代码拉取完成,页面将自动刷新
【环境信息】
x86
【测试版本】
Name: LibRaw
Version: 0.19.0
Release: 10
【注意事项】
受影响版本排查(受影响/不受影响)
1、master
2、openEuler-LTS-20.03
3、openEuler-LTS-20.03-SP1
4、openEuler-LTS-20.03-Next
5、openEuler-20.09
【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer address libraw
2、执行
python3 infra/helper.py run_fuzzer libraw libraw_raf_fuzzer -rss_limit_mb=0
【报错信息】
==8==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f8290a0a8a0 at pc 0x0000004bbfd4 bp 0x7ffee3749310 sp 0x7ffee3748ad0
READ of size 129 at 0x7f8290a0a8a0 thread T0
SCARINESS: 41 (multi-byte-read-stack-buffer-overflow)
#0 0x4bbfd3 in strchr /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:693:5
#1 0x589210 in __libcpp_strchr(char const*, int) /usr/local/bin/../include/c++/v1/string.h:73:64
#2 0x559950 in strchr(char*, int) [enable_if:true] /usr/local/bin/../include/c++/v1/string.h:77:54
#3 0x6435fb in LibRaw::parse_rollei() /src/libraw/internal/dcraw_common.cpp:14855:16
#4 0x65936f in LibRaw::identify() /src/libraw/internal/dcraw_common.cpp:17967:5
#5 0x5652e8 in LibRaw::open_datastream(LibRaw_abstract_datastream*) /src/libraw/src/libraw_cxx.cpp:2008:5
#6 0x562679 in LibRaw::open_buffer(void*, unsigned long) /src/libraw/src/libraw_cxx.cpp:1123:13
#7 0x5515dc in LLVMFuzzerTestOneInput /src/libraw_fuzzer.cc:41:24
#8 0x4598f1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#9 0x444c52 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:296:6
#10 0x44ace7 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:776:9
#11 0x473332 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#12 0x7f828f99a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x41f268 in _start (/out/libraw_raf_fuzzer+0x41f268)
Address 0x7f8290a0a8a0 is located in stack of thread T0 at offset 160 in frame
#0 0x64338f in LibRaw::parse_rollei() /src/libraw/internal/dcraw_common.cpp:14846
This frame has 2 object(s):
[32, 160) 'line' (line 14847)
[192, 248) 't' (line 14848) <== Memory access at offset 160 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:693:5 in strchr
Shadow bytes around the buggy address:
0x0ff0d21394c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d21394d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d21394e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d21394f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d2139500: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff0d2139510: 00 00 00 00[f2]f2 f2 f2 00 00 00 00 00 00 00 f3
0x0ff0d2139520: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d2139530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d2139540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d2139550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff0d2139560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==8==ABORTING
【问题复现】
python infra/helper.py reproduce libraw libraw_raf_fuzzer crash-265dea0fbb13806538c9033abe649bb0a20cdc40
openeuler-ci-bot
拥有者
Hey yanglijin, Welcome to openEuler Community.
All of the projects in openEuler Community are maintained by @openeuler-ci-bot.
That means the developers can comment below every pull request or issue to trigger Bot Commands.
Please follow instructions at https://gitee.com/openeuler/community/blob/master/en/sig-infrastructure/command.md to find the details.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
issue中的缓冲区溢出是数组越界导致的,数组大小为128,从fgets读取的一行中如果没有'\0’,将数组传入strchr后一旦读取到超过128字节的位置时就会导致溢出。0.19.0版本较老,解决了报错中的溢出问题之后fuzz用例还有其他溢出问题,因此需要升级到最新的0.20.2版本之后再打补丁。
问题影响如下分支,均已提交pr:
1、master:!13:update to 0.20.2 and fix stack buffer overflow in parse_rollei
2、openEuler-LTS-20.03:!14:update to 0.20.2 and fix stack buffer overflow in parse_rollei
3、openEuler-LTS-20.03-SP1:!11:update to 0.20.2 and fix stack buffer overflow in parse_rollei
