Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Heap-buffer-overflow in lib/openjp2/pi.c:312 #1302

Closed
zodf0055980 opened this issue Dec 2, 2020 · 2 comments
Closed

Heap-buffer-overflow in lib/openjp2/pi.c:312 #1302

zodf0055980 opened this issue Dec 2, 2020 · 2 comments

Comments

@zodf0055980
Copy link
Contributor

zodf0055980 commented Dec 2, 2020

I found an Heap-buffer-overflow read in the current master 18b1138
I build openjpeg with ASAN, this is ASAN report.
POC picture : sample1

➜  ~/openjpeg/build/bin/opj_compress -i ./sample1.png -o ./a.j2c -p RPCL -POC T1=2,2,2,2,2,RLCP  -TP L 

[ERROR] Missing packets possible loss of data
[INFO] tile number 1 / 1
=================================================================
==28432==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000000888 at pc 0x7ffa75199848 bp 0x7ffef8bc6580 sp 0x7ffef8bc6570
READ of size 4 at 0x608000000888 thread T0
    #0 0x7ffa75199847 in opj_pi_next_rlcp /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:312
    #1 0x7ffa75199847 in opj_pi_next /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:2106
    #2 0x7ffa7521c70b in opj_t2_encode_packets /home/yuan/afl-target/openjpeg/src/lib/openjp2/t2.c:328
    #3 0x7ffa75240786 in opj_tcd_t2_encode /home/yuan/afl-target/openjpeg/src/lib/openjp2/tcd.c:2562
    #4 0x7ffa75240786 in opj_tcd_encode_tile /home/yuan/afl-target/openjpeg/src/lib/openjp2/tcd.c:1465
    #5 0x7ffa7510fafc in opj_j2k_write_sod /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:4813
    #6 0x7ffa7511c195 in opj_j2k_write_sod /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12710
    #7 0x7ffa7511c195 in opj_j2k_write_all_tile_parts /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12715
    #8 0x7ffa7511c195 in opj_j2k_post_write_tile /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12411
    #9 0x7ffa75152989 in opj_j2k_encode /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12152
    #10 0x55dac4ffcd52 in main /home/yuan/afl-target/openjpeg/src/bin/jp2/opj_compress.c:2206
    #11 0x7ffa74267bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #12 0x55dac5002309 in _start (/home/yuan/afl-target/openjpeg/build/bin/opj_compress+0x1b309)

0x608000000888 is located 8 bytes to the right of 96-byte region [0x608000000820,0x608000000880)
allocated by thread T0 here:
    #0 0x7ffa75551d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7ffa75186cef in opj_pi_create /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:1024

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:312 in opj_pi_next_rlcp
Shadow bytes around the buggy address:
  0x0c107fff80c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80e0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80f0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff8100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c107fff8110: fa[fa]fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8120: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8130: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8140: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28432==ABORTING

It is heap-buffer-over read error .

@zodf0055980
Copy link
Contributor Author

It is also overflow in -POC RPCL and -POC LRCP

➜  ~ /home/yuan/afl-target/openjpeg/build/bin/opj_compress -i ./sample1.png -o ./a.j2c -p RPCL -POC T1=2,2,2,2,2,RPCL  -TP L 

