Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix multiple potential vulnerabilities and bugs #1168

Merged
merged 8 commits into from
Dec 7, 2018
Merged

Fix multiple potential vulnerabilities and bugs #1168

merged 8 commits into from
Dec 7, 2018

Conversation

YangY-Xiao
Copy link

Fix multiple potential vulnerabilities and bugs

@Yoha-test
[MJ2] To avoid divisions by zero / undefined behaviour on shift
c5bd64e 
Signed-off-by: Young_X <YangX92@hotmail.com>
@Yoha-test
[JPWL] fix CVE-2018-16375
619e1b0 
Signed-off-by: Young_X <YangX92@hotmail.com>
@Yoha-test
[JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (u…
46822d0 
…clouvain#987)

Signed-off-by: Young_X <YangX92@hotmail.com>
@YangY-Xiao YangY-Xiao mentioned this pull request Nov 23, 2018
Closed
rouault
rouault requested changes Nov 27, 2018
View reviewed changes
src/bin/jpwl/convert.c
cmap_len = get_ushort(*(unsigned short*)(&tga[5]));
cmap_len = get_tga_ushort(*(unsigned short*)(&tga[5]));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect this doesn't compile... Line 135 should be removed as it is effectively overrideen by line 136. Similar instances below

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have fixed that by make a new pr.

@rouault rouault changed the title Fix multiple potential vulnerabilities and bugs Do not merge: Fix multiple potential vulnerabilities and bugs Nov 27, 2018
@Yoha-test
[MJ2] Avoid index out of bounds access to pi->include[]
c277159 
Signed-off-by: Young_X <YangX92@hotmail.com>
@Yoha-test
[OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in…
c58df14 
… function

opj_get_encoding_parameters

Signed-off-by: Young_X <YangX92@hotmail.com>
@Yoha-test
[JPWL] opj_compress: reorder checks related to code block dimensions…
ce9583d 
… to avoid potential int overflow

Signed-off-by: Young_X <YangX92@hotmail.com>
@Yoha-test
[JP3D] To avoid divisions by zero / undefined behaviour on shift (CV…
bd88611 
…E-2018-14423

Signed-off-by: Young_X <YangX92@hotmail.com>
@Yoha-test
[JPWL] tgatoimage(): avoid excessive memory allocation attempt,
05be308 
and fixes unaligned load

Signed-off-by: Young Xiao <YangX92@hotmail.com>
@YangY-Xiao
Copy link
Author

Ping

rouault
rouault reviewed Dec 7, 2018
View reviewed changes
Copy link
Collaborator

@rouault rouault left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this commit is OK.But when looking a bit the context, the cast to OPJ_INT32 and the type of the p_tx0, etc argument is suspicious. They shoud likely be OPJ_UINT32 and in the opj_pi_update_encode_poc_and_final() and opj_pi_update_encode_not_poc() functions as well

@rouault rouault changed the title Do not merge: Fix multiple potential vulnerabilities and bugs Fix multiple potential vulnerabilities and bugs Dec 7, 2018
@rouault rouault merged commit e7640f5 into uclouvain:master Dec 7, 2018
@ret2libc
Copy link

@Young-X I had to revert that commit in e1740e7 since it didn't compile. I'm disappointed you submit commits that don't even compile...

@rouault it seems commit e1740e7 was supposed to fix CVE-2018-20846, which is about out-of-bound accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl . With that commit reverted, is there a patch for that CVE? Thanks.

@rouault
Copy link
Collaborator

rouault commented Jul 17, 2019

is there a patch for that CVE?

no

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rouault rouault rouault approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@YangY-Xiao @ret2libc @rouault @Yoha-test