4、openEuler-LTS-20.03-Next:!12:update to 0.20.2 and fix stack buffer overflow in parse_rollei
5、openEuler-20.09:!15:update to 0.20.2 and fix stack buffer overflow in parse_rollei
LibRaw社区issue:https://github.com/LibRaw/LibRaw/issues/358
影响评估:新增功能及问题修复,总体影响较小。涉及头文件变更较大,修改的头文件中的变量及方法如果有用户使用到,需要进行适配。具体变更如下:
差异分析:
1.版本信息
当前版本:0.19.0
升级版本:0.20.2
2.特性变化
见下面具体描述
3.ABI差异
见下面具体描述
4.配置文件变化
无
5.命令变化
新增命令行(默认路径/usr/bin/):
/usr/bin/rawtextdump
6.依赖关系
新增编译依赖autoconf automake libtool
7.受影响需要重新编译的包
efl, gegl04依赖LibRaw,已验证升级LibRaw对efl、gegl04无影响,编译安装卸载均正常。
2.特性变化
新增功能:
== Camera Format support ==
Canon CR3
GoPro (via GPR SDK)
Panasonic 14-bit
Fujifilm compressed/16bit
Rapsberry Pi RAW+JPEG format (if USE_6BY9RPI defined)
Foveon X3F support changed: it is supported only if USE_X3FTOOLS defined
at build (see below for 'Imported code policy changed')
== Camera support (+59, 1131 total) ==
Canon: PowerShot G5 X Mark II, G7 X Mark III, SX70 HS,
EOS R, EOS RP, EOS 90D, EOS 250D, EOS M6 Mark II, EOS M50, EOS M200
EOS 1DX Mark III (lossless files only)
DJI Mavic Air, Osmo Action
FujiFilm GFX 100, X-A7, X-Pro3, X100V, X-T4 (uncompressed/lossless compressed only), X-T200
GoPro Fusion, HERO5, HERO6, HERO7, HERO8
Hasselblad L1D-20c, X1D II 50C
Leica D-LUX7, Q-P, Q2, V-LUX5, C-Lux / CAM-DC25, SL2, M10 Monochrom
Nikon D780, Z50, P950
Olympus TG-6, E-M5 Mark III, E-PL10, E-M1 Mark III,
Panasonic DC-FZ1000 II, DC-G90, DC-S1, DC-S1R, DC-S1H, DC-TZ95
PhaseOne IQ4 150MP
Ricoh GR III
Sony A7R IV, A9 II, ILCE-6100, ILCE-6600, RX0 II, RX100 VII
Zenit M
Canon A560 (CHDK hack)
FujiFilm X-T30
Nikon Coolpix A1000
Olympus E-M1X
Sony ILCE-6400
Canon: PowerShot A480 (CHDK hack), EOS 2000D, EOS 4000D
Eyedeas E1
FujiFilm: GFX 50R, XF10, X-T3, X-T100, DBP680
GITUP G3 DUO (16:9 mode only, use custom camera for 4:3)
Kodak PIXPRO AZ901
Leica M10-D, M10-P
Nikon D3500, Z6, Z7, P1000
Panasonic LX100M2
Pentax K-1 II
Sony A7 III, HX95, HX99, RX100-VA, RX100-VI
问题修复:
修复CR3文件被截断的问题
DNG元数据合并
检查三星镜头ID分配中是否存在xmpdata
修复oss-fuzz发现的一些问题
缩略图size范围检查(CVE-2020-15503)
修复canon和sigma makernotes parsers的overflows问题
修复 crx (cr3) decoder 的buffer overrun问题
修复crx decoder的 内存泄露问题
修复Sony SRF和SR2 metadata parsers中的overrun问题
代码重构:
不在使用dcraw.c
拆分dcraw_common.cpp和 libraw_cxx.cpp,拆分出来的代码放在单独的子文件夹中(decoders/ 为原始数据解码器, metadata/ 为元数据解析器)
dcraw_common.cpp and libraw_cxx.cpp保留现有的构建环境 (文件中只有一些#include directives).
3.ABI差异:
动态库版本号变更:
/usr/lib64/libraw.so.19 → /usr/lib64/libraw.so.20
/usr/lib64/libraw.so.19.0.0 → /usr/lib64/libraw.so.20.0.0
/usr/lib64/libraw_r.so.19 → /usr/lib64/libraw_r.so.20
/usr/lib64/libraw_r.so.19.0.0 → usr/lib64/libraw_r.so.20.0.0
49 Removed functions:
'void LibRaw::Canon_CameraSettings()' {_ZN6LibRaw20Canon_CameraSettingsEv}
'void LibRaw::Kodak_WB_0x08tags(int, unsigned int)' {_ZN6LibRaw17Kodak_WB_0x08tagsEij}
'void LibRaw::PentaxLensInfo(unsigned int, unsigned int)' {_ZN6LibRaw14PentaxLensInfoEjj}
'virtual void LibRaw::adobe_coeff(const char*, const char*, int)' {_ZN6LibRaw11adobe_coeffEPKcS1_i}
note that this removes an entry from the vtable of class LibRaw
'virtual void LibRaw::lin_interpolate_loop(int[16][32], int)' {_ZN6LibRaw20lin_interpolate_loopEPA16_A32_ii}
note that this removes an entry from the vtable of class LibRaw
'void LibRaw::parseCanonMakernotes(unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw20parseCanonMakernotesEjjj}
'void LibRaw::parseFujiMakernotes(unsigned int, unsigned int)' {_ZN6LibRaw19parseFujiMakernotesEjj}
'void LibRaw::parseSonyMakernotes(unsigned int, unsigned int, unsigned int, unsigned int, uchar&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&)' {ZN6LibRaw19parseSonyMakernotesEjjjjRPhRtS1_S2_S1_S2_S1_S2_S1_S2_S1_S2_S1_S2_S1_S2_S1_S2}
'void LibRaw::parse_external_jpeg()' {_ZN6LibRaw19parse_external_jpegEv}
