diff options
| author | 2023-08-07 08:03:43 +0000 | |
|---|---|---|
| committer | 2023-08-07 08:03:43 +0000 | |
| commit | aaa5985d7dc65b89970af32c6aadaa7d54d74255 (patch) | |
| tree | 42d6d70bd72c8df93090fa7e65c311d4d77256cc | |
| parent | [chore] Remove go-playground/validator (#2069) (diff) | |
| download | gotosocial-aaa5985d7dc65b89970af32c6aadaa7d54d74255.tar.xz | |
[chore]: Bump golang.org/x/image from 0.9.0 to 0.11.0 (#2074)
| -rw-r--r-- | go.mod | 4 | ||||
| -rw-r--r-- | go.sum | 8 | ||||
| -rw-r--r-- | vendor/golang.org/x/image/bmp/reader.go | 14 | ||||
| -rw-r--r-- | vendor/golang.org/x/image/tiff/reader.go | 33 | ||||
| -rw-r--r-- | vendor/golang.org/x/text/language/match.go | 2 | ||||
| -rw-r--r-- | vendor/modules.txt | 4 | 
6 files changed, 48 insertions, 17 deletions
| @@ -61,10 +61,10 @@ require (  	go.uber.org/automaxprocs v1.5.3  	golang.org/x/crypto v0.11.0  	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 -	golang.org/x/image v0.9.0 +	golang.org/x/image v0.11.0  	golang.org/x/net v0.12.0  	golang.org/x/oauth2 v0.10.0 -	golang.org/x/text v0.11.0 +	golang.org/x/text v0.12.0  	gopkg.in/mcuadros/go-syslog.v2 v2.3.0  	gopkg.in/yaml.v3 v3.0.1  	modernc.org/sqlite v1.24.0 @@ -713,8 +713,8 @@ golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnL  golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=  golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=  golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.9.0 h1:QrzfX26snvCM20hIhBwuHI/ThTg18b/+kcKdXHvnR+g= -golang.org/x/image v0.9.0/go.mod h1:jtrku+n79PfroUbvDdeUWMAI+heR786BofxrbiSF+J0= +golang.org/x/image v0.11.0 h1:ds2RoQvBvYTiJkwpSFDwCcDFNX7DqjL2WsUgTNk0Ooo= +golang.org/x/image v0.11.0/go.mod h1:bglhjqbqVuEb9e9+eNR45Jfu7D+T4Qan+NhQk8Ck2P8=  golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=  golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=  golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -883,8 +883,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=  golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=  golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=  golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=  golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=  golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=  golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/vendor/golang.org/x/image/bmp/reader.go b/vendor/golang.org/x/image/bmp/reader.go index e165c2e39..1939c1120 100644 --- a/vendor/golang.org/x/image/bmp/reader.go +++ b/vendor/golang.org/x/image/bmp/reader.go @@ -191,14 +191,22 @@ func decodeConfig(r io.Reader) (config image.Config, bitsPerPixel int, topDown b  	}  	switch bpp {  	case 8: -		if offset != fileHeaderLen+infoLen+256*4 { +		colorUsed := readUint32(b[46:50]) +		// If colorUsed is 0, it is set to the maximum number of colors for the given bpp, which is 2^bpp. +		if colorUsed == 0 { +			colorUsed = 256 +		} else if colorUsed > 256 {  			return image.Config{}, 0, false, false, ErrUnsupported  		} -		_, err = io.ReadFull(r, b[:256*4]) + +		if offset != fileHeaderLen+infoLen+colorUsed*4 { +			return image.Config{}, 0, false, false, ErrUnsupported +		} +		_, err = io.ReadFull(r, b[:colorUsed*4])  		if err != nil {  			return image.Config{}, 0, false, false, err  		} -		pcm := make(color.Palette, 256) +		pcm := make(color.Palette, colorUsed)  		for i := range pcm {  			// BMP images are stored in BGR order rather than RGB order.  			// Every 4th byte is padding. diff --git a/vendor/golang.org/x/image/tiff/reader.go b/vendor/golang.org/x/image/tiff/reader.go index 45cc056f4..f31569b6d 100644 --- a/vendor/golang.org/x/image/tiff/reader.go +++ b/vendor/golang.org/x/image/tiff/reader.go @@ -8,13 +8,13 @@  package tiff // import "golang.org/x/image/tiff"  import ( +	"bytes"  	"compress/zlib"  	"encoding/binary"  	"fmt"  	"image"  	"image/color"  	"io" -	"io/ioutil"  	"math"  	"golang.org/x/image/ccitt" @@ -579,6 +579,11 @@ func newDecoder(r io.Reader) (*decoder, error) {  	default:  		return nil, UnsupportedError("color model")  	} +	if d.firstVal(tPhotometricInterpretation) != pRGB { +		if len(d.features[tBitsPerSample]) != 1 { +			return nil, UnsupportedError("extra samples") +		} +	}  	return