-
Notifications
You must be signed in to change notification settings - Fork 278
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix arithmetic operation overflow #193
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like a good and simple fix. And I'm happy that it's based on unint32_t, so it should work fine on 32bit and 64bit builds. Good Work. Thank You.
Several comments:
- We should also apply this test to length in Jp2Image::printStructure() at line 480 after we have discovered the length of the "box".
- The code in tiffvisitor_int.cpp Replace jp2image with bmffimage #1525 is:
if ((static_cast<uintptr_t>(baseOffset()) > std::numeric_limits<uintptr_t>::max() - static_cast<uintptr_t>(offset))
|| (static_cast<uintptr_t>(baseOffset() + offset) > std::numeric_limits<uintptr_t>::max() - reinterpret_cast<uintptr_t>(pData_)))
{
throw Error(59);
}
if (pData_ + static_cast<uintptr_t>(baseOffset()) + static_cast<uintptr_t>(offset) > pLast_) {
throw Error(58);
}
pData = const_cast<byte*>(pData_) + baseOffset() + offset;
Can the code in tiffvisitor_int.cpp be simplified?
3 Is it possible to add a utility function (in error.cpp) to detect this condition and possibly throw the error.
Can you add the test file to test/data and update bugfixes-test.sh.
The code in Concerning the utility function for this, I am going to make a PR for something like this. |
@D4N Thanks for the clarification concerning the code in tiffvisitor_int.cpp#1525 To add a test to bugfixes-test.sh (and most of the test suite bash scripts): Submit the files. I normally refer this as the "regression detector". You should have at least: Usually you will also update C++ code library/sample code and when you change the test harness. |
Can you rewrite this PR using the new overflow checked addition? |
Sure! I will do it as soon as I find some spare time ;) |
Guys, I re-rewrote yesterday the change using the new overflow functionality and I also added the reproducer to the old test suite. Let me know if the changes make sense (At least, CI is green 😃 ) |
I've merged the code on MacOSX with the commands:
It passed the tests (including g188).
Looking in tiffvisitor_int.cpp, I don't see any difference near in the overflow test about line 1550. |
This change fixes the arithmetic operation overflow reported in #188.
I started to check how I could introduce the POC file into the repository and add a new test for the existing test suite (in bash). But then I noticed that I did not know how to update the file
test/data/bugfixes-test.out
and that it could be better to just add that test in the incoming python testing framework (#155 ).