libbpg-0.9.8

2021-03-15 14:26:22 +01:00 · 2021-03-15 14:26:22 +01:00 · 62bba2b5bf
parent 1261ac523b
commit 62bba2b5bf
6 changed files with 18 additions and 5 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+version 0.9.8:
+
+- x265 library compilation fixes
+- buffer overflow fixes
+
 version 0.9.7:

 - Increased the memory size of the JS decoder to 32 MiB and avoid
--- a/2
+++ b/2
@ -1 +1 @@
-0.9.7
+0.9.8
--- a/bpgenc.c
+++ b/bpgenc.c
@ -688,6 +688,14 @@ Image *image_alloc(int w, int h, BPGImageFormatEnum format, int has_alpha,
 {
    Image *img;
    int i, linesize, w1, h1, c_count;
+    uint64_t size;
+
+    /* XXX: support large images ? */
+    size = (uint64_t)w * (uint64_t)h * 2;
+    if (size > INT32_MAX) {
+        fprintf(stderr, "Image is too large\n");
+        exit(1);
+    }

    img = malloc(sizeof(Image));
    memset(img, 0, sizeof(*img));
@ -1088,7 +1096,7 @@ Image *read_png(BPGMetaData **pmd,

 static BPGMetaData *jpeg_get_metadata(jpeg_saved_marker_ptr first_marker)
 {
-    static const char app1_exif[] = "Exif";
+    static const char app1_exif[] = "Exif\0";
    static const char app1_xmp[] = "http://ns.adobe.com/xap/1.0/";
    static const char app2_iccp[] = "ICC_PROFILE";
    jpeg_saved_marker_ptr marker;
--- a/libbpg.c
+++ b/libbpg.c
@ -232,7 +232,7 @@ static int build_msps(uint8_t **pbuf, int *pbuf_len,
    input_data += len;
    input_data_len -= len;
    
-    buf_len = 4 + 2 + msps_len * 2 + 4 + (input_data_len - len);
+    buf_len = 4 + 2 + msps_len * 2;
    buf = av_malloc(buf_len);

    idx = 0;
--- a/x265/source/common/param.cpp
+++ b/x265/source/common/param.cpp
@ -1396,7 +1396,7 @@ char *x265_param2string(x265_param* p)
        return NULL;

 #define BOOL(param, cliopt) \
-    s += sprintf(s, " %s", (param) ? cliopt : "no-"cliopt);
+    s += sprintf(s, " %s", (param) ? cliopt : "no-" cliopt);

    s += sprintf(s, "%dx%d", p->sourceWidth,p->sourceHeight);
    s += sprintf(s, " fps=%u/%u", p->fpsNum, p->fpsDenom);
--- a/x265/source/encoder/ratecontrol.cpp
+++ b/x265/source/encoder/ratecontrol.cpp
@ -49,7 +49,7 @@ namespace {
 {\
    bErr = 0;\
    p = strstr(opts, opt "=");\
-    char* q = strstr(opts, "no-"opt);\
+    char* q = strstr(opts, "no-" opt);\
    if (p && sscanf(p, opt "=%d" , &i) && param_val != i)\
        bErr = 1;\
    else if (!param_val && !q && !p)\
 @ -1 +1 @@
 .9.7
 .9.8