[ERROR] Missing packets possible loss of data
[INFO] tile number 1 / 1
=================================================================
==17472==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000000888 at pc 0x7f9957ef58d9 bp 0x7fffec2b9950 sp 0x7fffec2b9940
READ of size 4 at 0x608000000888 thread T0
    #0 0x7f9957ef58d8 in opj_pi_next_rpcl /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:392
    #1 0x7f9957ef58d8 in opj_pi_next /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:2108
    #2 0x7f9957f7870b in opj_t2_encode_packets /home/yuan/afl-target/openjpeg/src/lib/openjp2/t2.c:328
    #3 0x7f9957f9c786 in opj_tcd_t2_encode /home/yuan/afl-target/openjpeg/src/lib/openjp2/tcd.c:2562
    #4 0x7f9957f9c786 in opj_tcd_encode_tile /home/yuan/afl-target/openjpeg/src/lib/openjp2/tcd.c:1465
    #5 0x7f9957e6bafc in opj_j2k_write_sod /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:4813
    #6 0x7f9957e78195 in opj_j2k_write_sod /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12710
    #7 0x7f9957e78195 in opj_j2k_write_all_tile_parts /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12715
    #8 0x7f9957e78195 in opj_j2k_post_write_tile /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12411
    #9 0x7f9957eae989 in opj_j2k_encode /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12152
    #10 0x563700431d52 in main /home/yuan/afl-target/openjpeg/src/bin/jp2/opj_compress.c:2206
    #11 0x7f9956fc3bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #12 0x563700437309 in _start (/home/yuan/afl-target/openjpeg/build/bin/opj_compress+0x1b309)

0x608000000888 is located 8 bytes to the right of 96-byte region [0x608000000820,0x608000000880)
allocated by thread T0 here:
    #0 0x7f99582add28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7f9957ee2cef in opj_pi_create /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:1024

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:392 in opj_pi_next_rpcl
Shadow bytes around the buggy address:
  0x0c107fff80c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80e0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80f0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff8100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c107fff8110: fa[fa]fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8120: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8130: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8140: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==17472==ABORTING

➜  ~ /home/yuan/afl-target/openjpeg/build/bin/opj_compress -i ./sample1.png -o ./a.j2c -p RPCL -POC T1=2,2,2,2,2,LRCP -TP L  

[ERROR] Missing packets possible loss of data
[INFO] tile number 1 / 1
=================================================================
==16507==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000000888 at pc 0x7f45a587639e bp 0x7ffd58bf3c90 sp 0x7ffd58bf3c80
READ of size 4 at 0x608000000888 thread T0
    #0 0x7f45a587639d in opj_pi_next_lrcp /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:260
    #1 0x7f45a587639d in opj_pi_next /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:2104
    #2 0x7f45a58f970b in opj_t2_encode_packets /home/yuan/afl-target/openjpeg/src/lib/openjp2/t2.c:328
    #3 0x7f45a591d786 in opj_tcd_t2_encode /home/yuan/afl-target/openjpeg/src/lib/openjp2/tcd.c:2562
    #4 0x7f45a591d786 in opj_tcd_encode_tile /home/yuan/afl-target/openjpeg/src/lib/openjp2/tcd.c:1465
    #5 0x7f45a57ecafc in opj_j2k_write_sod /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:4813
    #6 0x7f45a57f9195 in opj_j2k_write_sod /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12710
    #7 0x7f45a57f9195 in opj_j2k_write_all_tile_parts /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12715
    #8 0x7f45a57f9195 in opj_j2k_post_write_tile /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12411
    #9 0x7f45a582f989 in opj_j2k_encode /home/yuan/afl-target/openjpeg/src/lib/openjp2/j2k.c:12152
    #10 0x555773fccd52 in main /home/yuan/afl-target/openjpeg/src/bin/jp2/opj_compress.c:2206
    #11 0x7f45a4944bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #12 0x555773fd2309 in _start (/home/yuan/afl-target/openjpeg/build/bin/opj_compress+0x1b309)

0x608000000888 is located 8 bytes to the right of 96-byte region [0x608000000820,0x608000000880)
allocated by thread T0 here:
    #0 0x7f45a5c2ed28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7f45a5863cef in opj_pi_create /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:1024

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/yuan/afl-target/openjpeg/src/lib/openjp2/pi.c:260 in opj_pi_next_lrcp
Shadow bytes around the buggy address:
  0x0c107fff80c0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80e0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff80f0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c107fff8100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c107fff8110: fa[fa]fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8120: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8130: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8140: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==16507==ABORTING

@zodf0055980 zodf0055980 reopened this Dec 2, 2020
@rouault rouault closed this as completed in 8f5aff1 Dec 5, 2020
rouault added a commit that referenced this issue Dec 5, 2020
pi.c: avoid out of bounds access with POC (fixes #1302)
@zodf0055980
Copy link
Contributor Author

CVE-2020-27845 was assigned for this issue.

