Fix heap buffer overflow in cv::PngDecoder::read_from_io by vrabaud · Pull Request #26700 · opencv/opencv

vrabaud · 2025-01-02T13:52:47Z

If the condition is not fixed, the memcpy below can do an out of boundary read

Bug: oss-fuzz:386688710

I agree to contribute to the project under Apache 2 License.
To the best of my knowledge, the proposed patch is not based on a code under GPL or another license that is incompatible with OpenCV
The PR is proposed to the proper branch
There is a reference to the original bug report and related work
There is accuracy test, performance test and test data in opencv_extra repository, if applicable
Patch to opencv_extra has the same branch name.
The feature is well documented and sample code can be built with the project CMake

Bug: oss-fuzz:386688710

Fix heap buffer overflow in cv::PngDecoder::read_from_io

12963ea

Bug: oss-fuzz:386688710

vrabaud requested a review from asmorkalov January 2, 2025 13:52

vrabaud added this to the 4.11.0 milestone Jan 2, 2025

vrabaud force-pushed the png_buffer_overflow branch from 95eb06c to 12963ea Compare January 2, 2025 14:23

asmorkalov approved these changes Jan 3, 2025

View reviewed changes

asmorkalov merged commit 5e1eed5 into opencv:4.x Jan 3, 2025

asmorkalov added the category: imgcodecs label Jan 3, 2025

asmorkalov self-assigned this Jan 3, 2025

asmorkalov added the bug label Jan 3, 2025

vrabaud deleted the png_buffer_overflow branch January 3, 2025 07:59

asmorkalov mentioned this pull request Jan 15, 2025

5.x merge 4.x #26768

Merged

Provide feedback