Comment 24 for bug 1827442

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I reviewed libheif 1.6.1-1 as checked into focal. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.

libheif is an image codec library necessary for decoding photos from some
newer phones.

- CVE History:
  - CVE-2019-11471, our database says still unfixed in 18.04 LTS.
- Build-Depends: debhelper-compat, libde265-dev, libgdk-pixbuf2.0-dev,
  libjpeg-dev, libpng-dev, libx265-dev, pkg-config
- no pre/post inst/rm scripts
- no init scripts
- no systemd units
- no dbus services
- no setuid binaries
- binaries in PATH
  - heif-thumbnailer in heif-thumbnailer
  - heif-convert, heif-enc, heif-info in libheif-examples
- no sudo fragments
- no udev rules
- There are some very thin unit tests. No autopkgtests. THere's some
  support for fuzzers but I don't see it used.
- no cron jobs
- relatively clean build logs

- no processes spawned
- significant memory management and C-style manipulation of data. Most
  calls looked like there were checks in place, but this level of C-style
  memory manipulation probably has errors.
- No file IO in library, only in examples
- Very little human logging; looked fine
- No environment variable usage
- No use of privileged functions
- No cryptography
- No temp files
- No networking
- No webkit
- No polkit

- cppcheck false positive
- an earlier look found some coverity issues, which the team addressed

Here's a list of the small handful of things I noticed:

In convert_libde265_image_to_heif_image() what constrains stride to
reasonable values? I get lost reading libde265 code to find the stride.

setjmp() used for error handling in example code; this kind of error
handling is very difficult to use correctly over time.

Y4MEncoder::Encode() doesn't appear to guard against integer overflow in
fwrite() calls

Box_iloc::write_mdat_after_iloc() 4gig outputs unhandled

I'm not sure the consequences of any of these issues.

Code quality looked goodh, especially for a codec library; the examples didn't
look as good, but this is common.

Security team ACK for promoting the libheif library packages libheif1 and
heif-gdk-pixbuf to main. I'd like to keep the examples in heif-thumbnailer
and libheif-examples in universe.