'void LibRaw::parse_x3f()' {_ZN6LibRaw9parse_x3fEv}
'void LibRaw::processCanonCameraInfo(unsigned int, uchar*, unsigned int, unsigned int)' {_ZN6LibRaw22processCanonCameraInfoEjPhjj}
'void LibRaw::process_Sony_0x0116(uchar*, ushort, unsigned int)' {_ZN6LibRaw19process_Sony_0x0116EPhtj}
'void LibRaw::process_Sony_0x9050(uchar*, ushort, unsigned int)' {_ZN6LibRaw19process_Sony_0x9050EPhtj}
'void LibRaw::process_Sony_0x9400(uchar*, ushort, unsigned int)' {_ZN6LibRaw19process_Sony_0x9400EPhtj}
'void LibRaw::process_Sony_0x940e(uchar*, ushort, unsigned int)' {_ZN6LibRaw19process_Sony_0x940eEPhtj}
'int LibRaw::raw(unsigned int, unsigned int)' {_ZN6LibRaw3rawEjj}
'unsigned int LibRaw::setCanonBodyFeatures(unsigned int)' {_ZN6LibRaw20setCanonBodyFeaturesEj}
'void LibRaw::setPentaxBodyFeatures(unsigned int)' {_ZN6LibRaw21setPentaxBodyFeaturesEj}
'void LibRaw::setPhaseOneFeatures(unsigned int)' {_ZN6LibRaw19setPhaseOneFeaturesEj}
'void LibRaw::setSonyBodyFeatures(unsigned int)' {_ZN6LibRaw19setSonyBodyFeaturesEj}
'void LibRaw::x3f_dpq_interpolate_af(int, int, int)' {_ZN6LibRaw22x3f_dpq_interpolate_afEiii}
'void LibRaw::x3f_dpq_interpolate_af_sd(int, int, int, int, int, int, int)' {_ZN6LibRaw25x3f_dpq_interpolate_af_sdEiiiiiii}
'void LibRaw::x3f_dpq_interpolate_rg()' {_ZN6LibRaw22x3f_dpq_interpolate_rgEv}
'void LibRaw::x3f_thumb_loader()' {_ZN6LibRaw16x3f_thumb_loaderEv}
'INT64 LibRaw::x3f_thumb_size()' {_ZN6LibRaw14x3f_thumb_sizeEv}
'virtual void LibRaw_abstract_datastream::subfile_close()' {_ZN26LibRaw_abstract_datastream13subfile_closeEv}
note that this removes an entry from the vtable of class LibRaw_abstract_datastream
'virtual int LibRaw_abstract_datastream::subfile_open(const char*)' {_ZN26LibRaw_abstract_datastream12subfile_openEPKc}
note that this removes an entry from the vtable of class LibRaw_abstract_datastream
'virtual void LibRaw_abstract_datastream::tempbuffer_close()' {_ZN26LibRaw_abstract_datastream16tempbuffer_closeEv}
note that this removes an entry from the vtable of class LibRaw_abstract_datastream
'virtual int LibRaw_abstract_datastream::tempbuffer_open(void*, size_t)' {_ZN26LibRaw_abstract_datastream15tempbuffer_openEPvm}
note that this removes an entry from the vtable of class LibRaw_abstract_datastream
'virtual int LibRaw_bigfile_datastream::jpeg_src(void*)' {_ZN25LibRaw_bigfile_datastream8jpeg_srcEPv}
note that this removes an entry from the vtable of class LibRaw_bigfile_datastream
'virtual void LibRaw_bigfile_datastream::subfile_close()' {_ZN25LibRaw_bigfile_datastream13subfile_closeEv}
note that this removes an entry from the vtable of class LibRaw_bigfile_datastream
'virtual int LibRaw_bigfile_datastream::subfile_open(const char*)' {_ZN25LibRaw_bigfile_datastream12subfile_openEPKc}
note that this removes an entry from the vtable of class LibRaw_bigfile_datastream
'virtual int LibRaw_file_datastream::jpeg_src(void*)' {_ZN22LibRaw_file_datastream8jpeg_srcEPv}
note that this removes an entry from the vtable of class LibRaw_file_datastream
'virtual void LibRaw_file_datastream::subfile_close()' {_ZN22LibRaw_file_datastream13subfile_closeEv}
note that this removes an entry from the vtable of class LibRaw_file_datastream
'virtual int LibRaw_file_datastream::subfile_open(const char*)' {_ZN22LibRaw_file_datastream12subfile_openEPKc}
note that this removes an entry from the vtable of class LibRaw_file_datastream
'void x3f_clear(void*)' {_Z9x3f_clearPv}
'x3f_return_t x3f_delete(x3f_t*)' {_Z10x3f_deleteP5x3f_s}
'unsigned int x3f_get4(LibRaw_abstract_datastream*)' {_Z8x3f_get4P26LibRaw_abstract_datastream}
'x3f_directory_entry_t* x3f_get_camf(x3f_t*)' {_Z12x3f_get_camfP5x3f_s}
'x3f_directory_entry_t* x3f_get_prop(x3f_t*)' {_Z12x3f_get_propP5x3f_s}
