Alex

Fix multiple memory corruption errors revealed by fuzzing

5

Fixes the following crashes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32178 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32228 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33217 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33762 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34134 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35640 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36663 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37041 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37125 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39438 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40058 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40120 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41152

pack: Fix read Stack-buffer-overflow READ in msgpack_sbuffer_write

6

This PR fixes Stack-buffer-overflow in msgpack_sbuffer_write revealed by fuzzing: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45208 The root cause is that snprintf call in flb_pack_msgpack_to_json_format returns the number of characters that would have been written if...

Fix out of bounds memory read in `onig_node_str_cat`

3

This PR fixes out of bounds memory read in `onig_node_str_cat` revealed by fuzzing fluent-bit: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46049 The root cause is that a call to `enclen` inside of `PFETCH` macro when called...

This PR fixes out of bounds memory read in `add_compile_string` revealed by fuzzing fluent-bit: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46086 The root cause is that a call to `enclen` in `compile_string_node` results in a call...

Re-fix #505

Fix out of bounds memory read in derive_spatial_luma_vector_prediction

1

This PR fixes out of bounds memory read in derive_spatial_luma_vector_prediction revealed by fuzzing kimageformats: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40107 When `refIdxLX` is larger than `MAX_NUM_REF_PICS` in `shdr->RefPicList[X][ refIdxLX ]` it leads to out of...

This PR fixes out of bounds memory read in apply_sao_internal revealed by fuzzing kimageformats: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31485 There are two issues: 1. `saoOffsetVal` is defined as `int8_t saoOffsetVal[3][4];`. When `bandIdx` is larger...

GitHub Workflows security hardening

1

This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external...

This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external...

This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external...