Missing boundary check - Githubissues

BrokenEvent / CsIcnsReader

C# Icns reader

MIT License

4 stars 2 forks source link

Missing boundary check #1

Open theolivenbaum opened 3 years ago

theolivenbaum commented 3 years ago

Hi, just to let you know, it seems like there is a missing boundary check on this line too: https://github.com/BrokenEvent/CsIcnsReader/blob/d49e887dda45c2c129ecbffe3aaf7a8d94578f45/BrokenEvent.Icns/BrokenEvent.LibIcns/LibIcns/Rle24Compression.cs#L36

Changing the code to this fixes the issue:

for (int i = 0; i < count; i++)
{
    var idx = band + 4 * (resultPos++);
    if (idx < result.Length)
    result[idx] = data[dataPos + 1];
}

preseverence commented 3 years ago

Didn't encounter cases where it breaks, but anyway that branch must be stabilized too. Thx.

theolivenbaum commented 3 years ago

Strange, we were hitting that often on macOS Monterey, most icons from the macOS preferences were throwing there

preseverence commented 3 years ago

Is everything ok now, with the recent commit? Also you can send me that icons somehow for experiments. Actually, I don't work much with icns. So the issue was discovered just recently.