Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More overflow related bug fixes #1402

Merged
merged 51 commits into from
Jan 18, 2022
Merged

More overflow related bug fixes #1402

merged 51 commits into from
Jan 18, 2022

Conversation

Eharve14
Copy link
Contributor

Ran through the open security issues identified by LGTM code analysis and added fixes for the relevant issues.

Eharve14 and others added 30 commits January 13, 2022 00:53
@Eharve14
Added multiplication check to calloc calls in opj_compress, opj_decom…
33c2d33 
…press, opj_dump. See comment on commit 79c7d7a.
@Eharve14
Added multiplication check for calloc calls, see comment on commit 79…
d564919 
…c7d7a
@Eharve14
Delete settings.json
c261172 
Removed automatically generated settings.json
@Eharve14
Fixed typo
fc2d47a
@Eharve14
Merge branch 'master' of https://github.com/Eharve14/openjpeg
85b471f
@Eharve14
Revised to address int overflow in for loop only
e74ee84
@Eharve14
Revert "Revised to address int overflow in for loop only"
d8fe126 
This reverts commit e74ee84.
@Eharve14
Revised to catch negitive values of num_images
968cf54
@Eharve14
Revised to casts, deleted all other changes
efa9c7e
@Eharve14
style updates
98f4ace
@Eharve14
Style part two
a0b7102
@Eharve14
I am bad and I feel bad, I should have just used the scrypt
3058194
@Eharve14
Why, why is this happening
7c42257
@rouault
Update src/bin/jp2/opj_dump.c
323a089
@rouault
Update src/bin/jp2/opj_dump.c
e27cfb3
@Eharve14
Added overflow check to get_num_images, defined num_images as unsigne…
ab6c7c7 
…d for conformity, relocated check for num images for exicution before allocation and image loading
@Eharve14
Fixed style
dbe64d6
@Eharve14
Revert "Fixed style"
957a6cd 
This reverts commit dbe64d6.
@Eharve14
Revert "Added overflow check to get_num_images, defined num_images as…
cbc8b26 
… unsigned for conformity, relocated check for num images for exicution before allocation and image loading"

This reverts commit ab6c7c7.
@Eharve14
Merge pull request #1 from uclouvain/master
3882583 
Added overflow protection in get_num_images function, redefined num_images to unsigned int in compress and decompress to match dump
@Eharve14
Fixed issues with get_num_images, moved the zero file check to preven…
912a144 
…t exicution of allocation and strcpy if there are no images.
@Eharve14
Same as last
96c6587
@Eharve14
Merge branch 'master' of https://github.com/Eharve14/openjpeg
21ac2bb
@Eharve14
Fixed style
081bc3e
@Eharve14
Added import of limits.h, revised overflow check, Redefined Return va…
e011787 
…lue for get_num_images
@Eharve14
Added return statement to break iteration
7766d9c
@Eharve14
Style fix
67536c7
@Eharve14
Re-Revised to use break statement instead of return.
43bf2be
@Eharve14
Merge branch 'uclouvain:master' into master
d2bffdf
@Eharve14
TEst
3a71edf
@Eharve14
Set number of jobs to rh.
26a5626
@Eharve14
Style fix, deleted whitespace.
998366b
@Eharve14
Corrected type for num_images in main, was singed integer
76d50ce
@Eharve14
Delete dwt.c
8f5f221 
Not needed
@Eharve14
Revert "Style fix, deleted whitespace."
a46ab03 
This reverts commit 998366b.
@Eharve14
Revert "Set number of jobs to rh."
79e4133 
This reverts commit 26a5626.
@Eharve14
Revert "TEst"
56f9a7e 
This reverts commit 3a71edf.
@Eharve14
Merge branch 'master' of https://github.com/Eharve14/openjpeg
7e3b389
@Eharve14
Reviesed to keep int type for other variables
54a80d7
@Eharve14
same as last
fc88a30
@Eharve14
Resloved issue where imagino used to iterate through files retrived w…
85b248b 
…as signed, causing possible overflow
@Eharve14
fixed iterator issue in for loop to set up dirptr
1dbc41a
@Eharve14
Stylefix
8bb3ea7
@Eharve14
Fixed signed issues in print statements, correced addtional signed is…
2947bf2 
…sues in opj_compress.c related to signed integer use
@Eharve14
Style fix
c0ba980
@Eharve14
Merge branch 'uclouvain:master' into master
c4bbb4e
@Eharve14
Merge branch 'uclouvain:master' into master
cc635ec
@Eharve14
Revised iterator type in jp2.c, added cast to to memory allocation to…
8f5d7dd 
… prevent possible overflow before call in j2k.c.
@Eharve14
Added type casts to prevent unitended overflow.
122093b
@Eharve14
added casts to prevent unitended overflows
31445c5
@Eharve14
Merge pull request #3 from Eharve14/Security-Fixes-related-to-integer…
1d3cade 
…-products

Security fixes related to integer products
Eharve14
Eharve14 commented Jan 18, 2022
View reviewed changes
Copy link
Contributor Author

@Eharve14 Eharve14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change from I to J was because the type of I is UINT_16, type of max is UINT_32. j is defined as UINT_32

@rouault
Copy link
Collaborator

rouault commented Jan 18, 2022

The change from I to J was because the type of I is UINT_16, type of max is UINT_32. j is defined as UINT_32

ok, I don't think there was any issue in practice because the maximum number of components in a JPEG2000 file is 16384 and this is normally checked before

@Eharve14
Copy link
Contributor Author

If that check is always done, I agree that the change is not necessary. I made the edit because that check is not in the function with the iterator in the loop in question, and I did not do the leg work to ensure the check is present before every call to this function.

Also this is the only loop in that section of code with the type mismatch between the iterator and comparator.

@rouault rouault merged commit 241e9e8 into uclouvain:master Jan 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Eharve14 @rouault