 1396, added a check for integer overflow.
Change list:
Defined num_images as unsigned int
Moved the if statement to check for an empty directory to the beginning of the read directory section
Added a check to see if num images rolls back to zero when incrementing.

Eharve14 and others added 24 commits January 13, 2022 00:53
@Eharve14
Added multiplication check to calloc calls in opj_compress, opj_decom…
33c2d33 
…press, opj_dump. See comment on commit 79c7d7a.
@Eharve14
Added multiplication check for calloc calls, see comment on commit 79…
d564919 
…c7d7a
@Eharve14
Delete settings.json
c261172 
Removed automatically generated settings.json
@Eharve14
Fixed typo
fc2d47a
@Eharve14
Merge branch 'master' of https://github.com/Eharve14/openjpeg
85b471f
@Eharve14
Revised to address int overflow in for loop only
e74ee84
@Eharve14
Revert "Revised to address int overflow in for loop only"
d8fe126 
This reverts commit e74ee84.
@Eharve14
Revised to catch negitive values of num_images
968cf54
@Eharve14
Revised to casts, deleted all other changes
efa9c7e
@Eharve14
style updates
98f4ace
@Eharve14
Style part two
a0b7102
@Eharve14
I am bad and I feel bad, I should have just used the scrypt
3058194
@Eharve14
Why, why is this happening
7c42257
@rouault
Update src/bin/jp2/opj_dump.c
323a089
@rouault
Update src/bin/jp2/opj_dump.c
e27cfb3
@Eharve14
Added overflow check to get_num_images, defined num_images as unsigne…
ab6c7c7 
…d for conformity, relocated check for num images for exicution before allocation and image loading
@Eharve14
Fixed style
dbe64d6
@Eharve14
Revert "Fixed style"
957a6cd 
This reverts commit dbe64d6.
@Eharve14
Revert "Added overflow check to get_num_images, defined num_images as…
cbc8b26 
… unsigned for conformity, relocated check for num images for exicution before allocation and image loading"

This reverts commit ab6c7c7.
@Eharve14
Merge pull request #1 from uclouvain/master
3882583 
Added overflow protection in get_num_images function, redefined num_images to unsigned int in compress and decompress to match dump
@Eharve14
Fixed issues with get_num_images, moved the zero file check to preven…
912a144 
…t exicution of allocation and strcpy if there are no images.
@Eharve14
Same as last
96c6587
@Eharve14
Merge branch 'master' of https://github.com/Eharve14/openjpeg
21ac2bb
@Eharve14
Fixed style
081bc3e
rouault
rouault reviewed Jan 14, 2022
View reviewed changes
src/bin/jp2/opj_decompress.c Show resolved Hide resolved
src/bin/jp2/opj_dump.c Show resolved Hide resolved
src/bin/jp2/opj_compress.c Outdated Show resolved Hide resolved
@Eharve14
Copy link
Contributor Author

@rouault I made the requested revisions. I was under the impression that unsigned overflow was always defined behavior. Thank you for the feedback.

rouault
rouault reviewed Jan 14, 2022
View reviewed changes
src/bin/jp2/opj_compress.c Show resolved Hide resolved
src/bin/jp2/opj_decompress.c Show resolved Hide resolved
src/bin/jp2/opj_dump.c Show resolved Hide resolved
@Eharve14
Copy link
Contributor Author

Added the return statement after the overflow check. I don't know how I managed to mess up copy paste.

@rouault rouault merged commit 6e4588f into uclouvain:master Jan 15, 2022
@kirotawa
Copy link

kirotawa commented Mar 11, 2022
edited
Loading

hey there,

Are these fixes anyhow related with CVE-2021-29338 ? Should it have another CVE assigned to these fixes/commits in this merge?

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rouault rouault rouault left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Eharve14 @kirotawa @rouault