зеркало из https://github.com/golang/image.git
3bbf4a659e
The existing implementation will succeed to parse a corrupt or malicious image with color indices out of range of the actual palette, which will eventually result in a panic when the consumer tries to read the color at any corrupted pixel. This issue was originally discovered and filed against a downstream library: https://github.com/disintegration/imaging/issues/165. This is also referenced in https://osv.dev/vulnerability/GHSA-q7pp-wcgr-pffx. Fixes golang/go#67624 Change-Id: I7d7577adb7d549ecfcd59e84e04a92d198d94c18 Reviewed-on: https://go-review.googlesource.com/c/image/+/588115 Auto-Submit: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> |
||
|---|---|---|
| .. | ||
| lzw | ||
| buffer.go | ||
| buffer_test.go | ||
| compress.go | ||
| consts.go | ||
| fuzz.go | ||
| reader.go | ||
| reader_test.go | ||
| writer.go | ||
| writer_test.go | ||