Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

context: add sanity-check to tile dimensions/resolution #1228

Merged
merged 1 commit into from
Jul 8, 2024
Merged

context: add sanity-check to tile dimensions/resolution #1228

merged 1 commit into from
Jul 8, 2024

Conversation

lovell
Copy link
Contributor

@lovell lovell commented Jul 7, 2024

The libvips' fuzz tests found a possible integer overflow here:

libheif/libheif/context.cc

Line 1938 in 7c9729e

y0 += tile_height; 

/src/libheif/libheif/context.cc:1938:8: runtime error: signed integer overflow: 1344282656 + 1344282656 cannot be represented in type 'int'
0 0x5b6b1f26031b in HeifContext::decode_full_grid_image(unsigned int, std::__1::shared_ptr<HeifPixelImage>&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char>> const&, heif_decoding_options const&) const libheif/libheif/context.cc:1938
1 0x5b6b1f258489 in HeifContext::decode_image_planar(unsigned int, std::__1::shared_ptr<HeifPixelImage>&, heif_colorspace, heif_decoding_options const&, bool) const libheif/libheif/context.cc:1512
2 0x5b6b1f256d36 in HeifContext::decode_image_user(unsigned int, std::__1::shared_ptr<HeifPixelImage>&, heif_colorspace, heif_chroma, heif_decoding_options const&) const libheif/libheif/context.cc:1324
3 0x5b6b1f15d2c2 in heif_decode_image [libheif/libheif/api/libheif/heif.cc:1083]

Adding a sanity check on the dimensions of each tile as it is processed seems to do the job of preventing this logic being reached, although there may be additional/alternative solutions too.

@lovell
Sanity-check tile dimensions/resolution
6bed0f0 
Prevents integer overflow
@farindk farindk merged commit 3c4e060 into strukturag:master Jul 8, 2024
35 checks passed
farindk added a commit that referenced this pull request Jul 8, 2024
@farindk
more checks on valid grid image tile sizes (#1228)
d60b2c6
@farindk
Copy link
Contributor

farindk commented Jul 8, 2024

Thank you. I've added a few more tests.

@farindk
Copy link
Contributor

farindk commented Jul 8, 2024

This should also fix issue 70126 in oss-fuzz

@lovell lovell deleted the context-tile-check-resolution branch July 8, 2024 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lovell @farindk