[chore]: Bump golang.org/x/image from 0.9.0 to 0.11.0 (#2074)

This commit is contained in:
dependabot[bot] 2023-08-07 08:03:43 +00:00 committed by GitHub
parent c1375ca5c1
commit aaa5985d7d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 48 additions and 17 deletions

4
go.mod
View file

@ -61,10 +61,10 @@ require (
go.uber.org/automaxprocs v1.5.3 go.uber.org/automaxprocs v1.5.3
golang.org/x/crypto v0.11.0 golang.org/x/crypto v0.11.0
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
golang.org/x/image v0.9.0 golang.org/x/image v0.11.0
golang.org/x/net v0.12.0 golang.org/x/net v0.12.0
golang.org/x/oauth2 v0.10.0 golang.org/x/oauth2 v0.10.0
golang.org/x/text v0.11.0 golang.org/x/text v0.12.0
gopkg.in/mcuadros/go-syslog.v2 v2.3.0 gopkg.in/mcuadros/go-syslog.v2 v2.3.0
gopkg.in/yaml.v3 v3.0.1 gopkg.in/yaml.v3 v3.0.1
modernc.org/sqlite v1.24.0 modernc.org/sqlite v1.24.0

8
go.sum
View file

@ -713,8 +713,8 @@ golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnL
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.9.0 h1:QrzfX26snvCM20hIhBwuHI/ThTg18b/+kcKdXHvnR+g= golang.org/x/image v0.11.0 h1:ds2RoQvBvYTiJkwpSFDwCcDFNX7DqjL2WsUgTNk0Ooo=
golang.org/x/image v0.9.0/go.mod h1:jtrku+n79PfroUbvDdeUWMAI+heR786BofxrbiSF+J0= golang.org/x/image v0.11.0/go.mod h1:bglhjqbqVuEb9e9+eNR45Jfu7D+T4Qan+NhQk8Ck2P8=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@ -883,8 +883,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

View file

@ -191,14 +191,22 @@ func decodeConfig(r io.Reader) (config image.Config, bitsPerPixel int, topDown b
} }
switch bpp { switch bpp {
case 8: case 8:
if offset != fileHeaderLen+infoLen+256*4 { colorUsed := readUint32(b[46:50])
// If colorUsed is 0, it is set to the maximum number of colors for the given bpp, which is 2^bpp.
if colorUsed == 0 {
colorUsed = 256
} else if colorUsed > 256 {
return image.Config{}, 0, false, false, ErrUnsupported return image.Config{}, 0, false, false, ErrUnsupported
} }
_, err = io.ReadFull(r, b[:256*4])
if offset != fileHeaderLen+infoLen+colorUsed*4 {
return image.Config{}, 0, false, false, ErrUnsupported
}
_, err = io.ReadFull(r, b[:colorUsed*4])
if err != nil { if err != nil {
return image.Config{}, 0, false, false, err return image.Config{}, 0, false, false, err
} }
pcm := make(color.Palette, 256) pcm := make(color.Palette, colorUsed)
for i := range pcm { for i := range pcm {
// BMP images are stored in BGR order rather than RGB order. // BMP images are stored in BGR order rather than RGB order.
// Every 4th byte is padding. // Every 4th byte is padding.

