Closed knok closed 4 years ago
This problem caused by the following line: https://github.com/saitoha/libsixel/blob/master/src/writer.c#L160
for (i = 0; i < width * height; ++i, ++src) { *dst++ = *(palette + *src * 3 + 0); *dst++ = *(palette + *src * 3 + 1); *dst++ = *(palette + *src * 3 + 2); }
https://bugzilla.redhat.com/show_bug.cgi?id=1649201 The above POC causes to store 255 value on src, so always allocation 2563 size of memory to *palette prevent heap overflow.
82
This problem caused by the following line: https://github.com/saitoha/libsixel/blob/master/src/writer.c#L160
https://bugzilla.redhat.com/show_bug.cgi?id=1649201 The above POC causes to store 255 value on src, so always allocation 2563 size of memory to *palette prevent heap overflow.