Open peanuts62 opened 4 years ago
CVE-2020-19668 was assigned for this issue.
Hi @saitoha Do you happen to know if there is any plan to address this issue ?
Thanks in advance!
LZW Minimum Code Size determines the initial number of bits used for LZW codes in the image data, and 2**12+2 is more than 4096. So the 12-bits limitation is not for this, and the condition in the fromgif.c:328 is wrong.
This issue has been patched in the fork. See libsixel/libsixel#8, PR.
This repository has an absent maintainer. It's unlikely the maintainer will ever return, therefore the fork effort is described in saitoha#154. Distributions, users, and all other stakeholders are encouraged to switch to the fork.
run_cmd
img2sixel -8 array_overflow
poc the asan log
analyse :
I use the gdb to debug the bug. I found in the fromgif.c:283 ,the
code = 0x7fff
is larger than the structure of g which define as 4096. so the crash occur!source code is here:
bug position:
gdb log :
version:
complies command
./configure CC="gcc" CXX="g++" CFLAGS="-g -O0 -fsanitize=address"