It is a heap-buffer-overflow vulnerability in pcxLoadRaster(in in_pcx.cpp:496)

Hi, i found a heap-buffer-overflow vulnerability in the sam2p 0.49.4. reason: https://github.com/pts/sam2p/blob/97e764bf8e9b26ff0d1b97f80073a463b2eedcd0/in_pcx.cpp#L473

https://github.com/pts/sam2p/blob/97e764bf8e9b26ff0d1b97f80073a463b2eedcd0/in_pcx.cpp#L496 The crash happened in the pcxLoadRaster function of the file in_pcx.cpp in line 496. the details are below(ASAN):

./sam2p 009-heap EPS: /dev/null 
This is sam2p 0.49.4.
Available Loaders: PS PDF JAI PNG JPEG TIFF PNM BMP GIF LBM XPM PCX TGA.
Available Appliers: XWD Meta Empty BMP PNG TIFF6 TIFF6-JAI JPEG-JAI JPEG PNM GIF89a+LZW XPM PSL1C PSL23+PDF PSL2+PDF-JAI P-TrOpBb.
=================================================================
==20994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a000017a21 at pc 0x000000432a06 bp 0x7fffffffd6f0 sp 0x7fffffffd6e0
WRITE of size 1 at 0x62a000017a21 thread T0
    #0 0x432a05 in pcxLoadRaster /root/sam2p_ASAN2/sam2p/in_pcx.cpp:496
    #1 0x432a05 in pcxLoadImage8 /root/sam2p_ASAN2/sam2p/in_pcx.cpp:335
    #2 0x432a05 in LoadPCX /root/sam2p_ASAN2/sam2p/in_pcx.cpp:209
    #3 0x432a05 in in_pcx_reader /root/sam2p_ASAN2/sam2p/in_pcx.cpp:533
    #4 0x475999 in Image::load(Image::Loader::UFD*, SimBuffer::Flat const&, char const*) /root/sam2p_ASAN2/sam2p/image.cpp:1427
    #5 0x40384a in run_sam2p_engine(Files::FILEW&, Files::FILEW&, char const* const*, bool) /root/sam2p_ASAN2/sam2p/sam2p_main.cpp:1055
    #6 0x402463 in main /root/sam2p_ASAN2/sam2p/sam2p_main.cpp:1148
    #7 0x7ffff6ac082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x402d38 in _start (/usr/local/sam2p-asan2/bin/sam2p+0x402d38)

0x62a000017a21 is located 0 bytes to the right of 22561-byte region [0x62a000012200,0x62a000017a21)
allocated by thread T0 here:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x41df2a in emulate_cc_new /root/sam2p_ASAN2/sam2p/c_lgcc.cpp:35
    #2 0x41df2a in operator new[](unsigned long) /root/sam2p_ASAN2/sam2p/c_lgcc.cpp:55

SUMMARY: AddressSanitizer: heap-buffer-overflow /root/sam2p_ASAN2/sam2p/in_pcx.cpp:496 pcxLoadRaster
Shadow bytes around the buggy address:
  0x0c547fffaef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fffaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fffaf10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fffaf20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c547fffaf30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c547fffaf40: 00 00 00 00[01]fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fffaf50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fffaf60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fffaf70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fffaf80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c547fffaf90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==20994==ABORTING

POC FILE:https://github.com/fantasy7082/image_test/blob/master/009-heap

pts / sam2p

It is a heap-buffer-overflow vulnerability in pcxLoadRaster(in in_pcx.cpp:496) #32