'x3f_directory_entry_t* x3f_get_raw(x3f_t*)' {_Z11x3f_get_rawP5x3f_s}
'x3f_directory_entry_t* x3f_get_thumb_huffman(x3f_t*)' {_Z21x3f_get_thumb_huffmanP5x3f_s}
'x3f_directory_entry_t* x3f_get_thumb_jpeg(x3f_t*)' {_Z18x3f_get_thumb_jpegP5x3f_s}
'x3f_directory_entry_t* x3f_get_thumb_plain(x3f_t*)' {_Z19x3f_get_thumb_plainP5x3f_s}
'x3f_return_t x3f_load_data(x3f_t*, x3f_directory_entry_t*)' {_Z13x3f_load_dataP5x3f_sP21x3f_directory_entry_s}
'int64_t x3f_load_data_size(x3f_t*, x3f_directory_entry_t*)' {_Z18x3f_load_data_sizeP5x3f_sP21x3f_directory_entry_s}
'x3f_return_t x3f_load_image_block(x3f_t*, x3f_directory_entry_t*)' {_Z20x3f_load_image_blockP5x3f_sP21x3f_directory_entry_s}
'x3f_t* x3f_new_from_file(LibRaw_abstract_datastream*)' {_Z17x3f_new_from_fileP26LibRaw_abstract_datastream}
'unsigned int x3f_sget4(uchar*)' {_Z9x3f_sget4Ph}
111 Added functions:
'void LibRaw::Canon_CameraSettings(unsigned int)' {_ZN6LibRaw20Canon_CameraSettingsEj}
'void LibRaw::GetNormalizedModel()' {_ZN6LibRaw18GetNormalizedModelEv}
'const char* LibRaw::HassyRawFormat_idx2HR(unsigned int)' {_ZN6LibRaw21HassyRawFormat_idx2HREj}
'short int LibRaw::KodakIllumMatrix(unsigned int, float*)' {_ZN6LibRaw16KodakIllumMatrixEjPf}
'void LibRaw::Kodak_DCR_WBtags(int, unsigned int, int)' {_ZN6LibRaw16Kodak_DCR_WBtagsEiji}
'void LibRaw::Kodak_KDC_WBtags(int, int)' {_ZN6LibRaw16Kodak_KDC_WBtagsEii}
'void LibRaw::Nikon_NRW_WBtag(int, int)' {_ZN6LibRaw15Nikon_NRW_WBtagEii}
'void LibRaw::PentaxLensInfo(long long unsigned int, unsigned int)' {_ZN6LibRaw14PentaxLensInfoEyj}
'void LibRaw::SetStandardIlluminants(unsigned int, const char*)' {_ZN6LibRaw22SetStandardIlluminantsEjPKc}
'float LibRaw::_CanonConvertAperture()' {_ZN6LibRaw21_CanonConvertApertureEt}
'void LibRaw::aRGB_coeff(double[3])' {_ZN6LibRaw10aRGB_coeffEPA3_d}
'virtual int LibRaw::adobe_coeff(unsigned int, const char, int)' {_ZN6LibRaw11adobe_coeffEjPKci}
note that this adds a new entry to the vtable of class LibRaw
'const char* LibRaw::cameramakeridx2maker()' {_ZN6LibRaw20cameramakeridx2makerEj}
'void LibRaw::crxConvertPlaneLineDf(void*, int)' {_ZN6LibRaw21crxConvertPlaneLineDfEPvi}
'int LibRaw::crxDecodePlane(void*, uint32_t)' {_ZN6LibRaw14crxDecodePlaneEPvj}
'virtual void LibRaw::crxLoadDecodeLoop(void*, int)' {_ZN6LibRaw17crxLoadDecodeLoopEPvi}
note that this adds a new entry to the vtable of class LibRaw
'virtual void LibRaw::crxLoadFinalizeLoopE3(void*, int)' {_ZN6LibRaw21crxLoadFinalizeLoopE3EPvi}
note that this adds a new entry to the vtable of class LibRaw
'void LibRaw::crxLoadRaw()' {_ZN6LibRaw10crxLoadRawEv}
'int LibRaw::crxParseImageHeader(uchar*, int)' {_ZN6LibRaw19crxParseImageHeaderEPhi}
'int LibRaw::find_ifd_by_offset(int)' {_ZN6LibRaw18find_ifd_by_offsetEi}
'void LibRaw::fixupArri()' {_ZN6LibRaw9fixupArriEv}
'void LibRaw::getOlympus_CameraType2()' {_ZN6LibRaw22getOlympus_CameraType2Ev}
'void LibRaw::getOlympus_SensorTemperature(unsigned int)' {_ZN6LibRaw28getOlympus_SensorTemperatureEj}
'int LibRaw::getwords(char**, int, int)' {_ZN6LibRaw8getwordsEPcPS0_ii}
'void LibRaw::identify_finetune_by_filesize(int)' {_ZN6LibRaw29identify_finetune_by_filesizeEi}
'void LibRaw::identify_finetune_dcr(char*, int, int)' {_ZN6LibRaw21identify_finetune_dcrEPcii}
'void LibRaw::identify_finetune_pentax()' {_ZN6LibRaw24identify_finetune_pentaxEv}
'void LibRaw::identify_process_dng_fields()' {_ZN6LibRaw27identify_process_dng_fieldsEv}
'virtual void LibRaw::lin_interpolate_loop(int*, int)' {_ZN6LibRaw20lin_interpolate_loopEPii}
note that this adds a new entry to the vtable of class LibRaw
'ushort* LibRaw::ljpeg_row_unrolled(int, jhead*)' {_ZN6LibRaw18ljpeg_row_unrolledEiP5jhead}
'void* LibRaw::memmem(size_t, char*, size_t)' {_ZN6LibRaw6memmemEPcmS0_m}
