From fcde95750bd5d3b105def1932994e2be7feae1d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jul 2026 14:44:37 +0000 Subject: [PATCH] build(deps): bump golang.org/x/image from 0.43.0 to 0.44.0 Bumps [golang.org/x/image](https://github.com/golang/image) from 0.43.0 to 0.44.0. - [Commits](https://github.com/golang/image/compare/v0.43.0...v0.44.0) --- updated-dependencies: - dependency-name: golang.org/x/image dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +-- .../x/image/font/opentype/opentype.go | 7 ++++ vendor/golang.org/x/image/font/sfnt/sfnt.go | 7 ++++ vendor/golang.org/x/image/tiff/reader.go | 29 ++++++++++++--- vendor/golang.org/x/image/webp/decode.go | 36 +++++++++++++++---- vendor/modules.txt | 2 +- 7 files changed, 72 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 7920dc481c..82ce8b7126 100644 --- a/go.mod +++ b/go.mod @@ -104,7 +104,7 @@ require ( go.opentelemetry.io/otel/trace v1.44.0 golang.org/x/crypto v0.53.0 golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f - golang.org/x/image v0.43.0 + golang.org/x/image v0.44.0 golang.org/x/net v0.56.0 golang.org/x/oauth2 v0.36.0 golang.org/x/sync v0.22.0 diff --git a/go.sum b/go.sum index ada33c593b..d4d95c24ab 100644 --- a/go.sum +++ b/go.sum @@ -1372,8 +1372,8 @@ golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJk golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.43.0 h1:FLxcP4ec2350nTfOC8ysKtqYSIFbk/QGjw1ZHNP4tsY= -golang.org/x/image v0.43.0/go.mod h1:rrpelvGFt+kLPAjPM4HeWPgrl0FtafueU//e5N0qk/Q= +golang.org/x/image v0.44.0 h1:+tDekMZED9+LrtB3G5xzRggpVh9CARjZqROla3R3R+I= +golang.org/x/image v0.44.0/go.mod h1:V8K3KE9KKKE+pLpQDOeN18w9oacNSvy1tDOirTu4xtY= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= diff --git a/vendor/golang.org/x/image/font/opentype/opentype.go b/vendor/golang.org/x/image/font/opentype/opentype.go index 694ac47bfe..72e83f0a20 100644 --- a/vendor/golang.org/x/image/font/opentype/opentype.go +++ b/vendor/golang.org/x/image/font/opentype/opentype.go @@ -9,6 +9,13 @@ // implementing the golang.org/x/image/font.Face interface. // // The sibling golang.org/x/image/font/sfnt package provides a low-level API. +// +// # Security Considerations +// +// This package is not hardened against malicious inputs. +// Crashes, excessive CPU or memory consumption, or similar misbehavior +// caused by malicious or corrupt inputs will be handled as ordinary bugs, +// not vulnerabilities. package opentype // import "golang.org/x/image/font/opentype" import ( diff --git a/vendor/golang.org/x/image/font/sfnt/sfnt.go b/vendor/golang.org/x/image/font/sfnt/sfnt.go index d1ef8a6a08..103aa436ea 100644 --- a/vendor/golang.org/x/image/font/sfnt/sfnt.go +++ b/vendor/golang.org/x/image/font/sfnt/sfnt.go @@ -28,6 +28,13 @@ // another io.Writer, copying the underlying TTF file, but this package does // not provide an encoder. Specifically, there is no API to build a different // TTF file, whether 'from scratch' or by modifying an existing one. +// +// # Security Considerations +// +// This package is not hardened against malicious inputs. +// Crashes, excessive CPU or memory consumption, or similar misbehavior +// caused by malicious or corrupt inputs will be handled as ordinary bugs, +// not vulnerabilities. package sfnt // import "golang.org/x/image/font/sfnt" // This implementation was written primarily to the diff --git a/vendor/golang.org/x/image/tiff/reader.go b/vendor/golang.org/x/image/tiff/reader.go index a0cd4e8781..41260e4448 100644 --- a/vendor/golang.org/x/image/tiff/reader.go +++ b/vendor/golang.org/x/image/tiff/reader.go @@ -342,13 +342,25 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } } + // calcRowBytes returns the number of bytes in a row with numSamples samples per pixel + // and bytesPerSample bytes per sample. + calcRowBytes := func(xmin, xmax, numSamples int, bitsPerSample uint) int { + return int((int64(xmax-xmin)*int64(numSamples)*int64(bitsPerSample) + 7) / 8) + } + // calcRowOff returns the offset of the next row. + calcRowOff := func(y, ymin, rowBytes int) int { + return (y - ymin) * rowBytes + } + rMaxX := minInt(xmax, dst.Bounds().Max.X) rMaxY := minInt(ymax, dst.Bounds().Max.Y) switch d.mode { case mGray, mGrayInvert: + rowBytes := calcRowBytes(xmin, xmax, 1, d.bpp) if d.bpp == 16 { img := dst.