Merge branch 'AcademySoftwareFoundation:main' into R3D

Author: 1div0

src/cmake/compiler.cmake

@@ -617,7 +617,7 @@ set (EXTRA_DSO_LINK_ARGS "" CACHE STRING "Extra command line definitions when bu
 ###########################################################################
 # Set the versioning for shared libraries.
 #
-if (${PROJECT_NAME}_SUPPORTED_RELEASE)
+if (${PROJECT_NAME}_SUPPORTED_RELEASE AND NOT SKBUILD)
     # Supported releases guarantee ABI back-compatibility within the release
     # family, so SO versioning is major.minor.
     set (SOVERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}

src/ico.imageio/icoinput.cpp

@@ -190,6 +190,19 @@ ICOInput::seek_subimage(int subimage, int miplevel)
         swap_endian(&subimg.numColours);
     }
 
+    // some sanity checking
+    if (subimg.bpp != 1 && subimg.bpp != 4 && subimg.bpp != 8
+        && subimg.bpp != 16 && subimg.bpp != 24 && subimg.bpp != 32) {
+        errorfmt("Unsupported image color depth, probably corrupt file");
+        return false;
+    }
+    if (subimg.reserved != 0) {
+        errorfmt(
+            "Probably corrupt file (clue: header 'reserved' value should always be 0)",
+            subimg.reserved);
+        return false;
+    }
+
     ioseek(subimg.ofs, SEEK_SET);
 
     // test for a PNG icon

src/rla.imageio/rlainput.cpp

@@ -604,7 +604,15 @@ RLAInput::decode_channel_group(int first_channel, short num_channels,
     // OIIO conventions.
     if (num_bits == 8 || num_bits == 16 || num_bits == 32) {
         // ok -- no rescaling needed
-    } else if (num_bits == 10) {
+    }
+    int bytes_per_chan = ceil2(std::max(int(num_bits), 8)) / 8;
+    if (size_t(offset + (m_spec.width - 1) * pixelsize
+               + num_channels * bytes_per_chan)
+        > m_buf.size()) {
+        errorfmt("Probably corrupt file (buffer overrun avoided)");
+        return false;  // Probably corrupt? Would have overrun
+    }
+    if (num_bits == 10) {
         // fast, common case -- use templated hard-code
         for (int x = 0; x < m_spec.width; ++x) {
             uint16_t* b = (uint16_t*)(&m_buf[offset + x * pixelsize]);

testsuite/ico/ref/out.txt

@@ -45,3 +45,4 @@ Reading ../oiio-images/ico/oiio.ico
     oiio:BitsPerSample: 8
 Comparing "../oiio-images/ico/oiio.ico" and "oiio.ico"
 PASS
+iconvert ERROR: Unsupported image color depth, probably corrupt file

testsuite/ico/run.py

@@ -4,4 +4,9 @@
 # SPDX-License-Identifier: Apache-2.0
 # https://github.com/AcademySoftwareFoundation/OpenImageIO
 
-command = rw_command (OIIO_TESTSUITE_IMAGEDIR, "oiio.ico")
+failureok = 1
+redirect = ' >> out.txt 2>&1 '
+
+command += rw_command (OIIO_TESTSUITE_IMAGEDIR, "oiio.ico")
+command += run_app (oiio_app("iconvert") + " src/bad1.ico out.tif")
+

testsuite/ico/src/bad1.ico

@@ -319,5 +319,8 @@ Full command line was:
 oiiotool ERROR: read : "src/crash-3951.rla": Read error: couldn't read RLE data span
 Full command line was:
 > oiiotool src/crash-3951.rla -o crash4.exr
+oiiotool ERROR: read : "src/crash-1.rla": Probably corrupt file (buffer overrun avoided)
+Full command line was:
+> oiiotool src/crash-1.rla -o crash5.exr
 Comparing "rlacrop.rla" and "ref/rlacrop.rla"
 PASS

testsuite/rla/ref/out.txt

@@ -22,5 +22,6 @@
 command += oiiotool(OIIO_TESTSUITE_IMAGEDIR + "/crash2.rla -o crash2.exr", failureok = True)
 command += oiiotool("src/crash-1629.rla -o crash3.exr", failureok = True)
 command += oiiotool("src/crash-3951.rla -o crash4.exr", failureok = True)
+command += oiiotool("src/crash-1.rla -o crash5.exr", failureok = True)
 
 outputs = [ "rlacrop.rla", 'out.txt' ]