Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle EOF in Jpeg bit reader when data is bad to prevent DOS attack. #2516

Merged
merged 9 commits into from
Aug 30, 2023
Merged

Handle EOF in Jpeg bit reader when data is bad to prevent DOS attack. #2516

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
008c417
Handle EOF in bit reader when data is bad.
JimBobSquarePants Aug 23, 2023
e686680
Allow parallel processing of multi-megapixel image
JimBobSquarePants Aug 23, 2023
62aaa4d
Stream seek can exceed the length of a stream
JimBobSquarePants Aug 23, 2023
51de859
Try triggering on release branches
JimBobSquarePants Aug 23, 2023
dc018fa
Update JpegBitReader.cs
JimBobSquarePants Aug 23, 2023
c129720
Skin on Win .NET 6
JimBobSquarePants Aug 24, 2023
1499213
All Win OS is an issue
JimBobSquarePants Aug 24, 2023
e96f1fe
Address feedback
JimBobSquarePants Aug 28, 2023
1bb07cb
add validation to CanIterateWithoutIntOverflow
antonfirsov Aug 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Stream seek can exceed the length of a stream
  • Loading branch information
@JimBobSquarePants
JimBobSquarePants committed Aug 23, 2023
commit 62aaa4df64c46b5f35ff4e18229d70aa49afcb92
2 changes: 1 addition & 1 deletion src/ImageSharp/Formats/Jpeg/Components/Decoder/JpegBitReader.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ public bool FindNextMarker()
private int ReadStream()
{
int value = this.badData ? 0 : this.stream.ReadByte();
if (value == -1 || this.stream.Position == this.stream.Length)
if (value == -1 || this.stream.Position >= this.stream.Length)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seeking to any location beyond the length of the stream is supported.

https://learn.microsoft.com/en-us/dotnet/api/system.io.stream.position?view=net-7.0#remarks

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out the fix is bad. It's somehow preventing complete data reading.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Proper fix implemented now.

{
// We've encountered the end of the file stream which means there's no EOI marker
// in the image or the SOS marker has the wrong dimensions set.
Expand Down