(*image.Gray16) for y := ymin; y < rMaxY; y++ { + d.off = calcRowOff(y, ymin, rowBytes) for x := xmin; x < rMaxX; x++ { if d.off+2 > len(d.buf) { return errNoPixels @@ -360,14 +372,13 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } img.SetGray16(x, y, color.Gray16{v}) } - if rMaxX == img.Bounds().Max.X { - d.off += 2 * (xmax - img.Bounds().Max.X) - } } } else { img := dst.(*image.Gray) max := uint32((1 << d.bpp) - 1) for y := ymin; y < rMaxY; y++ { + d.off = calcRowOff(y, ymin, rowBytes) + d.flushBits() for x := xmin; x < rMaxX; x++ { v, ok := d.readBits(d.bpp) if !ok { @@ -379,13 +390,15 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } img.SetGray(x, y, color.Gray{uint8(v)}) } - d.flushBits() } } case mPaletted: img := dst.(*image.Paletted) pLen := len(d.palette) + rowBytes := calcRowBytes(xmin, xmax, 1, d.bpp) for y := ymin; y < rMaxY; y++ { + d.off = calcRowOff(y, ymin, rowBytes) + d.flushBits() for x := xmin; x < rMaxX; x++ { v, ok := d.readBits(d.bpp) if !ok { @@ -397,12 +410,13 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } img.SetColorIndex(x, y, idx) } - d.flushBits() } case mRGB: + rowBytes := calcRowBytes(xmin, xmax, 3, d.bpp) if d.bpp == 16 { img := dst.(*image.RGBA64) for y := ymin; y < rMaxY; y++ { + d.off = calcRowOff(y, ymin, rowBytes) for x := xmin; x < rMaxX; x++ { if d.off+6 > len(d.buf) { return errNoPixels @@ -417,6 +431,7 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } else { img := dst.(*image.RGBA) for y := ymin; y < rMaxY; y++ { + d.off = calcRowOff(y, ymin, rowBytes) min := img.PixOffset(xmin, y) max := img.PixOffset(rMaxX, y) off := (y - ymin) * (xmax - xmin) * 3 @@ -433,9 +448,11 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } } case mNRGBA: + rowBytes := calcRowBytes(xmin, xmax, 4, d.bpp) if d.bpp == 16 { img := dst.(*image.NRGBA64) for y := ymin; y < rMaxY; y++ { + d.off = calcRowOff(y, ymin, rowBytes) for x := xmin; x < rMaxX; x++ { if d.off+8 > len(d.buf) { return errNoPixels @@ -461,9 +478,11 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } } case mRGBA: + rowBytes := calcRowBytes(xmin, xmax, 4, d.bpp) if d.bpp == 16 { img := dst.(*image.RGBA64) for y := ymin; y < rMaxY; y++ { + d.off = calcRowOff(y, ymin, rowBytes) for x := xmin; x < rMaxX; x++ { if d.off+8 > len(d.buf) { return errNoPixels diff --git a/vendor/golang.org/x/image/webp/decode.go b/vendor/golang.org/x/image/webp/decode.go index f55de23bff..d68b984206 100644 --- a/vendor/golang.org/x/image/webp/decode.go +++ b/vendor/golang.org/x/image/webp/decode.go @@ -5,6 +5,7 @@ package webp import ( + "bufio" "bytes" "errors" "image" @@ -113,16 +114,39 @@ func decode(r io.Reader, configOnly bool) (image.Image, image.Config, error) { c, err := vp8l.DecodeConfig(chunkData) return nil, c, err } + if seenVP8X { + // Verify the VP8L chunk dimensions match before + // calling vp8l.Decode, to catch malicious images + // following a small VP8X header with a huge VP8L chunk. + // + // Peek the VP8L header. + // + // chunkData is always an unbuffered riff.chunkReader. + // Creating a bufio.Reader here doesn't add any + // inefficiency, since the vp8l package will do it + // if we don't. + bufReader := bufio.NewReader(chunkData) + chunkData = bufReader + const vp8lHeaderSize = 5 + vp8lHeader, err := bufReader.Peek(vp8lHeaderSize) + if err != nil { + if err == io.EOF { + err = errInvalidFormat + } + return nil, image.Config{}, err + } + c, err := vp8l.DecodeConfig(bytes.NewReader(vp8lHeader)) + if err != nil { + return nil, image.Config{}, err + } + if c.Width != int(widthMinusOne)+1 || c.Height != int(heightMinusOne)+1 { + return nil, image.Config{}, errInvalidFormat + } + } m, err := vp8l.Decode(chunkData) if err != nil { return nil, image.Config{}, err } - if seenVP8X { - bounds := m.Bounds() - if bounds.Dx() != int(widthMinusOne)+1 || bounds.Dy() != int(heightMinusOne)+1 { - return nil, image.Config{}, errInvalidFormat - } - } return m, image.Config{}, nil case fccVP8X: diff --git a/vendor/modules.txt b/vendor/modules.txt index fa226cfe34..6c17e2b6eb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2434,7 +2434,7 @@ golang.org/x/exp/slices golang.org/x/exp/slog golang.org/x/exp/slog/internal golang.org/x/exp/slog/internal/buffer -# golang.org/x/image v0.43.0 +# golang.org/x/image v0.44.0 ## explicit; go 1.25.0 golang.org/x/image/bmp golang.org/x/image/ccitt