tiff: cap buffer growth to prevent OOM from malicious IFD offset A crafted 8-byte TIFF file with IFD offset 0xFFFFFFFF causes buffer.fill() to allocate ~4GB of memory when decoding via io.Reader (non-ReaderAt path), leading to an out-of-memory crash in any Go application that calls Decode or DecodeConfig on untrusted input. Read the data, and allocate the buffer, in chunks, to limit memory allocation to the size of the input file. References: https://issuetracker.google.com/issues/494365189 Fixes golang/go#78267 Change-Id: I514161af87fb3ad24180ec4bed61fa49f491e721 GitHub-Last-Rev: 8e6d97892cfbdea81fa9e9ec3e3872e4e452aea9 GitHub-Pull-Request: golang/image#25 Reviewed-on: https://go-review.googlesource.com/c/image/+/757660 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This repository holds supplementary Go image packages.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.
The git repository is https://go.googlesource.com/image.
The main issue tracker for the image repository is located at https://go.dev/issues. Prefix your issue with “x/image:” in the subject line, so it is easy to find.