aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/opencv/opencv/CVE-2019-15939.patch
blob: e9f8514cbea0f7b763ca337462ec308ffc42d3cf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
From 5a497077f109d543ab86dfdf8add1c76c0e47d29 Mon Sep 17 00:00:00 2001
From: Alexander Alekhin <alexander.alekhin@intel.com>
Date: Fri, 23 Aug 2019 16:14:53 +0300
Subject: [PATCH] objdetect: add input check in HOG detector

CVE: CVE-2019-15939
Upstream-Status: Backport [https://github.com/opencv/opencv/commit/5a497077f109d543ab86dfdf8add1c76c0e47d29.patch]
Comment: No changes in any hunk

Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
---
 modules/objdetect/src/hog.cpp | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/modules/objdetect/src/hog.cpp b/modules/objdetect/src/hog.cpp
index 9524851eebb..378bab30876 100644
--- a/modules/objdetect/src/hog.cpp
+++ b/modules/objdetect/src/hog.cpp
@@ -68,6 +68,7 @@ enum {DESCR_FORMAT_COL_BY_COL, DESCR_FORMAT_ROW_BY_ROW};

 static int numPartsWithin(int size, int part_size, int stride)
 {
+    CV_Assert(stride != 0);
     return (size - part_size + stride) / stride;
 }

@@ -80,13 +81,17 @@ static Size numPartsWithin(cv::Size size, cv::Size part_size,

 static size_t getBlockHistogramSize(Size block_size, Size cell_size, int nbins)
 {
+    CV_Assert(!cell_size.empty());
     Size cells_per_block = Size(block_size.width / cell_size.width,
-        block_size.height / cell_size.height);
+                                block_size.height / cell_size.height);
     return (size_t)(nbins * cells_per_block.area());
 }

 size_t HOGDescriptor::getDescriptorSize() const
 {
+    CV_Assert(!cellSize.empty());
+    CV_Assert(!blockStride.empty());
+
     CV_Assert(blockSize.width % cellSize.width == 0 &&
         blockSize.height % cellSize.height == 0);
     CV_Assert((winSize.width - blockSize.width) % blockStride.width == 0 &&
@@ -144,20 +149,20 @@ bool HOGDescriptor::read(FileNode& obj)
     if( !obj.isMap() )
         return false;
     FileNodeIterator it = obj["winSize"].begin();
-    it >> winSize.width >> winSize.height;
+    it >> winSize.width >> winSize.height; CV_Assert(!winSize.empty());
     it = obj["blockSize"].begin();
-    it >> blockSize.width >> blockSize.height;
+    it >> blockSize.width >> blockSize.height; CV_Assert(!blockSize.empty());
     it = obj["blockStride"].begin();
-    it >> blockStride.width >> blockStride.height;
+    it >> blockStride.width >> blockStride.height; CV_Assert(!blockStride.empty());
     it = obj["cellSize"].begin();
-    it >> cellSize.width >> cellSize.height;
-    obj["nbins"] >> nbins;
+    it >> cellSize.width >> cellSize.height; CV_Assert(!cellSize.empty());
+    obj["nbins"] >> nbins; CV_Assert(nbins > 0);
     obj["derivAperture"] >> derivAperture;
     obj["winSigma"] >> winSigma;
     obj["histogramNormType"] >> histogramNormType;
     obj["L2HysThreshold"] >> L2HysThreshold;
     obj["gammaCorrection"] >> gammaCorrection;
-    obj["nlevels"] >> nlevels;
+    obj["nlevels"] >> nlevels; CV_Assert(nlevels > 0);
     if (obj["signedGradient"].empty())
         signedGradient = false;
     else