d, nil  } @@ -629,6 +634,13 @@ func Decode(r io.Reader) (img image.Image, err error) {  		blockWidth = int(d.firstVal(tTileWidth))  		blockHeight = int(d.firstVal(tTileLength)) +		// The specification says that tile widths and lengths must be a multiple of 16. +		// We currently permit invalid sizes, but reject anything too small to limit the +		// amount of work a malicious input can force us to perform. +		if blockWidth < 8 || blockHeight < 8 { +			return nil, FormatError("tile size is too small") +		} +  		if blockWidth != 0 {  			blocksAcross = (d.config.Width + blockWidth - 1) / blockWidth  		} @@ -681,6 +693,11 @@ func Decode(r io.Reader) (img image.Image, err error) {  		}  	} +	if blocksAcross == 0 || blocksDown == 0 { +		return +	} +	// Maximum data per pixel is 8 bytes (RGBA64). +	blockMaxDataSize := int64(blockWidth) * int64(blockHeight) * 8  	for i := 0; i < blocksAcross; i++ {  		blkW := blockWidth  		if !blockPadding && i == blocksAcross-1 && d.config.Width%blockWidth != 0 { @@ -708,15 +725,15 @@ func Decode(r io.Reader) (img image.Image, err error) {  				inv := d.firstVal(tPhotometricInterpretation) == pWhiteIsZero  				order := ccittFillOrder(d.firstVal(tFillOrder))  				r := ccitt.NewReader(io.NewSectionReader(d.r, offset, n), order, ccitt.Group3, blkW, blkH, &ccitt.Options{Invert: inv, Align: false}) -				d.buf, err = ioutil.ReadAll(r) +				d.buf, err = readBuf(r, d.buf, blockMaxDataSize)  			case cG4:  				inv := d.firstVal(tPhotometricInterpretation) == pWhiteIsZero  				order := ccittFillOrder(d.firstVal(tFillOrder))  				r := ccitt.NewReader(io.NewSectionReader(d.r, offset, n), order, ccitt.Group4, blkW, blkH, &ccitt.Options{Invert: inv, Align: false}) -				d.buf, err = ioutil.ReadAll(r) +				d.buf, err = readBuf(r, d.buf, blockMaxDataSize)  			case cLZW:  				r := lzw.NewReader(io.NewSectionReader(d.r, offset, n), lzw.MSB, 8) -				d.buf, err = ioutil.ReadAll(r) +				d.buf, err = readBuf(r, d.buf, blockMaxDataSize)  				r.Close()  			case cDeflate, cDeflateOld:  				var r io.ReadCloser @@ -724,7 +741,7 @@ func Decode(r io.Reader) (img image.Image, err error) {  				if err != nil {  					return nil, err  				} -				d.buf, err = ioutil.ReadAll(r) +				d.buf, err = readBuf(r, d.buf, blockMaxDataSize)  				r.Close()  			case cPackBits:  				d.buf, err = unpackBits(io.NewSectionReader(d.r, offset, n)) @@ -748,6 +765,12 @@ func Decode(r io.Reader) (img image.Image, err error) {  	return  } +func readBuf(r io.Reader, buf []byte, lim int64) ([]byte, error) { +	b := bytes.NewBuffer(buf[:0]) +	_, err := b.ReadFrom(io.LimitReader(r, lim)) +	return b.Bytes(), err +} +  func init() {  	image.RegisterFormat("tiff", leHeader, Decode, DecodeConfig)  	image.RegisterFormat("tiff", beHeader, Decode, DecodeConfig) diff --git a/vendor/golang.org/x/text/language/match.go b/vendor/golang.org/x/text/language/match.go index ee45f4947..1153baf29 100644 --- a/vendor/golang.org/x/text/language/match.go +++ b/vendor/golang.org/x/text/language/match.go @@ -434,7 +434,7 @@ func newMatcher(supported []Tag, options []MatchOption) *matcher {  	// (their canonicalization simply substitutes a different language code, but  	// nothing else), the match confidence is Exact, otherwise it is High.  	for i, lm := range language.AliasMap { -		// If deprecated codes match and there is no fiddling with the script or +		// If deprecated codes match and there is no fiddling with the script  		// or region, we consider it an exact match.  		conf := Exact  		if language.AliasTypes[i] != language.Macro { diff --git a/vendor/modules.txt b/vendor/modules.txt index 63946d3f7..a96d7eed3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -839,7 +839,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf  ## explicit; go 1.20  golang.org/x/exp/constraints  golang.org/x/exp/slices -# golang.org/x/image v0.9.0 +# golang.org/x/image v0.11.0  ## explicit; go 1.12  golang.org/x/image/bmp  golang.org/x/image/ccitt @@ -882,7 +882,7 @@ golang.org/x/sys/internal/unsafeheader  golang.org/x/sys/unix  golang.org/x/sys/windows  golang.org/x/sys/windows/registry -# golang.org/x/text v0.11.0 +# golang.org/x/text v0.12.0  ## explicit; go 1.17  golang.org/x/text/cases  golang.org/x/text/internal | 
