mirror/kimageformats
1
0
Fork 0
mirror of https://invent.kde.org/frameworks/kimageformats.git synced 2025-05-28 00:30:23 -04:00
Code Issues Packages Projects Releases Wiki Activity
207 Commits 9 Branches 284 Tags 82 MiB
d79c11d280
Commit Graph

207 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Albert Astals Cid
d79c11d280 ras: tweak max file check 
better to do - 32 than + 32 otherwise we may overflow

oss-fuzz/13017
 2019-02-11 22:57:33 +01:00
Albert Astals Cid
aeec934839 xcf: Fix uninitialized memory use on broken documents 
oss-fuzz/12871
 2019-02-08 23:27:03 +01:00
Albert Astals Cid
0c4f2f8e62 add const, helps understand the function better 2019-02-08 23:07:56 +01:00
Albert Astals Cid
4a8da73f0e ras: tweak max size that "fits" in a QVector 
oss-fuzz/12951
 2019-02-07 22:14:22 +01:00
Albert Astals Cid
039d7d8fbe ras: don't assert because we try to allicate a huge vector 
oss-fuzz/12915
 2019-02-06 22:06:58 +01:00
Albert Astals Cid
b072484dbb ras: Protect against divide by zero 
oss-fuzz/12905
 2019-02-05 19:51:24 +01:00
Albert Astals Cid
bad90cea4b xcf: Don't divide by 0 
oss-fuzz/12815
 2019-02-03 14:06:33 +01:00
Albert Astals Cid
a51cbd865f tga: fail gracefully if readRawData errors 
oss-fuzz/12818
 2019-02-03 13:49:11 +01:00
Albert Astals Cid
1a31500e55 ras: fail gracefully on height*width*bpp > length 
oss-fuzz/12822
 2019-02-03 13:38:44 +01:00
l10n daemon script
dd95a5bd0e GIT_SILENT Upgrade ECM and KF5 version requirements for 5.55.0 release. 2019-02-02 17:22:00 +00:00
Albert Astals Cid
8d0b625538 xcf: Fix fix for opacity being out of bounds 
If max opacity is 255 we want the min between opacity and 255 and not the max
 2019-02-01 11:30:28 +01:00
Albert Astals Cid
8e48d67568 Uncomment the qdebug includes 
i've wasted enough time uncommenting and commenting them again
 2019-01-31 01:37:09 +01:00
Albert Astals Cid
8b8330b0fe tga: Fix Use-of-uninitialized-value on broken files 
oss-fuzz/12776
 2019-01-31 01:35:39 +01:00
Albert Astals Cid
e7f3c0be44 max opacity is 255 
Fixes oss-fuzz/12782
 2019-01-31 01:25:38 +01:00
Albert Astals Cid
c3152506e2 xcf: Fix assert in files with two PROP_COLORMAP 
It's most probably a broken file but better if we don't assert ^_^

oss-fuzz/12780
 2019-01-31 01:19:52 +01:00
Albert Astals Cid
de7a9a8457 ras: Fix assert because of ColorMapLength being too big 
oss-fuzz/12785
 2019-01-31 01:03:17 +01:00
Albert Astals Cid
c2d2a9be66 pcx: Fix crash on fuzzed file 
oss-fuzz/12784
 2019-01-31 00:56:25 +01:00
Albert Astals Cid
4ee92527c4 xcf: Implement robustness for when PROP_APPLY_MASK is not on the file 
fixes oss-fuzz/12754
 2019-01-29 22:34:04 +01:00
Albert Astals Cid
1bad780baa xcf: loadHierarchy: Obey the layer.type and not the bpp 
Otherwise we end up doing uninitialized memory reads on broken/fuzzed
files

oss-fuzz/12761
 2019-01-29 20:36:15 +01:00
Albert Astals Cid
18e17d3a7a tga: Don't support more than 8 alpha bits 
Fixes undefined left shift with negative values

