This patch bumps current serial file version from the Autoconf Archive
from 6 to 8.
Changes:
- simplified and more permissive license
- https links in the file comments
Git ident attributes were in most cases utilized with SVN and keywords
substitutions, where $Id$ were replaced with certain revision from the
repository. In Git this functionality is different. Each $Id$ needs to
be defined in .gitattributes file to be effective. This patch removes
unused and outdated attributes.
There was a double paste error in the name "nnquant", and the link
line needs to come after we add programs. This was missed locally
due to the conditional logic (blah).
All the uses of strncpy in here are based on strlen of the input, so
there's no need to run through an str-based func again. Switch to a
straight memcpy. Plus this avoids static checkers that blindly choke
on strncpy. The code was already adding a trailing NUL byte, so that
isn't problematic either.
We've been tracking program deps in the build files, so it ends up
being redundant for a lot of our test/example programs. Clean them
up, and update some of the cmake/automake files as needed.
A bunch of these files were committed with Windows line encodings.
Strip all those ^M gremlins out as people working on Windows can
use git's autocrlf setting to convert back and forth as needed.
These tests aren't broken because they didn't free the buffers, but
by cleaning these up, it's safe to run the testsuite through the leak
sanitizer (LSAN) to detect real leaks in the rest of the library.
See the previous commit 98b3f04b21 as
an example of LSAN being useful.
If the png error handle is triggered during output, the allocated
rows aren't freed. Change the allocation to calloc to zero out all
the rows, and then walk them in the jump callback to release them.
When reading images in GD or GD2 format, we have to ensure that the
transparent color is not set, if it would refer to a non-extant palette
entry.
We back that up with respective regression tests.
When using `gdImageCopy()` for image cropping, we have to make sure
that it doesn't use alpha blending (the current default), but rather
`gdEffectReplace`. We reset the `alphaBlendingFlag` after finishing
the copy operation.
Since getopt is only needed by various helper programs, we start a new
program utility static library to stuff things into so they don't fill
up the gd library itself.
This comes from NetBSD. Fixes#401.
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop. Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
CVE-2018-5711
See also https://bugs.php.net/bug.php?id=75571.
oss-fuzz pointed out:
gd_gd2.c:456:10: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
We must not allow chunk sizes (aka. lengths) of INT_MAX, since we need
to alloc size+1 bytes.
oss-fuzz pointed out:
gd_bmp.c:641:18: runtime error: negation of -2147483648 cannot be represented in type 'int';
cast to an unsigned type to negate this value to itself
This is a bit of a false positive issue as -2147483648 is -2147483648
with gcc/clang which we check for later on. But lets check for it up
front to avoid the undefined behavior.
For OS/2 BMP 1.0 files, the spec says only 1/4/8/24 bit images are
supported, so ignore other depths as invalid.
oss-fuzz pointed out:
gd_bmp.c:670:22: runtime error: shift exponent 12803 is too large for 32-bit type 'int'
oss-fuzz pointed out:
gd_gd2.c:441:11: runtime error: signed integer overflow: 65535 * 65535 cannot be represented in type 'int'
Add some checks on the inputs from the header file and which are used
later on in multiplication.
oss-fuzz pointed out:
gd_tga.c:209:52: runtime error: signed integer overflow: 838848000 * 3 cannot be represented in type 'int'
This is somewhat of a false positive as we already have overflow checks
after this assignment, but we can delay the code until afterwards to
avoid warnings.
oss-fuzz pointed out:
gd_gif_in.c:605:16: runtime error: index 5595 out of bounds for type 'int [4096]'
Add some bounds checking on each code that we read from the file.
oss-fuzz pointed out:
wbmp.c:48:14: runtime error: left shift of 253751679 by 7 places cannot be represented in type 'int'
See previous commit for more details.
oss-fuzz pointed out:
gd_io.c:174:10: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
See previous commit for more details.
oss-fuzz pointed out:
gd_io.c:139:14: runtime error: left shift of 199 by 24 places cannot be represented in type 'int'
Switch the temp var we use here to unsigned to avoid that. We do an
unsigned int to a signed int at the end which is undefined, but since
compilers don't seem to mind that, we won't care just yet. It also
makes the code match gdGetIntLSB behavior.