Open JarLob opened 9 months ago
@JarLob could add somewhere like in the title of these or the PRs WHAT stb libraries you are contributing the code/issue to? I only use stb_vorbis from here (and indirectly through SDL_Sound) and am having a hard time differentiating from all issues you opened - in the same day!
stbi__malloc
instbi__convert_8_to_16
[1] may overflow. However for successful exploitationimg_len
must be bigger than zero [2]. Any big enoughimg_len
multiplied by 2 and casted tosize_t
on a 64 bit platform results in an unsigned number not smaller than theimg_len
.Impact
It doesn't look like a potential security issue, but the signed integer overflow behavior is undefined according to C/C++ standard.
Resources
To reproduce the issue in
stbi__vertical_flip_slices
:stbi__convert_8_to_16
and run the program to hit the overflow.