kornelski / lodepng-rust

All-in-one PNG image encoder/decoder in pure Rust
https://lib.rs/lodepng
zlib License
100 stars 23 forks source link

Memory leak on malformed input #28

Closed Shnatsel closed 6 years ago

Shnatsel commented 6 years ago

lodepng-rust leaks memory when given malicious input. This issue has been discovered via fuzzing with cargo-fuzz.

Steps to reproduce:

git clone https://github.com/Shnatsel/lodepng-leak.git
cd lodepng-leak
RUSTFLAGS='--cfg fuzzing' cargo run

PNG and deflate checksums make fuzzing impossible, so I have modified lodepng-fuzz to disable checksum verification during fuzzing via conditional compilation. lodepng-leak repo currently links against my modified version, which can be found here along with the fuzzing setup. The code right now is rather messy, but it would be nice to get something similar in your repo as well.

kornelski commented 6 years ago

That's an interesting result. Thank you for fuzzing it!

I'll check it next week as I'm currently traveling.