DanielHeath pushed a commit to radiopaedia/openjpeg that referenced this issue Sep 21, 2021
mtremer pushed a commit to ipfire/ipfire-2.x that referenced this issue Apr 29, 2022
- Update from version 2.3.1 to 2.4.0
- Update of rootfile
- Changelog
    2.4.0
	**Closed issues:**
		- OPENJPEG\_INSTALL\_DOC\_DIR does not control a destination directory where HTML docs would be installed. [\#1309](uclouvain/openjpeg#1309)
		- Heap-buffer-overflow in lib/openjp2/pi.c:312 [\#1302](uclouvain/openjpeg#1302)
		- Heap-buffer-overflow in lib/openjp2/t2.c:973 [\#1299](uclouvain/openjpeg#1299)
		- Heap-buffer-overflow in lib/openjp2/pi.c:623 [\#1293](uclouvain/openjpeg#1293)
		- Global-buffer-overflow in lib/openjp2/dwt.c:1980 [\#1286](uclouvain/openjpeg#1286)
		- Heap-buffer-overflow in lib/openjp2/tcd.c:2417 [\#1284](uclouvain/openjpeg#1284)
		- Heap-buffer-overflow in lib/openjp2/mqc.c:499 [\#1283](uclouvain/openjpeg#1283)
		- Openjpeg could not encode 32bit RGB float image [\#1281](uclouvain/openjpeg#1281)
		- Openjpeg could not encode 32bit RGB float image [\#1280](uclouvain/openjpeg#1280)
		- ISO/IEC 15444-1:2019 \(E\) compared with 'cio.h' [\#1277](uclouvain/openjpeg#1277)
		- Test-suite failure due to hash mismatch [\#1264](uclouvain/openjpeg#1264)
		- Heap use-after-free [\#1261](uclouvain/openjpeg#1261)
		- Memory leak when failing to allocate object... [\#1259](uclouvain/openjpeg#1259)
		- Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... [\#1257](uclouvain/openjpeg#1257)
		- Any plan to build release for CVE-2020-8112/CVE-2020-6851 [\#1247](uclouvain/openjpeg#1247)
		- failing to convert 16-bit file: opj\_t2\_encode\_packet\(\): only 5251 bytes remaining in output buffer. 5621 needed. [\#1243](uclouvain/openjpeg#1243)
		- CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install [\#1239](uclouvain/openjpeg#1239)
		- New release to solve CVE-2019-6988 ? [\#1238](uclouvain/openjpeg#1238)
		- Many tests fail to pass after the update of libtiff to version 4.1.0 [\#1233](uclouvain/openjpeg#1233)
		- Another heap buffer overflow in libopenjp2 [\#1231](uclouvain/openjpeg#1231)
		- Heap buffer overflow in libopenjp2 [\#1228](uclouvain/openjpeg#1228)
		- Endianness of binary volume \(JP3D\) [\#1224](uclouvain/openjpeg#1224)
		- New release to resolve CVE-2019-12973 [\#1222](uclouvain/openjpeg#1222)
		- how to set the block size,like 128,256 ? [\#1216](uclouvain/openjpeg#1216)
		- compress YUV files to motion jpeg2000 standard [\#1213](uclouvain/openjpeg#1213)
		- Repair/update Java wrapper, and include in release [\#1208](uclouvain/openjpeg#1208)
		- abc [\#1206](uclouvain/openjpeg#1206)
		- Slow decoding [\#1202](uclouvain/openjpeg#1202)
		- Installation question [\#1201](uclouvain/openjpeg#1201)
		- Typo in test\_decode\_area - \*ptilew is assigned instead of \*ptileh [\#1195](uclouvain/openjpeg#1195)
		- Creating a J2K file with one POC is broken [\#1191](uclouvain/openjpeg#1191)
		- Make fails on Arch Linux [\#1174](uclouvain/openjpeg#1174)
		- Heap buffer overflow in opj\_t1\_clbl\_decode\_processor\(\) triggered with Ghostscript [\#1158](uclouvain/openjpeg#1158)
