Closed niugx closed 4 years ago
There is issue in line 5051 of stbi__shiftsigned function of stb_image.h file, which cause a denial of service (assert fault) via a crafted bmp file.
5035 static int stbi__shiftsigned(int v, int shift, int bits) 5036 { ... 5049 STBI_ASSERT(v >= 0 && v < 256); 5050 v >>= (8-bits); 5051 STBI_ASSERT(bits >= 0 && bits <= 8); 5052 return (int) ((unsigned) v * mul_table[bits]) >> shift_table[bits]; 5053 }
root@ubuntu:/libsixel-master/converters# ./img2sixel crafted.bmp lt-img2sixel: stb_image.h:5051: stbi__shiftsigned: Assertion `bits >= 0 && bits <= 8' failed. Aborted (core dumped)
Guoxiang Niu, Xiaolong Zhao, Muxing Guan, EaglEye Team
Fixed on v1.8.4, Thanks!
saitoha
commented
4 years ago
There is issue in line 5051 of stbi__shiftsigned function of stb_image.h file, which cause a denial of service (assert fault) via a crafted bmp file.
5035 static int stbi__shiftsigned(int v, int shift, int bits) 5036 { ... 5049 STBI_ASSERT(v >= 0 && v < 256); 5050 v >>= (8-bits); 5051 STBI_ASSERT(bits >= 0 && bits <= 8); 5052 return (int) ((unsigned) v * mul_table[bits]) >> shift_table[bits]; 5053 }
root@ubuntu:/libsixel-master/converters# ./img2sixel crafted.bmp lt-img2sixel: stb_image.h:5051: stbi__shiftsigned: Assertion `bits >= 0 && bits <= 8' failed. Aborted (core dumped)
Guoxiang Niu, Xiaolong Zhao, Muxing Guan, EaglEye Team