oss-fuzz/12764
 2019-01-29 12:39:52 +01:00
Albert Astals Cid
e34f53d6ae ras: Return false if allocating the image failed 
Probably because it's too huge
 2019-01-29 12:32:23 +01:00
Albert Astals Cid
6dcea7fd01 rgb: Fix integer overflow in fuzzed file 
oss-fuzz/12763
 2019-01-29 11:19:58 +01:00
Albert Astals Cid
4751e897ce rgb: Fix Heap-buffer-overflow in fuzzed file 
oss-fuzz/12757
 2019-01-29 10:54:25 +01:00
Albert Astals Cid
ac725cca68 psd: Fix crash on fuzzed file 
oss-fuzz/12752
 2019-01-29 10:53:30 +01:00
Albert Astals Cid
f61d64e0e5 xcf: Initialize x/y_offset 
https://gitlab.gnome.org/GNOME/gimp/raw/master/devel-docs/xcf.txt
  When reading old XCF files that lack this property, assume (0,0).
 2019-01-28 21:51:10 +01:00
Albert Astals Cid
e45b65e814 rgb: Fix crash in fuzzed image 
An image without color channels makes no sense
 2019-01-28 21:48:26 +01:00
Albert Astals Cid
7e86e62e86 pcx: Fix crash on fuzzed image 2019-01-28 21:40:42 +01:00
Albert Astals Cid
03c3c07004 Fix tests on jenkins 
Qt also has a tga image plugin so unless we make sure ours is used first
tests are not testing what they should

On a side note their plugin fails our tests so someone with enough time
should report the failures to them
 2019-01-28 21:27:22 +01:00
Albert Astals Cid
0e21713267 rgb: fix crash in fuzzed file 2019-01-28 21:10:18 +01:00
Albert Astals Cid
188271a5d0 xcf: initialize layer mode 
https://gitlab.gnome.org/GNOME/gimp/raw/master/devel-docs/xcf.txt
  When reading old XCF files that lack this property, assume mode==0.
 2019-01-28 21:05:29 +01:00
Albert Astals Cid
311296dd19 xcf: initialize layer opacity 
https://gitlab.gnome.org/GNOME/gimp/raw/master/devel-docs/xcf.txt
  When reading old XCF files that lack this property, full opacity
  should be assumed.
 2019-01-28 20:31:18 +01:00
Albert Astals Cid
d6ae11a691 xcf: set buffer to 0 if read less data that expected 
Fixes MemorySanitizer: use-of-uninitialized-value on fuzzed file
 2019-01-28 20:09:21 +01:00
Albert Astals Cid
3923c9b855 bzero -> memset 
Seems bzero is less portable
 2019-01-28 19:18:01 +01:00
Fabian Vogt
51d710adda Fix various OOB reads and writes in kimg_tga and kimg_xcf 
Summary:
I had a look at some image loading code in kimageformats and found memory
corruption bugs (there might be more):

- oobwrite4b.xcf: OOB write in kimg_xcf:

By overflowing the "size = 3 * ncolors + 4;" calculation, it's possible to make
size == 3 or size == 0, which then allows 1 or 4 bytes to be overwritten:
https://cgit.kde.org/kimageformats.git/tree/src/imageformats/xcf.cpp?id=3f2552f21b1cdef063c2a93cc95d42a8cf907fcf#n484
The values aren't arbitrary, so AFAICT DoS only.
Fix is to move the sanity check for size below the assignment.

- oobread.tga: OOB read in kimg_tga:

By overflowing the "size = tga.width * tga.height * pixel_size" calculation,
it's possible to cause OOB reads later on as the image data array is too small:
https://cgit.kde.org/kimageformats.git/tree/src/imageformats/tga.cpp?id=3f2552f21b1cdef063c2a93cc95d42a8cf907fcf#n192
Fix is to use a 64bit integer instead.

- oobwrite4b.tga/oobwrite507.tga: OOB write in kimg_tga

If RLE is enabled, any size checks are skipped, so it's possible to write
either 128 repetitions of an arbitrary four byte value (oobwrite4b.tga)
or or 507 arbitrary bytes (oobwrite507.tga) out of bounds.
https://cgit.kde.org/kimageformats.git/tree/src/imageformats/tga.cpp?id=3f2552f21b1cdef063c2a93cc95d42a8cf907fcf#n209
Fix is to check for "num" being negative before reading into the buffer.

Also, bail out early if there is no more data available (reading a 65kx65k px image from 14B data takes ages otherwise)

Test Plan:
Stopped crashing and valgrind don't complain anymore.

TGA preview still works for valid files.

Reviewers: aacid

Reviewed By: aacid

Subscribers: lbeltrame, kde-frameworks-devel

Tags: #frameworks

Differential Revision: https://phabricator.kde.org/D18574
 2019-01-28 14:21:27 +01:00
Albert Astals Cid
52a5959c08 pic: resize header id back if didn't read 4 bytes as expected 2019-01-28 01:56:12 +01:00
Albert Astals Cid
309cddbe83 xcf: bzero buffer if read less data than expected 2019-01-28 01:30:17 +01:00
Albert Astals Cid
47f46d4463 xcf: Only call setDotsPerMeterX/Y if PROP_RESOLUTION is found 
https://gitlab.gnome.org/GNOME/gimp/blob/master/devel-docs/xcf.txt says
it's not really that important to be there
 2019-01-27 13:14:30 +01:00
Albert Astals Cid
bff6142b44 xcf: initialize num_colors 2019-01-27 13:07:37 +01:00
Albert Astals Cid
09abfd8084 xcf: Initialize layer visible property 
https://gitlab.gnome.org/GNOME/gimp/blob/master/devel-docs/xcf.txt says
	When reading old XCF files that lack this property, assume that layers are visible
 2019-01-27 13:03:51 +01:00
Albert Astals Cid
964624ba40 xcf: Don't cast int to enum that can't hold that int value 2019-01-27 12:50:19 +01:00
Albert Astals Cid
3dee6f7c47 xcf: Do not overflow int on the setDotsPerMeterX/Y call 2019-01-27 12:29:07 +01:00
Albert Astals Cid
b8cb5e322c delete copy constructor and assignment operator of some internal classes 
they are unused, but if anyone would use them things would go wrong, so protect us from it
 2019-01-13 22:30:55 +01:00
Albert Astals Cid
8803ae9cd6 GIT_SILENT Upgrade Qt5 version requirement to 5.10.0. 2019-01-07 00:19:26 +01:00
l10n daemon script
e5b7b414df GIT_SILENT Upgrade ECM and KF5 version requirements for 5.54.0 release. 2019-01-04 21:42:58 +00:00
Albert Astals Cid
c3b8030674 GIT_SILENT Upgrade CMake version requirement to 3.5. 2018-12-01 23:56:44 +01:00
l10n daemon script
072b531b0d GIT_SILENT Upgrade ECM and KF5 version requirements for 5.53.0 release. 2018-12-01 14:40:14 +00:00
Albert Astals Cid
10f201e414 Use gimp to export simple-rgba-gimp-2.8.10.xcf to png again 
This fixes the xcf test that was failing, i guess at some point someone
run optipng or something over the expected result and that was causing
the test to fail
 2018-11-17 12:22:25 +01:00
Albert Astals Cid
1656913fbd GIT_SILENT Upgrade Qt5 version requirement to 5.9.0. 2018-11-17 11:18:21 +01:00
l10n daemon script
beaf20bd4a GIT_SILENT Upgrade ECM and KF5 version requirements for 5.52.0 release. 2018-11-03 12:00:43 +00:00
Yuri Chornoivan
8ac949d459 Fix minor EBN issues 2018-10-22 19:58:24 +03:00