View file

@ -8,13 +8,13 @@
package tiff // import "golang.org/x/image/tiff" package tiff // import "golang.org/x/image/tiff"
import ( import (
"bytes"
"compress/zlib" "compress/zlib"
"encoding/binary" "encoding/binary"
"fmt" "fmt"
"image" "image"
"image/color" "image/color"
"io" "io"
"io/ioutil"
"math" "math"
"golang.org/x/image/ccitt" "golang.org/x/image/ccitt"
@ -579,6 +579,11 @@ func newDecoder(r io.Reader) (*decoder, error) {
default: default:
return nil, UnsupportedError("color model") return nil, UnsupportedError("color model")
} }
if d.firstVal(tPhotometricInterpretation) != pRGB {
if len(d.features[tBitsPerSample]) != 1 {
return nil, UnsupportedError("extra samples")
}
}
return d, nil return d, nil
} }
@ -629,6 +634,13 @@ func Decode(r io.Reader) (img image.Image, err error) {
blockWidth = int(d.firstVal(tTileWidth)) blockWidth = int(d.firstVal(tTileWidth))
blockHeight = int(d.firstVal(tTileLength)) blockHeight = int(d.firstVal(tTileLength))
// The specification says that tile widths and lengths must be a multiple of 16.
// We currently permit invalid sizes, but reject anything too small to limit the
// amount of work a malicious input can force us to perform.
if blockWidth < 8 || blockHeight < 8 {
return nil, FormatError("tile size is too small")
}
if blockWidth != 0 { if blockWidth != 0 {
blocksAcross = (d.config.Width + blockWidth - 1) / blockWidth blocksAcross = (d.config.Width + blockWidth - 1) / blockWidth
} }
@ -681,6 +693,11 @@ func Decode(r io.Reader) (img image.Image, err error) {
} }
} }
if blocksAcross == 0 || blocksDown == 0 {
return
}
// Maximum data per pixel is 8 bytes (RGBA64).
blockMaxDataSize := int64(blockWidth) * int64(blockHeight) * 8
for i := 0; i < blocksAcross; i++ { for i := 0; i < blocksAcross; i++ {
blkW := blockWidth blkW := blockWidth
if !blockPadding && i == blocksAcross-1 && d.config.Width%blockWidth != 0 { if !blockPadding && i == blocksAcross-1 && d.config.Width%blockWidth != 0 {
@ -708,15 +725,15 @@ func Decode(r io.Reader) (img image.Image, err error) {
inv := d.firstVal(tPhotometricInterpretation) == pWhiteIsZero inv := d.firstVal(tPhotometricInterpretation) == pWhiteIsZero
order := ccittFillOrder(d.firstVal(tFillOrder)) order := ccittFillOrder(d.firstVal(tFillOrder))
r := ccitt.NewReader(io.NewSectionReader(d.r, offset, n), order, ccitt.Group3, blkW, blkH, &ccitt.Options{Invert: inv, Align: false}) r := ccitt.NewReader(io.NewSectionReader(d.r, offset, n), order, ccitt.Group3, blkW, blkH, &ccitt.Options{Invert: inv, Align: false})
d.buf, err = ioutil.ReadAll(r) d.buf, err = readBuf(r, d.buf, blockMaxDataSize)
case cG4: case cG4:
inv := d.firstVal(tPhotometricInterpretation) == pWhiteIsZero inv := d.firstVal(tPhotometricInterpretation) == pWhiteIsZero
order := ccittFillOrder(d.firstVal(tFillOrder)) order := ccittFillOrder(d.firstVal(tFillOrder))
r := ccitt.NewReader(io.NewSectionReader(d.r, offset, n), order, ccitt.Group4, blkW, blkH, &ccitt.Options{Invert: inv, Align: false}) r := ccitt.NewReader(io.NewSectionReader(d.r, offset, n), order, ccitt.Group4, blkW, blkH, &ccitt.Options{Invert: inv, Align: false})
d.buf, err = ioutil.ReadAll(r) d.buf, err = readBuf(r, d.buf, blockMaxDataSize)
case cLZW: case cLZW:
r := lzw.NewReader(io.NewSectionReader(d.r, offset, n), lzw.MSB, 8) r := lzw.NewReader(io.NewSectionReader(d.r, offset, n), lzw.MSB, 8)
d.buf, err = ioutil.ReadAll(r) d.buf, err = readBuf(r, d.buf, blockMaxDataSize)
r.Close() r.Close()
case cDeflate, cDeflateOld: case cDeflate, cDeflateOld:
var r io.ReadCloser var r io.ReadCloser
@ -724,7 +741,7 @@ func Decode(r io.Reader) (img image.Image, err error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
d.buf, err = ioutil.ReadAll(r) d.buf, err = readBuf(r, d.buf, blockMaxDataSize)
r.Close() r.Close()
case cPackBits: case cPackBits:
d.buf, err = unpackBits(io.NewSectionReader(d.r, offset, n)) d.buf, err = unpackBits(io.NewSectionReader(d.r, offset, n))
@ -748,6 +765,12 @@ func Decode(r io.Reader) (img image.Image, err error) {
return return
} }
func readBuf(r io.Reader, buf []byte, lim int64) ([]byte, error) {
b := bytes.NewBuffer(buf[:0])
_, err := b.ReadFrom(io.LimitReader(r, lim))
return b.Bytes(), err
}
func init() { func init() {
image.RegisterFormat("tiff", leHeader, Decode, DecodeConfig) image.RegisterFormat("tiff", leHeader, Decode, DecodeConfig)
image.RegisterFormat("tiff", beHeader, Decode, DecodeConfig) image.RegisterFormat("tiff", beHeader, Decode, DecodeConfig)

View file

@ -434,7 +434,7 @@ func newMatcher(supported []Tag, options []MatchOption) *matcher {
// (their canonicalization simply substitutes a different language code, but // (their canonicalization simply substitutes a different language code, but
// nothing else), the match confidence is Exact, otherwise it is High. // nothing else), the match confidence is Exact, otherwise it is High.
for i, lm := range language.AliasMap { for i, lm := range language.AliasMap {
// If deprecated codes match and there is no fiddling with the script or // If deprecated codes match and there is no fiddling with the script
// or region, we consider it an exact match. // or region, we consider it an exact match.
conf := Exact conf := Exact
if language.AliasTypes[i] != language.Macro { if language.AliasTypes[i] != language.Macro {

4
vendor/modules.txt vendored
View file

@ -839,7 +839,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
## explicit; go 1.20 ## explicit; go 1.20
golang.org/x/exp/constraints golang.org/x/exp/constraints
golang.org/x/exp/slices golang.org/x/exp/slices
# golang.org/x/image v0.9.0 # golang.org/x/image v0.11.0
## explicit; go 1.12 ## explicit; go 1.12
golang.org/x/image/bmp golang.org/x/image/bmp
golang.org/x/image/ccitt golang.org/x/image/ccitt
@ -882,7 +882,7 @@ golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/unix golang.org/x/sys/unix
golang.org/x/sys/windows golang.org/x/sys/windows
golang.org/x/sys/windows/registry golang.org/x/sys/windows/registry
# golang.org/x/text v0.11.0 # golang.org/x/text v0.12.0
## explicit; go 1.17 ## explicit; go 1.17
golang.org/x/text/cases golang.org/x/text/cases
golang.org/x/text/internal golang.org/x/text/internal