Closed apoleon closed 3 years ago
Hello,
in common-image.c the following code will overflow on 32 bit systems
/ Allocate the pixel buffer / im->pixels = malloc(im->w im->h depth);
if the product is larger than the maximum value of an unsigned 32 bit integer. This is reproducible with the latest POCs e.g. here
https://github.com/cacalabs/libcaca/issues/36
I have prepared a patch that adds an overflow check. I assumed a 2GB image should be a sane limit.
https://gist.github.com/apoleon/24df7819b257faade31125303e91e4a2
why don't you open a PR ?
rofl0r
commented
5 years ago rofl0r
commented
5 years ago
Hello,
in common-image.c the following code will overflow on 32 bit systems
/ Allocate the pixel buffer / im->pixels = malloc(im->w im->h depth);
if the product is larger than the maximum value of an unsigned 32 bit integer. This is reproducible with the latest POCs e.g. here
https://github.com/cacalabs/libcaca/issues/36
I have prepared a patch that adds an overflow check. I assumed a 2GB image should be a sane limit.
https://gist.github.com/apoleon/24df7819b257faade31125303e91e4a2