Skip to content

Commit

Permalink
feat(cli): switch from cute_png to libpng
Browse files Browse the repository at this point in the history
This addresses security vulnerabilities in the CLI.
libpng is designed to handle untrusted input.
  • Loading branch information
dbohdan committed Oct 3, 2024
1 parent b80fc20 commit bf9c062
Show file tree
Hide file tree
Showing 7 changed files with 380 additions and 164 deletions.
79 changes: 62 additions & 17 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -1,41 +1,31 @@
name: CI
on: [push, pull_request]
jobs:
test-ubuntu:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo .github/workflows/install-deps.sh
- name: Test
run: |
gmake test
test-bsd:
bsd:
runs-on: ${{ matrix.os.host }}
strategy:
matrix:
os:
- name: freebsd
architecture: x86-64
version: '13.2'
version: '14.1'
host: ubuntu-latest

- name: netbsd
architecture: x86-64
version: '9.3'
version: '10.0'
host: ubuntu-latest

- name: openbsd
architecture: x86-64
version: '7.4'
version: '7.5'
host: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Run CI script on ${{ matrix.os.name }}
uses: cross-platform-actions/action@v0.24.0
uses: cross-platform-actions/action@v0.25.0
with:
operating_system: ${{ matrix.os.name }}
architecture: ${{ matrix.os.architecture }}
Expand All @@ -47,3 +37,58 @@ jobs:
# See https://github.com/cross-platform-actions/action/issues/75
sudo .github/workflows/install-deps.sh
gmake test
linux:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Install dependencies
run: |
sudo .github/workflows/install-deps.sh
- name: Test
run: |
gmake test
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: hicolor-linux-x86_64
path: |
hicolor
windows:
runs-on: windows-latest
steps:
- name: 'Disable `autocrlf` in Git'
run: git config --global core.autocrlf false

- name: Checkout
uses: actions/checkout@v4

- name: Set up MSYS2
uses: msys2/setup-msys2@v2
with:
update: true
msystem: mingw32
install: |
make
mingw-w64-i686-gcc
mingw-w64-i686-libpng
mingw-w64-i686-pkgconf
mingw-w64-i686-zlib
tcl
- name: Test
shell: msys2 {0}
run: |
make test
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: hicolor-win32
path: |
hicolor.exe
8 changes: 4 additions & 4 deletions .github/workflows/install-deps.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,19 @@
set -e

if [ "$(uname)" = Linux ]; then
apt-get install -y graphicsmagick
apt-get install -y graphicsmagick pkgconf
fi

if [ "$(uname)" = FreeBSD ]; then
pkg install -y gmake GraphicsMagick tcl86
pkg install -y gmake GraphicsMagick png pkgconf tcl86
ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh
fi

if [ "$(uname)" = NetBSD ]; then
pkgin -y install gmake GraphicsMagick tcl
pkgin -y install gmake GraphicsMagick png pkgconf tcl zlib
fi

if [ "$(uname)" = OpenBSD ]; then
pkg_add -I gmake GraphicsMagick tcl%8.6
pkg_add -I gmake GraphicsMagick png pkgconf tcl%8.6
ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh
fi
23 changes: 12 additions & 11 deletions GNUmakefile
Original file line number Diff line number Diff line change
@@ -1,18 +1,21 @@
WIN32_CC ?= i686-w64-mingw32-gcc
CFLAGS ?= -g -O3 -static -ffunction-sections -fdata-sections -Wl,--gc-sections -lm -Wall -Wextra
LIBPNG_CFLAGS ?= $(shell pkg-config --cflags libpng)
LIBPNG_LIBS ?= $(shell pkg-config --libs libpng)
ZLIB_CFLAGS ?= $(shell pkg-config --cflags zlib)
ZLIB_LIBS ?= $(shell pkg-config --libs zlib)

