Page MenuHome
Differential D2999

Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.
ClosedPublic
Actions

Authored by Brecht Van Lommel (brecht) on Jan 14 2018, 4:41 PM.

Details

Reviewers
Campbell Barton (campbellbarton)
Commits
rBSd30cc1ea0b9b: Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.
rB16718fe4ea5c: Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.
rB0dfcf7b0d2fe: Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.
rBd30cc1ea0b9b: Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.
Summary

Solves these security issues from T52924:
CVE-2017-2899
CVE-2017-2900
CVE-2017-2901
CVE-2017-2902
CVE-2017-2903
CVE-2017-2904
CVE-2017-2905
CVE-2017-2906
CVE-2017-2907
CVE-2017-2918

These should be all issues that do not involve a specially crafted .blend file.
However the fixes have not been verified, since the repro cases do not appear
to be publicly available yet.

Diff Detail

Repository
rB Blender
Branch
fix-img
Build Status
Buildable 1077
Build 1077: arc lint + arc unit

Event Timeline

Brecht Van Lommel (brecht) created this revision.Jan 14 2018, 4:41 PM
Brecht Van Lommel (brecht) edited the summary of this revision. (Show Details)Jan 14 2018, 8:32 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jan 17 2018, 8:30 PM
Closed by commit rBd30cc1ea0b9b: Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading. (authored by Brecht Van Lommel (brecht)). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
source/
blender/
avi/
1 line
intern/
26 lines
2 lines
2 lines
4 lines
52 lines
4 lines
36 lines
4 lines
34 lines
imbuf/
6 lines
intern/
40 lines
26 lines
cineon/
3 lines
2 lines
101 lines
43 lines
54 lines
44 lines
26 lines

Diff 9813

View Options

source/blender/avi/CMakeLists.txt

Loading...
View Options

source/blender/avi/intern/avi.c

Loading...
View Options

source/blender/avi/intern/avi_codecs.c

Loading...
View Options

source/blender/avi/intern/avi_intern.h

Loading...
View Options

source/blender/avi/intern/avi_mjpeg.h

Loading...
View Options

source/blender/avi/intern/avi_mjpeg.c

Loading...
View Options

source/blender/avi/intern/avi_rgb.h

Loading...
View Options

source/blender/avi/intern/avi_rgb.c

Loading...
View Options

source/blender/avi/intern/avi_rgb32.h

Loading...
View Options

source/blender/avi/intern/avi_rgb32.c

Loading...
View Options

source/blender/imbuf/IMB_imbuf.h

Loading...
View Options

source/blender/imbuf/intern/allocimbuf.c

Loading...
View Options

source/blender/imbuf/intern/bmp.c

Loading...
View Options

source/blender/imbuf/intern/cineon/dpxlib.c

Loading...
View Options

source/blender/imbuf/intern/cineon/logImageCore.h

Loading...
View Options

source/blender/imbuf/intern/cineon/logImageCore.c

Loading...
View Options

source/blender/imbuf/intern/iris.c

Loading...
View Options

source/blender/imbuf/intern/png.c

Loading...
View Options

source/blender/imbuf/intern/radiance_hdr.c

Loading...
View Options

source/blender/imbuf/intern/tiff.c

Loading...