Skip to content

Commit

Permalink
feat(cli): switch from cute_png to libpng
Browse files Browse the repository at this point in the history
This addresses security vulnerabilities in the CLI.
libpng is designed to handle untrusted inputs.
  • Loading branch information
dbohdan committed Oct 3, 2024
1 parent b80fc20 commit 877cf21
Show file tree
Hide file tree
Showing 7 changed files with 331 additions and 161 deletions.
68 changes: 51 additions & 17 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,41 +1,29 @@
name: CI
on: [push, pull_request]
jobs:
test-ubuntu:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo .github/workflows/install-deps.sh
- name: Test
run: |
gmake test
test-bsd:
bsd:
runs-on: ${{ matrix.os.host }}
strategy:
matrix:
os:
- name: freebsd
architecture: x86-64
version: '13.2'
version: '14.1'
host: ubuntu-latest
- name: netbsd
architecture: x86-64
version: '9.3'
version: '10.0'
host: ubuntu-latest
- name: openbsd
architecture: x86-64
version: '7.4'
version: '7.5'
host: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Run CI script on ${{ matrix.os.name }}
uses: cross-platform-actions/action@v0.24.0
uses: cross-platform-actions/action@v0.25.0
with:
operating_system: ${{ matrix.os.name }}
architecture: ${{ matrix.os.architecture }}
Expand All @@ -47,3 +35,49 @@ jobs:
# See https://github.com/cross-platform-actions/action/issues/75
sudo .github/workflows/install-deps.sh
gmake test
linux:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Install dependencies
run: |
sudo .github/workflows/install-deps.sh
- name: Test
run: |
gmake test
windows:
runs-on: windows-latest
steps:
- name: 'Disable `autocrlf` in Git'
run: git config --global core.autocrlf false

- name: Checkout
uses: actions/checkout@v4

- name: Set up MSYS2
uses: msys2/setup-msys2@v2
with:
update: true
install: |
make
mingw-w64-i686-gcc
mingw-w64-i686-libpng
mingw-w64-i686-zlib
tcl
- name: Test
shell: msys2 {0}
run: |
make test
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: hicolor-win32
path: |
hicolor.exe
6 changes: 3 additions & 3 deletions .github/workflows/install-deps.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@ if [ "$(uname)" = Linux ]; then
fi

if [ "$(uname)" = FreeBSD ]; then
pkg install -y gmake GraphicsMagick tcl86
pkg install -y gmake GraphicsMagick png tcl86
ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh
fi

if [ "$(uname)" = NetBSD ]; then
pkgin -y install gmake GraphicsMagick tcl
pkgin -y install gmake GraphicsMagick png tcl zlib
fi

if [ "$(uname)" = OpenBSD ]; then
pkg_add -I gmake GraphicsMagick tcl%8.6
pkg_add -I gmake GraphicsMagick png tcl%8.6
ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh
fi
11 changes: 3 additions & 8 deletions GNUmakefile
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
WIN32_CC ?= i686-w64-mingw32-gcc
CFLAGS ?= -g -O3 -static -ffunction-sections -fdata-sections -Wl,--gc-sections -lm -Wall -Wextra
CFLAGS ?= -g -O3 -static -ffunction-sections -fdata-sections -Wl,--gc-sections -Wall -Wextra -lpng -lm -lz
PREFIX ?= /usr/local

all: hicolor

hicolor: cli.c hicolor.h vendor/cute_png.h
$(CC) $< -o $@ $(CFLAGS)
hicolor.exe: cli.c hicolor.h vendor/cute_png.h
$(WIN32_CC) $< -o $@ $(CFLAGS)
clean: clean-no-ext clean-exe
clean-no-ext:
-rm -f hicolor
Expand All @@ -21,11 +18,9 @@ install-include: hicolor.h
install -m 0644 $< $(DESTDIR)$(PREFIX)/include

release: clean-no-ext test
cp hicolor hicolor-v"$$(./hicolor version)"-"$$(uname | tr 'A-Z' 'a-z')"-"$$(uname -m)"
cp hicolor hicolor-v"$$(./hicolor version | head -n 1 | awk '{ print $$2 }')"-"$$(uname | tr 'A-Z' 'a-z')"-"$$(uname -m)"

test: all
tests/hicolor.test
test-wine: hicolor.exe
HICOLOR_COMMAND='wine ../hicolor.exe' WINEDEBUG=-all tests/hicolor.test

.PHONY: all clean install-bin install-include test test-wine
.PHONY: all clean install-bin install-include test
22 changes: 6 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,6 @@ It is known to work on Linux (aarch64, i386, riscv64, x86_64), FreeBSD, NetBSD,

## Known bugs and limitations

### Security

The command-line version of HiColor (but not the library) uses [cute_png](https://github.com/RandyGaul/cute_headers) to read PNG files.
cute_png is intended for trusted input.
This means that a maliciously-crafted PNG file could hack the HiColor CLI.
To be safe, only feed HiColor PNG files you created yourself.
Recompress PNG files from the Internet with a trusted program.

### PNG file size

PNG files produced by HiColor are not optimized.
Expand Down Expand Up @@ -114,16 +106,14 @@ sudo apt install -y build-essential graphicsmagick tclsh
gmake test
```

### Cross-compiling for Windows
### Windows

The following commands build a 32-bit executable for Windows.
Install [MSYS2](https://www.msys2.org/),
then run the following commands to build an x86 executable for Windows.

```sh
sudo apt install -y build-essential gcc-mingw-w64-i686
gmake hicolor.exe
# Wine, Tcl, and GraphicsMagick are needed only for testing.
sudo apt install -y graphicsmagick tclsh wine
gmake test-wine
pacman -Syu make mingw-w64-i686-gcc mingw-w64-i686-libpng mingw-w64-i686-zlib tcl
gmake test
```

## Alternatives
Expand All @@ -142,7 +132,7 @@ What differentiates HiColor is being a small dedicated tool and embeddable C lib

MIT.

[cute_png](https://github.com/RandyGaul/cute_headers/) is copyright (c) 2019, 2021-2023 Randy Gaul and is licensed under the zlib license.
HiColor uses [libpng](http://www.libpng.org/pub/png/libpng.html) and [zlib](https://www.zlib.net/).

### Photos from Unsplash

Expand Down
Loading

0 comments on commit 877cf21

Please sign in to comment.