		- opj\_stream\_get\_number\_byte\_left: Assertion `p\_stream-\>m\_byte\_offset \>= 0' failed. [\#1151](uclouvain/openjpeg#1151)
		- The fuzzer ignores too many inputs [\#1079](uclouvain/openjpeg#1079)
		- out of bounds read [\#1068](uclouvain/openjpeg#1068)
	**Merged pull requests:**
		- Change defined WIN32 [\#1310](uclouvain/openjpeg#1310) ([Jamaika1](https://github.com/Jamaika1))
		- docs: fix simple typo, producted -\> produced [\#1308](uclouvain/openjpeg#1308) ([timgates42](https://github.com/timgates42))
		- Set ${OPENJPEG\_INSTALL\_DOC\_DIR} to DESTINATION of HTMLs [\#1307](uclouvain/openjpeg#1307) ([lemniscati](https://github.com/lemniscati))
		- Use INC\_DIR for OPENJPEG\_INCLUDE\_DIRS \(fixes uclouvain\#1174\) [\#1306](uclouvain/openjpeg#1306) ([matthew-sharp](https://github.com/matthew-sharp))
		- pi.c: avoid out of bounds access with POC \(fixes \#1302\) [\#1304](uclouvain/openjpeg#1304) ([rouault](https://github.com/rouault))
		- Encoder: grow again buffer size [\#1303](uclouvain/openjpeg#1303) ([zodf0055980](https://github.com/zodf0055980))
		- opj\_j2k\_write\_sod\(\): avoid potential heap buffer overflow \(fixes \#1299\) \(probably master only\) [\#1301](uclouvain/openjpeg#1301) ([rouault](https://github.com/rouault))
		- pi.c: avoid out of bounds access with POC \(refs https://github.com/uclouvain/openjpeg/issues/1293\#issuecomment-737122836\) [\#1300](uclouvain/openjpeg#1300) ([rouault](https://github.com/rouault))
		- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1297, but likely not the proper fix [\#1298](uclouvain/openjpeg#1298) ([rouault](https://github.com/rouault))
		- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1294, but likely not the proper fix [\#1296](uclouvain/openjpeg#1296) ([rouault](https://github.com/rouault))
		- opj\_j2k\_setup\_encoder\(\): validate POC compno0 and compno1 \(fixes \#1293\) [\#1295](uclouvain/openjpeg#1295) ([rouault](https://github.com/rouault))
		- Encoder: avoid global buffer overflow on irreversible conversion when… [\#1292](uclouvain/openjpeg#1292) ([rouault](https://github.com/rouault))
		- Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC [\#1291](uclouvain/openjpeg#1291) ([rouault](https://github.com/rouault))
		- Free p\_tcd\_marker\_info to avoid memory leak [\#1288](uclouvain/openjpeg#1288) ([zodf0055980](https://github.com/zodf0055980))
		- Encoder: grow again buffer size [\#1287](uclouvain/openjpeg#1287) ([zodf0055980](https://github.com/zodf0055980))
		- Encoder: avoid uint32 overflow when allocating memory for codestream buffer \(fixes \#1243\) [\#1276](uclouvain/openjpeg#1276) ([rouault](https://github.com/rouault))
		- Java compatibility from 1.5 to 1.6 [\#1263](uclouvain/openjpeg#1263) ([jiapei100](https://github.com/jiapei100))
		- opj\_decompress: fix double-free on input directory with mix of valid and invalid images [\#1262](uclouvain/openjpeg#1262) ([rouault](https://github.com/rouault))
		- openjp2: Plug image leak when failing to allocate codestream index. [\#1260](uclouvain/openjpeg#1260) ([sebras](https://github.com/sebras))
