diff --git a/go.mod b/go.mod index 6aade05a80d..d89992bc9a4 100644 --- a/go.mod +++ b/go.mod @@ -104,7 +104,7 @@ require ( go.opentelemetry.io/otel/trace v1.27.0 golang.org/x/crypto v0.24.0 golang.org/x/exp v0.0.0-20240205201215-2c58cdc269a3 - golang.org/x/image v0.16.0 + golang.org/x/image v0.18.0 golang.org/x/net v0.26.0 golang.org/x/oauth2 v0.21.0 golang.org/x/sync v0.7.0 diff --git a/go.sum b/go.sum index 46b6df1de38..82833e739e5 100644 --- a/go.sum +++ b/go.sum @@ -2236,8 +2236,8 @@ golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeap golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.16.0 h1:9kloLAKhUufZhA12l5fwnx2NZW39/we1UhBesW433jw= -golang.org/x/image v0.16.0/go.mod h1:ugSZItdV4nOxyqp56HmXwH0Ry0nBCpjnZdpDaIHdoPs= +golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ= +golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= diff --git a/vendor/golang.org/x/image/tiff/reader.go b/vendor/golang.org/x/image/tiff/reader.go index 0ad15529095..1b8fcb8595f 100644 --- a/vendor/golang.org/x/image/tiff/reader.go +++ b/vendor/golang.org/x/image/tiff/reader.go @@ -36,7 +36,10 @@ func (e UnsupportedError) Error() string { return "tiff: unsupported feature: " + string(e) } -var errNoPixels = FormatError("not enough pixel data") +var ( + errNoPixels = FormatError("not enough pixel data") + errInvalidColorIndex = FormatError("invalid color index") +) const maxChunkSize = 10 << 20 // 10M @@ -337,13 +340,18 @@ func (d *decoder) decode(dst image.Image, xmin, ymin, xmax, ymax int) error { } case mPaletted: img := dst.(*image.Paletted) + pLen := len(d.palette) for y := ymin; y < rMaxY; y++ { for x := xmin; x < rMaxX; x++ { v, ok := d.readBits(d.bpp) if !ok { return errNoPixels } - img.SetColorIndex(x, y, uint8(v)) + idx := uint8(v) + if int(idx) >= pLen { + return errInvalidColorIndex + } + img.SetColorIndex(x, y, idx) } d.flushBits() } diff --git a/vendor/modules.txt b/vendor/modules.txt index fc97f9740d1..0bb531b1a8c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2154,7 +2154,7 @@ golang.org/x/crypto/ssh/knownhosts golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/image v0.16.0 +# golang.org/x/image v0.18.0 ## explicit; go 1.18 golang.org/x/image/bmp golang.org/x/image/ccitt