Skip to content

Unlock write context in exr_get_chunk_table_offset() return paths#2472

Merged
cary-ilm merged 2 commits into
AcademySoftwareFoundation:mainfrom
cary-ilm:GHSA-9pfw-x4vc-xqx7
Jun 17, 2026
Merged

Unlock write context in exr_get_chunk_table_offset() return paths#2472
cary-ilm merged 2 commits into
AcademySoftwareFoundation:mainfrom
cary-ilm:GHSA-9pfw-x4vc-xqx7

Conversation

@cary-ilm

@cary-ilm cary-ilm commented Jun 12, 2026

Copy link
Copy Markdown
Member

EXR_LOCK_WRITE_AND_DEFINE_PART() acquires the mutex on write contexts but both success and error returns leaked the lock, deadlocking later API calls such as exr_get_count().

Addresses https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-9pfw-x4vc-xqx7

@cary-ilm @cursoragent
Unlock write context in exr_get_chunk_table_offset() return paths
1e5f13e 
EXR_LOCK_WRITE_AND_DEFINE_PART() acquires the mutex on write contexts
but both success and error returns leaked the lock, deadlocking later
API calls such as exr_get_count().

Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Cary Phillips <cary@ilm.com>
@cary-ilm cary-ilm requested a review from kdt3rd June 12, 2026 19:00
kthurston
kthurston approved these changes Jun 17, 2026
View reviewed changes

@kthurston kthurston left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoops! LGTM - thanks for increasing our code test coverage numbers!

@cary-ilm cary-ilm merged commit 7f3ffb8 into AcademySoftwareFoundation:main Jun 17, 2026
6 checks passed
cary-ilm added a commit that referenced this pull request Jun 17, 2026
@cary-ilm @cursoragent
Unlock write context in exr_get_chunk_table_offset() return paths (#2472
e170635 
)

EXR_LOCK_WRITE_AND_DEFINE_PART() acquires the mutex on write contexts
but both success and error returns leaked the lock, deadlocking later
API calls such as exr_get_count().

Signed-off-by: Cary Phillips <cary@ilm.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
peterhillman pushed a commit that referenced this pull request Jun 18, 2026
@cary-ilm @cursoragent @peterhillman
Unlock write context in exr_get_chunk_table_offset() return paths (#2472
3468220 
)

EXR_LOCK_WRITE_AND_DEFINE_PART() acquires the mutex on write contexts
but both success and error returns leaked the lock, deadlocking later
API calls such as exr_get_count().

Signed-off-by: Cary Phillips <cary@ilm.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kdt3rd kdt3rd Awaiting requested review from kdt3rd

1 more reviewer

@kthurston kthurston kthurston approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

v3.2.10 v3.3.12 v3.4.13

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cary-ilm @kthurston @peterhillman