Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix Heap-buffer-overflow READ in opj_jp2_apply_pclr #23067

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 5, 2023
Merged

Fix Heap-buffer-overflow READ in opj_jp2_apply_pclr #23067

merged 1 commit into from
Feb 5, 2023

Conversation

sashashura
Copy link
Contributor

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47342

The read overflow triggered by reading src[j] in

            for (j = 0; j < max; ++j) {
                dst[j] = src[j];
            }

The max is calculated as new_comps[pcol].w * new_comps[pcol].h, however the src = old_comps[cmp].data; which may have different w and h dimensions.

The patch was contributed to the third party library openjpeg uclouvain/openjpeg#1441
Normally I would suggest to update to openjpeg 2.5.1 when released, but there was no release in 4 months and from security point of view I suggest to make the hot fix for now and bump the version when available. The tracking issue was created - #23066

Pull Request Readiness Checklist

See details at https://github.com/opencv/opencv/wiki/How_to_contribute#making-a-good-pull-request

  • I agree to contribute to the project under Apache 2 License.
  • To the best of my knowledge, the proposed patch is not based on a code under GPL or another license that is incompatible with OpenCV
  • The PR is proposed to the proper branch (the one that is fuzzed)
  • There is a reference to the original bug report and related work
  • There is accuracy test, performance test and test data in opencv_extra repository, if applicable
    Patch to opencv_extra has the same branch name.
  • The feature is well documented and sample code can be built with the project CMake

@sashashura
Fix Heap-buffer-overflow READ in opj_jp2_apply_pclr
a2fc479 
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47342

The read overflow triggered by reading `src[j]` in
```cpp
            for (j = 0; j < max; ++j) {
                dst[j] = src[j];
            }
```
The max is calculated as `new_comps[pcol].w * new_comps[pcol].h`, however the `src = old_comps[cmp].data;` which may have different `w` and `h` dimensions.
@sashashura
Copy link
Contributor Author

Logs are not available so I cannot see why some checks have failed. But I doubt that it is related.

@sashashura
Copy link
Contributor Author

Re-run triggered 15 hours ago. Some jobs succeeded. Some didn't even start, waiting for runner. Hanging?

@sashashura
Copy link
Contributor Author

Is it good to be merged?

@asmorkalov asmorkalov requested a review from alalek January 20, 2023 12:11
alalek
alalek approved these changes Feb 5, 2023
View reviewed changes
Copy link
Member

@alalek alalek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

(patch in 3rdparty's upstream has been merged)

@opencv-pushbot opencv-pushbot merged commit 6dfa647 into opencv:4.x Feb 5, 2023
@asmorkalov asmorkalov mentioned this pull request May 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alalek alalek alalek approved these changes

Assignees

@alalek alalek

Labels

bug category: imgcodecs category: 3rdparty

Projects

None yet

Milestone

4.8.0

Development

Successfully merging this pull request may close these issues.

4 participants

@sashashura @alalek @opencv-pushbot @asmorkalov