'void LibRaw::nikon_14bit_load_raw()' {_ZN6LibRaw20nikon_14bit_load_rawEv}
'void LibRaw::nikon_load_padded_packed_raw()' {_ZN6LibRaw28nikon_load_padded_packed_rawEv}
'void LibRaw::nikon_read_curve()' {_ZN6LibRaw16nikon_read_curveEv}
'int LibRaw::p1raw(unsigned int, unsigned int)' {_ZN6LibRaw5p1rawEjj}
'void LibRaw::panasonicC6_load_raw()' {_ZN6LibRaw20panasonicC6_load_rawEv}
'void LibRaw::panasonicC7_load_raw()' {_ZN6LibRaw20panasonicC7_load_rawEv}
'void LibRaw::parseAdobePanoMakernote()' {_ZN6LibRaw23parseAdobePanoMakernoteEv}
'void LibRaw::parseAdobeRAFMakernote()' {_ZN6LibRaw22parseAdobeRAFMakernoteEv}
'int LibRaw::parseCR3(long long unsigned int, long long unsigned int, short int&, char*, short int&, short int&)' {ZN6LibRaw8parseCR3EyyRsPcS0_S0}
'void LibRaw::parseCanonMakernotes(unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw20parseCanonMakernotesEjjjj}
'void LibRaw::parseEpsonMakernote(int, int, unsigned int)' {_ZN6LibRaw19parseEpsonMakernoteEiij}
'void LibRaw::parseFujiMakernotes(unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw19parseFujiMakernotesEjjjj}
'void LibRaw::parseHassyModel()' {_ZN6LibRaw15parseHassyModelEv}
'int LibRaw::parseLeicaInternalBodySerial(unsigned int)' {_ZN6LibRaw28parseLeicaInternalBodySerialEj}
'void LibRaw::parseLeicaLensID()' {_ZN6LibRaw16parseLeicaLensIDEv}
'int LibRaw::parseLeicaLensName(unsigned int)' {_ZN6LibRaw18parseLeicaLensNameEj}
'void LibRaw::parseLeicaMakernote(int, int, unsigned int)' {_ZN6LibRaw19parseLeicaMakernoteEiij}
'void LibRaw::parseNikonMakernote(int, int, unsigned int)' {_ZN6LibRaw19parseNikonMakernoteEiij}
'void LibRaw::parseOlympus_CameraSettings(int, unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw27parseOlympus_CameraSettingsEijjjj}
'void LibRaw::parseOlympus_Equipment(unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw22parseOlympus_EquipmentEjjjj}
'void LibRaw::parseOlympus_ImageProcessing(unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw28parseOlympus_ImageProcessingEjjjj}
'void LibRaw::parseOlympus_RawInfo(unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw20parseOlympus_RawInfoEjjjj}
'void LibRaw::parsePentaxMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw21parsePentaxMakernotesEijjjj}
'void LibRaw::parseRicohMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw20parseRicohMakernotesEijjjj}
'void LibRaw::parseSamsungMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw22parseSamsungMakernotesEijjjj}
'void LibRaw::parseSigmaMakernote(int, int, unsigned int)' {_ZN6LibRaw19parseSigmaMakernoteEiij}
'void LibRaw::parseSonyMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&, uchar*&, ushort&)' {ZN6LibRaw19parseSonyMakernotesEijjjjRPhRtS1_S2_S1_S2_S1_S2_S1_S2_S1_S2_S1_S2_S1_S2_S1_S2}
'void LibRaw::parseSonySR2(uchar*, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw12parseSonySR2EPhjjj}
'void LibRaw::parseSonySRF(unsigned int)' {_ZN6LibRaw12parseSonySRFEj}
'void LibRaw::parse_exif_interop(int)' {_ZN6LibRaw18parse_exif_interopEi}
'void LibRaw::parse_kyocera()' {_ZN6LibRaw13parse_kyoceraEv}
'void LibRaw::processCanonCameraInfo(long long unsigned int, uchar*, unsigned int, unsigned int, unsigned int)' {_ZN6LibRaw22processCanonCameraInfoEyPhjjj}
'void LibRaw::process_Hassy_Lens(int)' {_ZN6LibRaw18process_Hassy_LensEi}
'void LibRaw::process_Sony_0x0116(uchar*, ushort, long long unsigned int)' {_ZN6LibRaw19process_Sony_0x0116EPhty}
'void LibRaw::process_Sony_0x9050(uchar*, ushort, long long unsigned int)' {_ZN6LibRaw19process_Sony_0x9050EPhty}
'void LibRaw::process_Sony_0x9400(uchar*, ushort, long long unsigned int)' {_ZN6LibRaw19process_Sony_0x9400EPhty}
'void LibRaw::process_Sony_0x940e(uchar*, ushort, long long unsigned int)' {_ZN6LibRaw19process_Sony_0x940eEPhty}