		- openjp2: Plug memory leak when setting data as TLS fails. [\#1258](uclouvain/openjpeg#1258) ([sebras](https://github.com/sebras))
		- openjp2: Error out if failing to create Tier 1 handle. [\#1256](uclouvain/openjpeg#1256) ([sebras](https://github.com/sebras))
		- Testing for invalid values of width, height, numcomps [\#1254](uclouvain/openjpeg#1254) ([szukw000](https://github.com/szukw000))
		- Single-threaded performance improvements in forward DWT for 5-3 and 9-7 \(and other improvements\) [\#1253](uclouvain/openjpeg#1253) ([rouault](https://github.com/rouault))
		- Add support for multithreading in encoder [\#1248](uclouvain/openjpeg#1248) ([rouault](https://github.com/rouault))
		- Add support for generation of PLT markers in encoder [\#1246](uclouvain/openjpeg#1246) ([rouault](https://github.com/rouault))
		- Fix warnings about signed/unsigned casts in pi.c [\#1244](uclouvain/openjpeg#1244) ([rouault](https://github.com/rouault))
		- opj\_decompress: add sanity checks to avoid segfault in case of decoding error [\#1240](uclouvain/openjpeg#1240) ([rouault](https://github.com/rouault))
		- ignore wrong icc [\#1236](uclouvain/openjpeg#1236) ([szukw000](https://github.com/szukw000))
		- Implement writing of IMF profiles [\#1235](uclouvain/openjpeg#1235) ([rouault](https://github.com/rouault))
		- tests: add alternate checksums for libtiff 4.1 [\#1234](uclouvain/openjpeg#1234) ([rouault](https://github.com/rouault))
		- opj\_tcd\_init\_tile\(\): avoid integer overflow [\#1232](uclouvain/openjpeg#1232) ([rouault](https://github.com/rouault))
		- tests/fuzzers: link fuzz binaries using $LIB\_FUZZING\_ENGINE. [\#1230](uclouvain/openjpeg#1230) ([Dor1s](https://github.com/Dor1s))
		- opj\_j2k\_update\_image\_dimensions\(\): reject images whose coordinates are beyond INT\_MAX \(fixes \#1228\) [\#1229](uclouvain/openjpeg#1229) ([rouault](https://github.com/rouault))
		- Fix resource leaks [\#1226](uclouvain/openjpeg#1226) ([dodys](https://github.com/dodys))
		- abi-check.sh: fix false postive ABI error, and display output error log [\#1218](uclouvain/openjpeg#1218) ([rouault](https://github.com/rouault))
		- pi.c: avoid integer overflow, resulting in later invalid access to memory in opj\_t2\_decode\_packets\(\) [\#1217](uclouvain/openjpeg#1217) ([rouault](https://github.com/rouault))
		- Add check to validate SGcod/SPcoc/SPcod parameter values. [\#1211](uclouvain/openjpeg#1211) ([sebras](https://github.com/sebras))
		- Fix buffer overflow reading an image file less than four characters [\#1196](uclouvain/openjpeg#1196) ([robert-ancell](https://github.com/robert-ancell))
		- compression: emit POC marker when only one single POC is requested \(f… [\#1192](uclouvain/openjpeg#1192) ([rouault](https://github.com/rouault))
		- Fix several potential vulnerabilities  [\#1185](uclouvain/openjpeg#1185) ([Young-X](https://github.com/Young-X))
		- openjp2/j2k: Report error if all wanted components are not decoded. [\#1164](uclouvain/openjpeg#1164) ([sebras](https://github.com/sebras))

Signed-off-by: Adolf Belka <[email protected]>
Reviewed-by: Peter Müller <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant