Skip to content

Add assert to persistance to address security concerns#21864

Merged
opencv-pushbot merged 1 commit intoopencv:4.xfrom
rogday:21851_fix
Apr 15, 2022
Merged

Add assert to persistance to address security concerns#21864
opencv-pushbot merged 1 commit intoopencv:4.xfrom
rogday:21851_fix

Conversation

@rogday
Copy link
Copy Markdown
Member

@rogday rogday commented Apr 13, 2022
edited
Loading

Fixes #21851
Relates #16488

As with #21861, we could adopt Rust's approach and move from pointers to custom vector type with bound checks enabled by default, providing methods that don't do bounds-checking.

Pull Request Readiness Checklist

See details at https://github.com/opencv/opencv/wiki/How_to_contribute#making-a-good-pull-request

  • I agree to contribute to the project under Apache 2 License.
  • To the best of my knowledge, the proposed patch is not based on a code under GPL or another license that is incompatible with OpenCV
  • The PR is proposed to the proper branch
  • There is a reference to the original bug report and related work
  • There is accuracy test, performance test and test data in opencv_extra repository, if applicable
    Patch to opencv_extra has the same branch name.
  • The feature is well documented and sample code can be built with the project CMake

asmorkalov
asmorkalov reviewed Apr 14, 2022
View reviewed changes
@asmorkalov asmorkalov self-assigned this Apr 14, 2022
@rogday rogday marked this pull request as draft April 14, 2022 18:37
@rogday rogday marked this pull request as ready for review April 14, 2022 19:26
@asmorkalov asmorkalov self-requested a review April 15, 2022 05:25
@opencv-pushbot opencv-pushbot merged commit 556d211 into opencv:4.x Apr 15, 2022
@rogday rogday deleted the 21851_fix branch April 15, 2022 18:14
@opencv-pushbot opencv-pushbot mentioned this pull request Apr 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asmorkalov asmorkalov asmorkalov approved these changes

Assignees

@opencv-pushbot opencv-pushbot

Labels

bug category: core

Projects

None yet

Milestone

4.6.0

Development

Successfully merging this pull request may close these issues.

FileStorage constructor: BufferOverflow

4 participants

@rogday @asmorkalov @opencv-pushbot @alalek