'void LibRaw::removeExcessiveSpaces()' {_ZN6LibRaw21removeExcessiveSpacesEPc}
'void LibRaw::remove_caseSubstr(char*)' {ZN6LibRaw17remove_caseSubstrEPcS0}
'void LibRaw::remove_trailing_spaces(size_t)' {_ZN6LibRaw22remove_trailing_spacesEPcm}
'void LibRaw::selectCRXTrack(short int)' {_ZN6LibRaw14selectCRXTrackEs}
'void LibRaw::setCanonBodyFeatures(long long unsigned int)' {_ZN6LibRaw20setCanonBodyFeaturesEy}
'void LibRaw::setLeicaBodyFeatures(int)' {_ZN6LibRaw20setLeicaBodyFeaturesEi}
'int LibRaw::setMakeFromIndex(unsigned int)' {_ZN6LibRaw16setMakeFromIndexEj}
'void LibRaw::setPentaxBodyFeatures(long long unsigned int)' {_ZN6LibRaw21setPentaxBodyFeaturesEy}
'void LibRaw::setPhaseOneFeatures(long long unsigned int)' {_ZN6LibRaw19setPhaseOneFeaturesEy}
'void LibRaw::setSonyBodyFeatures(long long unsigned int)' {_ZN6LibRaw19setSonyBodyFeaturesEy}
'double LibRaw::sgetreal(int, uchar*)' {_ZN6LibRaw8sgetrealEiPh}
'char* LibRaw::strcasestr(const char*)' {_ZN6LibRaw10strcasestrEPcPKc}
'int LibRaw::stread(size_t, LibRaw_abstract_datastream*)' {_ZN6LibRaw6streadEPcmP26LibRaw_abstract_datastream}
'size_t LibRaw::strnlen(size_t)' {_ZN6LibRaw7strnlenEPKcm}
'short int LibRaw::tiff_sget(unsigned int, uchar*, unsigned int, INT64*, unsigned int*, unsigned int*, INT64*, unsigned int*, int*)' {_ZN6LibRaw9tiff_sgetEjPhjPxPjS2_S1_S2_Pi}
'void LibRaw::trimSpaces()' {_ZN6LibRaw10trimSpacesEPc}
'void LibRaw::unpacked_load_raw_FujiDBP()' {_ZN6LibRaw25unpacked_load_raw_FujiDBPEv}
'void LibRaw::vc5_dng_load_raw_placeholder()' {_ZN6LibRaw28vc5_dng_load_raw_placeholderEv}
'virtual void LibRaw_abstract_datastream::buffering_off()' {_ZN26LibRaw_abstract_datastream13buffering_offEv}
note that this adds a new entry to the vtable of class LibRaw_abstract_datastream
'void crxConvertPlaneLine(CrxImage*, int, int, int, int32_t*, int)' {_Z19crxConvertPlaneLineP8CrxImageiiiPii}
'int crxDecodeLine(CrxBandParam*)' {_Z13crxDecodeLineP12CrxBandParam}
'int crxDecodeLine(CrxBandParam*, uint8_t*)' {_Z13crxDecodeLineP12CrxBandParamPh}
'int crxDecodeLineNoRefPrevLine(CrxBandParam*)' {_Z26crxDecodeLineNoRefPrevLineP12CrxBandParam}
'int crxDecodeLineRounded(CrxBandParam*)' {_Z20crxDecodeLineRoundedP12CrxBandParam}
'int crxDecodeLineWithIQuantization(CrxSubband*)' {_Z30crxDecodeLineWithIQuantizationP10CrxSubband}
'int crxDecodeTopLine(CrxBandParam*)' {_Z16crxDecodeTopLineP12CrxBandParam}
'int crxDecodeTopLineNoRefPrevLine(CrxBandParam*)' {_Z29crxDecodeTopLineNoRefPrevLineP12CrxBandParam}
'int crxDecodeTopLineRounded(CrxBandParam*)' {_Z23crxDecodeTopLineRoundedP12CrxBandParam}
'int crxFreeImageData(CrxImage*)' {_Z16crxFreeImageDataP8CrxImage}
'void crxFreeSubbandData(CrxImage*, CrxPlaneComp*)' {_Z18crxFreeSubbandDataP8CrxImageP12CrxPlaneComp}
'void crxHorizontal53(int32_t*, int32_t*, CrxWaveletTransform*, uint32_t)' {_Z15crxHorizontal53PiS_P19CrxWaveletTransformj}
'int crxIdwt53FilterDecode(CrxPlaneComp*, int32_t)' {_Z21crxIdwt53FilterDecodeP12CrxPlaneCompi}
'int32_t* crxIdwt53FilterGetLine(CrxPlaneComp*, int32_t)' {_Z22crxIdwt53FilterGetLineP12CrxPlaneCompi}
'int crxIdwt53FilterInitialize(CrxPlaneComp*, int32_t)' {_Z25crxIdwt53FilterInitializeP12CrxPlaneCompi}
'int crxIdwt53FilterTransform(CrxPlaneComp*, uint32_t)' {_Z24crxIdwt53FilterTransformP12CrxPlaneCompj}
'int crxParamInit(libraw_memmgr&, CrxBandParam**, uint64_t, uint64_t, uint32_t, uint32_t, int32_t, uint32_t, LibRaw_abstract_datastream*)' {_Z12crxParamInitR13libraw_memmgrPP12CrxBandParammmjjijP26LibRaw_abstract_datastream}
'int crxReadImageHeaders(crx_data_header_t*, CrxImage*, uint8_t*, int32_t)' {_Z19crxReadImageHeadersP17crx_data_header_tP8CrxImagePhi}
'int crxReadSubbandHeaders(crx_data_header_t*, CrxImage*, CrxTile*, CrxPlaneComp*, uint8_t**, int32_t*)' {_Z21crxReadSubbandHeadersP17crx_data_header_tP8CrxImageP7CrxTileP12CrxPlaneCompPPhPi}
