Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 5 commits
- 7 files changed
- 4 contributors
Commits on Dec 19, 2023
-
webp: disallow multiple VP8X chunks
Per the spec, there should only be one. A malformed image containing multiple VP8X chunks can cause unexpected memory usage, since DecodeConfig will only parse the first chunk, which contains the canvas size, but a subsequent chunk can indicate a significantly larger canvas, which we will then try to allocate a buffer for. Change-Id: I240ae76162f4293f6e6991020d18d4d3270cb9b6 Reviewed-on: https://go-review.googlesource.com/c/image/+/551416 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> Auto-Submit: Roland Shoemaker <[email protected]>
Commits on Apr 16, 2024
-
tiff: fix function name in comment
Change-Id: I33d53b519cd495e5b576ad5a3d142abb215a8b1e Reviewed-on: https://go-review.googlesource.com/c/image/+/579176 Reviewed-by: qiu laidongfeng2 <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> TryBot-Result: Gopher Robot <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Run-TryBot: shuang cui <[email protected]> Reviewed-by: Cherry Mui <[email protected]>
Commits on May 5, 2024
-
go.mod: update golang.org/x dependencies
Update golang.org/x dependencies to their latest tagged versions. Change-Id: I2e67daf6bd33b0a11d75d544f6f4a83112c7ab90 Reviewed-on: https://go-review.googlesource.com/c/image/+/583255 Auto-Submit: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Than McIntosh <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
Commits on Jun 4, 2024
-
go.mod: update golang.org/x dependencies
Update golang.org/x dependencies to their latest tagged versions. Change-Id: Iae53a313887f9b3da122cc98ef7c173afdeaff88 Reviewed-on: https://go-review.googlesource.com/c/image/+/590217 Auto-Submit: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Than McIntosh <[email protected]>
Commits on Jun 18, 2024
-
tiff: Validate palette indices when parsing palette-color images
The existing implementation will succeed to parse a corrupt or malicious image with color indices out of range of the actual palette, which will eventually result in a panic when the consumer tries to read the color at any corrupted pixel. This issue was originally discovered and filed against a downstream library: disintegration/imaging#165. This is also referenced in https://osv.dev/vulnerability/GHSA-q7pp-wcgr-pffx. Fixes golang/go#67624 Change-Id: I7d7577adb7d549ecfcd59e84e04a92d198d94c18 Reviewed-on: https://go-review.googlesource.com/c/image/+/588115 Auto-Submit: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v0.14.0...v0.18.0