CFLAGS ?= -g -O3 -static -ffunction-sections -fdata-sections -Wl,--gc-sections -Wall -Wextra $(LIBPNG_CFLAGS) $(ZLIB_CFLAGS)
LIBS ?= $(LIBPNG_LIBS) $(ZLIB_LIBS) -lm
PREFIX ?= /usr/local

all: hicolor

hicolor: cli.c hicolor.h vendor/cute_png.h
$(CC) $< -o $@ $(CFLAGS)
hicolor.exe: cli.c hicolor.h vendor/cute_png.h
$(WIN32_CC) $< -o $@ $(CFLAGS)
$(CC) $< -o $@ $(CFLAGS) $(LIBS)
clean: clean-no-ext clean-exe
clean-no-ext:
-rm -f hicolor
clean-exe:
-rm -f hicolor.exe
clean-no-ext:
-rm -f hicolor

install: install-bin install-include
install-bin: hicolor
Expand All @@ -21,11 +24,9 @@ install-include: hicolor.h
install -m 0644 $< $(DESTDIR)$(PREFIX)/include

release: clean-no-ext test
cp hicolor hicolor-v"$$(./hicolor version)"-"$$(uname | tr 'A-Z' 'a-z')"-"$$(uname -m)"
cp hicolor hicolor-v"$$(./hicolor version | head -n 1 | awk '{ print $$2 }')"-"$$(uname | tr 'A-Z' 'a-z')"-"$$(uname -m)"

test: all
tests/hicolor.test
test-wine: hicolor.exe
HICOLOR_COMMAND='wine ../hicolor.exe' WINEDEBUG=-all tests/hicolor.test

.PHONY: all clean install-bin install-include test test-wine
.PHONY: all clean clean-exe clean-no-ext install install-bin install-include release test
28 changes: 13 additions & 15 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,9 @@ It is known to work on Linux (aarch64, i386, riscv64, x86_64), FreeBSD, NetBSD,

### Security

The command-line version of HiColor (but not the library) uses [cute_png](https://github.com/RandyGaul/cute_headers) to read PNG files.
cute_png is intended for trusted input.
This means that a maliciously-crafted PNG file could hack the HiColor CLI.
To be safe, only feed HiColor PNG files you created yourself.
Recompress PNG files from the Internet with a trusted program.
The command-line program (but not the library) was vulnerable to malicious PNG files
because it used a PNG library intended only for trusted input.
The vulnerabilities were fixed in version 0.6.0 by switching to libpng.

### PNG file size

Expand All @@ -80,7 +78,7 @@ Use it to create high-color images readable by other programs.
`info` displays information about a HiColor file: version (`5` for 15-bit or `6` for 16), width, and height.

```none
HiColor 0.5.0
HiColor 0.6.0
Create 15/16-bit color RGB images.
usage:
Expand All @@ -94,7 +92,7 @@ commands:
decode convert HiColor to PNG
quantize quantize PNG to PNG
info print HiColor image version and resolution
version print program version
version print version of HiColor, libpng, and zlib
help print this help message
options:
Expand All @@ -114,16 +112,15 @@ sudo apt install -y build-essential graphicsmagick tclsh
gmake test
```

### Cross-compiling for Windows
### Windows

The following commands build a 32-bit executable for Windows.
Install [MSYS2](https://www.msys2.org/).
Run the following commands in the MSYS2 mingw32 shell
to build an x86 executable for Windows.

```sh
sudo apt install -y build-essential gcc-mingw-w64-i686
gmake hicolor.exe
# Wine, Tcl, and GraphicsMagick are needed only for testing.
sudo apt install -y graphicsmagick tclsh wine
gmake test-wine
pacman -Syuu make mingw-w64-i686-gcc mingw-w64-i686-libpng mingw-w64-i686-pkgconf mingw-w64-i686-zlib tcl
make test
```

## Alternatives
Expand All @@ -142,7 +139,8 @@ What differentiates HiColor is being a small dedicated tool and embeddable C lib

MIT.

[cute_png](https://github.com/RandyGaul/cute_headers/) is copyright (c) 2019, 2021-2023 Randy Gaul and is licensed under the zlib license.
HiColor uses [libpng](http://www.libpng.org/pub/png/libpng.html) and [zlib](https://www.zlib.net/).
Follow the links for their respective licenses.

### Photos from Unsplash

Expand Down
Loading

0 comments on commit bf9c062

Please sign in to comment.