Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add limits on sampling factors #106

Merged
merged 2 commits into from
Jun 3, 2022
Merged

Add limits on sampling factors #106

merged 2 commits into from
Jun 3, 2022

Conversation

sohomdatta1
Copy link
Contributor

Invalid sampling factors can lead to a divide by zero error
which could eventually lead to a infinite loop.

Also fixed failing tests + add a new test for invalid sampling
factors.

fixes #105

@sohomdatta1
Add limits on sampling factors
9b6325b 
Invalid sampling factors can lead to a divide by zero error
which could eventually lead to a infinite loop.

Also fixed failing tests + add a new test for invalid sampling
factors.

fixes #105
@sohomdatta1 sohomdatta1 mentioned this pull request Jun 2, 2022
Closed
patrickhulce
patrickhulce reviewed Jun 2, 2022
View reviewed changes
Copy link
Collaborator

@patrickhulce patrickhulce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks very much for the fix!

test/index.js Show resolved Hide resolved
lib/decoder.js Show resolved Hide resolved
lib/decoder.js Show resolved Hide resolved
test/index.js Show resolved Hide resolved
@patrickhulce
Copy link
Collaborator

Also fixed failing tests

There shouldn't be failing tests. Can you elaborate? https://github.com/jpeg-js/jpeg-js/runs/3080117536?check_suite_focus=true

@sohomdatta1
Copy link
Contributor Author

sohomdatta1 commented Jun 2, 2022
edited
Loading

Also fixed failing tests

There shouldn't be failing tests. Can you elaborate? https://github.com/jpeg-js/jpeg-js/runs/3080117536?check_suite_focus=true

The max resolution and max memory tests kept hitting the sampling factor error (which I added in the current patch) before the respective errors that were being tested causing both of those tests to fail.

The changes wrt to the old tests just replace the old binary blobs with ones that do not hit the sampling factor error but rather only the specific errors being tested.

Wrt to the fix itself, I was basing it on how the libjpeg-turbo and libjpeg libraries handled this particular scenario:
https://github.com/libjpeg-turbo/libjpeg-turbo/blob/1f55ae7b0fa3acc348a630171617d0e56d922b68/jdinput.c#L64-L78

Based on their documentation, the sampling rate must be between 1 and 4 according to the JPEG standard (thus side-stepping the divide by zero issue).
https://github.com/libjpeg-turbo/libjpeg-turbo/blob/9abeff46d87bd201a952e276f3e4339556a403a3/libjpeg.txt#L1138-L1146

@patrickhulce
Copy link
Collaborator

Awesome thank you for the very clear explanations @sohomdatta1! 🙏

Would you mind adding the link to https://github.com/libjpeg-turbo/libjpeg-turbo/blob/9abeff46d87bd201a952e276f3e4339556a403a3/libjpeg.txt#L1138-L1146 along with our = 1 changes and we'll merge this 🎉

@sohomdatta1
Copy link
Contributor Author

Awesome thank you for the very clear explanations @sohomdatta1! pray

Would you mind adding the link to https://github.com/libjpeg-turbo/libjpeg-turbo/blob/9abeff46d87bd201a952e276f3e4339556a403a3/libjpeg.txt#L1138-L1146 along with our = 1 changes and we'll merge this tada

Made the change :)

patrickhulce
patrickhulce approved these changes Jun 3, 2022
View reviewed changes
Copy link
Collaborator

@patrickhulce patrickhulce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you so much :)

@patrickhulce patrickhulce merged commit 9ccd35f into jpeg-js:master Jun 3, 2022
@vince-fugnitto vince-fugnitto mentioned this pull request Jun 16, 2022
Closed
@TheKingTermux TheKingTermux mentioned this pull request Aug 15, 2022
Closed
4 tasks
zed-0xff pushed a commit to zed-0xff/jpeg-js that referenced this pull request Feb 24, 2023
@sohomdatta1
fix: validate sampling factors (jpeg-js#106)
f8af90b
@ASISBusiness ASISBusiness mentioned this pull request Aug 16, 2024
Open
@Laurry-gee Laurry-gee mentioned this pull request Oct 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patrickhulce patrickhulce patrickhulce approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

jpeg-js DoS (infinite loop)
2 participants
@sohomdatta1 @patrickhulce