search

lvandeve / lodepng

PNG encoder and decoder in C and C++.
zlib License
2.08k stars 425 forks source link

2 critical but easy to fix integer overflows #143

Open dns43 opened 3 years ago

dns43 commented 3 years ago

decodeGeneric() in lodepng.c:4812 has integer overflow. lodepng_inspect_chunk() in lodepng.c:4716 has integer overflow.

Can be fixed easily by adding check if INT_MAX-chunkLength-12 < chunk, or using static int lodepng_addofl(size_t a, size_t b, size_t* result) in lodepng.cpp

Happy to provide PoC