From 032d4282d33f4597ff78a7178d281265f0d10884 Mon Sep 17 00:00:00 2001 From: Larry Gritz Date: Thu, 25 Jun 2026 14:50:46 -0500 Subject: [PATCH 1/2] fix(hdr): validate resolution to find corrupted files Signed-off-by: Larry Gritz --- src/hdr.imageio/hdrinput.cpp | 5 +++++ testsuite/hdr/ref/out.txt | 3 +++ testsuite/hdr/run.py | 3 +++ testsuite/hdr/src/crash-res.hdr | 4 ++++ testsuite/runtest.py | 3 ++- 5 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 testsuite/hdr/src/crash-res.hdr diff --git a/src/hdr.imageio/hdrinput.cpp b/src/hdr.imageio/hdrinput.cpp index 9627b9b3ed..3fa9eb518e 100644 --- a/src/hdr.imageio/hdrinput.cpp +++ b/src/hdr.imageio/hdrinput.cpp @@ -246,6 +246,11 @@ HdrInput::open(const std::string& name, ImageSpec& newspec) } m_spec.full_width = m_spec.width; m_spec.full_height = m_spec.height; + // Validation of resolution + if (!check_open(m_spec, { 0, 65535, 0, 65535, 0, 1, 0, 4 })) { + close(); + return false; + } // FIXME -- should we do anything about exposure, software, // pixaspect, primaries? (N.B. rgbe.c doesn't even handle most of them) diff --git a/testsuite/hdr/ref/out.txt b/testsuite/hdr/ref/out.txt index a6259f4031..e4fbc081ee 100644 --- a/testsuite/hdr/ref/out.txt +++ b/testsuite/hdr/ref/out.txt @@ -22,3 +22,6 @@ MtTamWest.hdr : 1214 x 732, 3 channel, float hdr Stats FiniteCount: 888648 888648 888648 888648 Constant: No Monochrome: No +oiiotool ERROR: read : "src/crash-res.hdr": hdr image resolution may not exceed 65535x65535, but the file appears to be 8888888x4. Possible corrupt input? +Full command line was: +> oiiotool -nostderr -oiioattrib try_all_readers 0 src/crash-res.hdr -o test.exr diff --git a/testsuite/hdr/run.py b/testsuite/hdr/run.py index 022f9677c2..3c21d3d05b 100755 --- a/testsuite/hdr/run.py +++ b/testsuite/hdr/run.py @@ -11,3 +11,6 @@ command += oiiotool ("-v -info -stats MtTamWest.hdr") # To double check, get stats on the original for comparison -- should be close command += oiiotool ("-stats " + OIIO_TESTSUITE_IMAGEDIR+"/ScanLines/MtTamWest.exr") + +# Regression test: invalid resolution +command += oiiotool ("-nostderr -oiioattrib try_all_readers 0 src/crash-res.hdr -o test.exr", failureok = True) diff --git a/testsuite/hdr/src/crash-res.hdr b/testsuite/hdr/src/crash-res.hdr new file mode 100644 index 0000000000..e9b45e1445 --- /dev/null +++ b/testsuite/hdr/src/crash-res.hdr @@ -0,0 +1,4 @@ + +FORMAT=32-bit_rle_rgbe + +-Y4 +X8888888A'8 \ No newline at end of file diff --git a/testsuite/runtest.py b/testsuite/runtest.py index f2279c29ac..9ee9eb0157 100755 --- a/testsuite/runtest.py +++ b/testsuite/runtest.py @@ -337,7 +337,8 @@ def iconvert (args: str, silent: bool=False, concat: bool=True, # Construct a command that will run oiiotool and append its output to out.txt -def oiiotool (args: str, silent: bool=False, concat: bool=True, failureok: bool=False) -> str: +def oiiotool (args: str, silent: bool=False, concat: bool=True, + failureok: bool=False) -> str: cmd = (oiio_app("oiiotool") + " " + args) if not silent : cmd += redirect From eddb180560bbf924a4ef8d17a0a605c634a60f8b Mon Sep 17 00:00:00 2001 From: Larry Gritz Date: Sat, 27 Jun 2026 11:11:02 -0400 Subject: [PATCH 2/2] Fix Windows issue with test file being checked out incorrectly as ascii Signed-off-by: Larry Gritz --- .gitattributes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitattributes b/.gitattributes index 65e2b307d4..4d33ffc379 100644 --- a/.gitattributes +++ b/.gitattributes @@ -9,3 +9,9 @@ *.h linguist-language=C++ src/libOpenImageIO/bluenoise.inc -linguist-detectable + +# Image test fixtures are binary and must never be CRLF-converted on +# checkout. Some (e.g. tiny/corrupt HDR files) are mostly ASCII and would +# otherwise be misdetected as text, breaking byte-exact reader tests. +*.hdr binary +*.rgbe binary