Skip to content

Fix heap buffer overflow and use after free in imgcodecs#27138

Merged
asmorkalov merged 3 commits intoopencv:4.xfrom
vrabaud:lzw
Mar 26, 2025
Merged

Fix heap buffer overflow and use after free in imgcodecs#27138
asmorkalov merged 3 commits intoopencv:4.xfrom
vrabaud:lzw

Conversation

@vrabaud
Copy link
Copy Markdown
Contributor

@vrabaud vrabaud commented Mar 24, 2025

This fixes
https://g-issues.oss-fuzz.com/issues/405243132
https://g-issues.oss-fuzz.com/issues/405456349

Pull Request Readiness Checklist

See details at https://github.com/opencv/opencv/wiki/How_to_contribute#making-a-good-pull-request

  • I agree to contribute to the project under Apache 2 License.
  • To the best of my knowledge, the proposed patch is not based on a code under GPL or another license that is incompatible with OpenCV
  • The PR is proposed to the proper branch
  • There is a reference to the original bug report and related work
  • There is accuracy test, performance test and test data in opencv_extra repository, if applicable
    Patch to opencv_extra has the same branch name.
  • The feature is well documented and sample code can be built with the project CMake

@vrabaud vrabaud added this to the 4.12.0 milestone Mar 24, 2025
@vrabaud vrabaud assigned asmorkalov and unassigned asmorkalov Mar 24, 2025
@vrabaud vrabaud requested a review from asmorkalov March 24, 2025 14:17
@vrabaud
Copy link
Copy Markdown
Contributor Author

vrabaud commented Mar 24, 2025

@sturkmen72 , please review the PNG one, thx.

@asmorkalov asmorkalov self-assigned this Mar 24, 2025
@asmorkalov asmorkalov added the bug label Mar 24, 2025
asmorkalov
asmorkalov reviewed Mar 24, 2025
View reviewed changes
sturkmen72
sturkmen72 reviewed Mar 24, 2025
View reviewed changes
sturkmen72
sturkmen72 reviewed Mar 24, 2025
View reviewed changes
@vrabaud vrabaud force-pushed the lzw branch 2 times, most recently from d017308 to 5acafe4 Compare March 25, 2025 09:07
@asmorkalov asmorkalov merged commit 42a1320 into opencv:4.x Mar 26, 2025
68 of 82 checks passed
@Kumataro
Copy link
Copy Markdown
Contributor

Kumataro commented Mar 27, 2025

There are a lot of runtime warnings on imgcodec accurary test after this fix, maybe we have to fix it (codec or test).

I notice this problem on Ubuntu 24.04 at my PC.
And we can confirm then for macOS-ARM64, Windows10-x64.

https://github.com/opencv/opencv/actions/runs/14055710860/job/39436005460?pr=27138

[==========] Running 643 tests from 37 test cases.
[----------] Global test environment set-up.
[----------] 10 tests from Imgcodecs_Gif
[ RUN      ] Imgcodecs_Gif.imwriteanimation_rgba
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.
[ WARN:0@0.010] global grfmt_gif.cpp:395 lzwDecode Too long LZW length in GIF.

@Kumataro Kumataro mentioned this pull request Mar 27, 2025
Closed
4 tasks
@asmorkalov asmorkalov mentioned this pull request Apr 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asmorkalov asmorkalov asmorkalov approved these changes

+1 more reviewer

@sturkmen72 sturkmen72 sturkmen72 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@asmorkalov asmorkalov

Labels

bug category: imgcodecs

Projects

None yet

Milestone

4.12.0

Development

Successfully merging this pull request may close these issues.

4 participants

@vrabaud @Kumataro @asmorkalov @sturkmen72