'int crxSetupImageData(crx_data_header_t*, CrxImage*, int16_t*, uint64_t, uint32_t, int32_t, uint8_t*)' {_Z17crxSetupImageDataP17crx_data_header_tP8CrxImagePsmjiPh}
'int crxSetupSubbandData(CrxImage*, CrxPlaneComp*, const CrxTile*, uint32_t)' {_Z19crxSetupSubbandDataP8CrxImageP12CrxPlaneCompPK7CrxTilej}
'int ifd_size_t_cmp(void*, void*)' {Z14ifd_size_t_cmpPKvS0}
'void libraw_set_output_tif(libraw_data_t*, int)' {libraw_set_output_tif}
'void pana_cs6_page_decoder::read_page()' {_ZN21pana_cs6_page_decoder9read_pageEv}
头文件内部函数变更:
libraw.h:
类LibRaw中:
参数变更:
原始:
virtual void LibRaw::lin_interpolate_loop(int[16][32], int)
virtual void LibRaw::adobe_coeff(const char, const char*, int)
变更为:
virtual void LibRaw::lin_interpolate_loop(int*, int)
virtual int LibRaw::adobe_coeff(unsigned int, const char*, int)
新增成员函数
virtual void LibRaw::crxLoadFinalizeLoopE3(void*, int)
virtual void LibRaw::crxLoadDecodeLoop(void*, int)'
成员变量变更:
删除成员变量int LibRaw::verbose
LibRaw_constants LibRaw::rgb_constants
新增成员变量:void* LibRaw::dngnegative
void* LibRaw::dngimage
libraw_types.h
结构体libraw_iparams_t中新增成员:char normalized_make[64]; char normalized_model[64]; unsigned maker_index;
结构体libraw_makernotes_t中新增:libraw_p1_makernotes_t phaseone; libraw_samsung_makernotes_t samsung; libraw_metadata_common_t common;
结构体libraw_canon_makernotes_t中新增:short MakernotesFlip; short RecordMode; short SRAWQuality; unsigned wbi; float firmware; short RF_lensID;
结构体libraw_nikon_makernotes_t中新增:int ExposureProgram;unsigned LensDataVersion; unsigned FlashInfoVersion; unsigned ColorBalanceVersion; uchar key; ushort NEFBitDepth[4]; ushort HighSpeedCropFormat; libraw_sensor_highspeed_crop_t SensorHighSpeedCrop; ushort SensorWidth; ushort SensorHeight;
结构体libraw_hasselblad_makernotes_t新增:char Sensor[8]; char SensorUnit[64]; // SU char HostBody[64]; // HB int SensorCode; int SensorSubCode; int CoatingCode; int uncropped;char CaptureSequenceInitiator[32]; char SensorUnitConnector[64]; int format; // 3FR, FFF, Imacon (H3D-39 and maybe others), Hasselblad/Phocus DNG, Adobe DNG int nIFD_CM[2]; // number of IFD containing CM int RecommendedCrop[2]; /* mnColorMatrix is in makernotes tag 0x002a; not present in .3FR files and Imacon/H3D-39 .FFF files; when present in .FFF and Phocus .DNG files, it is a copy of CM1 from .3FR; available samples contain all '1's in the first 3 elements / double mnColorMatrix[4][3];
结构体libraw_fuji_info_t中新增:ushort DRangePriority; ushort DRangePriorityAuto; ushort DRangePriorityFixed;float BrightnessCompensation;ushort CropMode;char SerialSignature[0x0c + 1]; char RAFVersion[4 + 1]; ushort RAFDataVersion; int isTSNERDTS; / DriveMode: 0 - single frame 1 - continuous low 2 - continuous high / short DriveMode;
变量名变更:float FujiExpoMidPointShift; ushort FujiDynamicRange; ushort FujiFilmMode; ushort FujiDynamicRangeSetting; ushort FujiDevelopmentDynamicRange; ushort FujiAutoDynamicRange;
变更为:float ExpoMidPointShift; ushort DynamicRange; ushort FilmMode; ushort DynamicRangeSetting; ushort DevelopmentDynamicRange; ushort AutoDynamicRange;
结构体libraw_olympus_makernotes_t中删除int OlympusCropID; ushort OlympusFrame[4];unsigned ImageStabilization;新增ushort DriveMode[5];char CameraType2[6];变更:int OlympusSensorCalibration[2];变更为int SensorCalibration[2];
结构体libraw_sony_info_t中删除uchar TimeStamp[6];新增uint8_t AFAreaModeSetting; ushort FlexibleSpotPosition[2]; uint8_t AFPointSelected; uint8_t AFPointsUsed[10]; uint8_t AFTracking; uint8_t AFType; ushort FocusLocation[4];ushort VariableLowPassFilter; unsigned LongExposureNoiseReduction; ushort HighISONoiseReduction; ushort HDR[2];ushort MeteringMode_offset; ushort ExposureProgram_offset; ushort ReleaseMode2_offset; unsigned MinoltaCamID; ushort PixelShiftGroupPrefix;unsigned PixelShiftGroupID;char nShotsInPixelShiftGroup;char numInPixelShiftGroup; ushort prd_ImageHeight, prd_ImageWidth; ushort prd_RawBitDepth;
