From c76d74be657ce8302f140cefc2b665682c83b023 Mon Sep 17 00:00:00 2001 From: Lovell Fuller Date: Sat, 22 Oct 2022 11:20:53 +0100 Subject: [PATCH 1/2] Ensure EXIF is at least 4 bytes before inspection (#3109) --- libvips/foreign/exif.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libvips/foreign/exif.c b/libvips/foreign/exif.c index 88d1bf5d..d8e9896c 100644 --- a/libvips/foreign/exif.c +++ b/libvips/foreign/exif.c @@ -167,6 +167,10 @@ vips_exif_load_data_without_fix( const void *data, size_t length ) /* exif_data_load_data() only allows uint for length. Limit it to less * than that: 2**20 should be enough for anyone. */ + if( length < 4 ) { + vips_error( "exif", "%s", _( "exif too small" ) ); + return( NULL ); + } if( length > 1 << 20 ) { vips_error( "exif", "%s", _( "exif too large" ) ); return( NULL ); From 27874386b25a585022551f6b7547c49756d491d2 Mon Sep 17 00:00:00 2001 From: John Cupitt Date: Wed, 9 Nov 2022 14:52:01 +0000 Subject: [PATCH 2/2] missing include in mosaic_fuzzer causes build fail on debian9, see https://github.com/libvips/libvips/issues/3152 --- ChangeLog | 3 +++ configure.ac | 6 +++--- fuzz/mosaic_fuzzer.cc | 1 + meson.build | 4 ++-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 88de3b19..d832f022 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +9/11/22 started 8.13.4 +- missing include in mosaic_fuzzer [ServOKio] + 11/10/22 started 8.13.3 - improve rules for 16-bit heifsave [johntrunc] - improve libspng pallette write [kleisauke] diff --git a/configure.ac b/configure.ac index 8ef74ae6..5d8aae90 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # also update the version number in the m4 macros below -AC_INIT([vips], [8.13.3], [vipsip@jiscmail.ac.uk]) +AC_INIT([vips], [8.13.4], [vipsip@jiscmail.ac.uk]) # required for gobject-introspection AC_PREREQ([2.69]) @@ -18,7 +18,7 @@ AC_CONFIG_MACRO_DIR([m4]) # user-visible library versioning m4_define([vips_major_version], [8]) m4_define([vips_minor_version], [13]) -m4_define([vips_micro_version], [3]) +m4_define([vips_micro_version], [4]) m4_define([vips_version], [vips_major_version.vips_minor_version.vips_micro_version]) @@ -41,7 +41,7 @@ VIPS_LIBS="" # binary interface changed: increment current, reset revision to 0 # binary interface changes backwards compatible?: increment age # binary interface changes not backwards compatible?: reset age to 0 -LIBRARY_REVISION=3 +LIBRARY_REVISION=4 LIBRARY_CURRENT=57 LIBRARY_AGE=15 diff --git a/fuzz/mosaic_fuzzer.cc b/fuzz/mosaic_fuzzer.cc index e911d978..69f2d3ad 100644 --- a/fuzz/mosaic_fuzzer.cc +++ b/fuzz/mosaic_fuzzer.cc @@ -1,3 +1,4 @@ +#include #include struct mosaic_opt { diff --git a/meson.build b/meson.build index ee56926c..475d7844 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('vips', 'c', 'cpp', - version: '8.13.3', + version: '8.13.4', meson_version: '>=0.56', default_options: [ # this is what glib uses (one of our required deps), so we use it too @@ -19,7 +19,7 @@ version_patch = version_parts[2] # binary interface changed: increment current, reset revision to 0 # binary interface changes backwards compatible?: increment age # binary interface changes not backwards compatible?: reset age to 0 -library_revision = 3 +library_revision = 4 library_current = 57 library_age = 15 library_version = '@0@.@1@.@2@'.format(library_current - library_age, library_age, library_revision)