ushort prd_StorageMethod; ushort prd_BayerPattern; ushort SonyRawFileType; ushort RAWFileType; unsigned Quality;
ushort FileFormat;
结构体libraw_kodak_makernotes_t中新增:ushort val018percent, val100percent, val170percent; short MakerNoteKodak8a; float ISOCalibrationGain; float AnalogISO;
结构体libraw_panasonic_makernotes_t中新增unsigned Multishot; / 0 is Off, 65536 is Pixel Shift / float gamma; int HighISOMultiplier[3]; / 0->R, 1->G, 2->B */
结构体libraw_pentax_makernotes_t中新增uchar MultiExposure; ushort Quality;
结构体libraw_shootinginfo_t中新增short ExposureProgram;
结构体libraw_output_params_t中新增unsigned max_raw_memory_mb;
结构体libraw_colordata_t中删除float baseline_exposure;变量unsigned cblack[4102];变更为unsigned cblack[LIBRAW_CBLACK_SIZE];新增char ImageUniqueID[64]; char RawDataUniqueID[17]; char OriginalRawFileName[64];int as_shot_wb_applied; unsigned raw_bps; int ExifColorSpace;
结构体libraw_dng_levels_t中新增float dng_fcblack[LIBRAW_CBLACK_SIZE]; float dng_fblack; float asshotneutral[4]; float baseline_exposure; float LinearResponseLimit;
结构体libraw_imgother_t中删除float FlashEC; float FlashGN; float CameraTemperature; float SensorTemperature; float SensorTemperature2; float LensTemperature; float AmbientTemperature; float BatteryTemperature; float exifAmbientTemperature; float exifHumidity; float exifPressure; float exifWaterDepth; float exifAcceleration; float exifCameraElevationAngle; float real_ISO;新增float analogbalance[4];
新增结构体libraw_metadata_common_t
结构体typedef struct { ushort cleft, ctop, cwidth, cheight; } libraw_raw_crop_t;变更为typedef struct { ushort cleft, ctop, cwidth, cheight, aspect; } libraw_raw_inset_crop_t;
头文件libraw_datastream.h中
类成员函数删除:public成员函数:virtual int subfile_open(const char *) { return -1; } virtual void subfile_close() {} virtual int tempbuffer_open(void , size_t); virtual void tempbuffer_close(); 删除protected成员变量LibRaw_abstract_datastream substream;
新增成员函数:virtual void buffering_off() {}
头文件libraw_internal.h中:
类LibRaw_constants新增变量static const double xyzd50_srgb[3][3]; static const double rgb_rgb[3][3]; static const double adobe_rgb[3][3]; static const double wide_rgb[3][3]; static const double prophoto_rgb[3][3]; static const double aces_rgb[3][3];
结构体identify_data_t中:新增int metadata_blocks;变量unsigned unique_id;变更为unsigned long long unique_id;
结构体unpacker_data_t中:新增unsigned tiff_sampleformat;crx_data_header_t crx_header[LIBRAW_CRXTRACKS_MAXCOUNT]; int crx_track_selected; short CR3_CTMDtag; short CR3_Version; int CM_found; unsigned is_NikonTransfer; unsigned is_Sony; unsigned is_pana_raw; unsigned is_4K_RAFdata; / =1 for Fuji X-A3, X-A5, X-A7, X-A10, X-A20, X-T100, XF10 / unsigned is_PentaxRicohMakernotes; / =1 for Ricoh software by Pentax, Camera DNG / unsigned dng_frames[LIBRAW_IFD_MAXCOUNT2]; / bits: 0-7: shot_select, 8-15: IFD#, 16-31: low 16 bit of newsubfile type */ unsigned short raw_stride;
结构体tiff_ifd_t中:新增extrasamples;unsigned t_filters; int t_vwidth, t_vheight, t_lm,t_tm; int t_fuji_width;int newsubfiletype;
新增结构体crx_data_header_t
头文件libraw_alloc.h中:删除类私有成员变量unsigned alloc_cnt及相关的代码。
运行用例出现其他报错,见https://github.com/LibRaw/LibRaw/issues/359
長度錯誤導致溢出,已提交PR:
1、master:!19: fix stack buffer overflow in LibRaw_buffer_datastream::gets()
2、openEuler-LTS-20.03:!16:fix stack buffer overflow in LibRaw_buffer_datastream::gets()
3、openEuler-LTS-20.03-SP1:!17:fix stack buffer overflow in LibRaw_buffer_datastream::gets()
4、openEuler-LTS-20.03-Next:!18:fix stack buffer overflow in LibRaw_buffer_datastream::gets()
5、openEuler-20.09:!20:fix stack buffer overflow in LibRaw_buffer_datastream::gets()
登录 后才可以发表评论