FPNGEOutputAllocSize can underestimate the required sized

veluca93 / fpnge

Demo of a fast PNG encoder.

Apache License 2.0

88 stars 8 forks source link

FPNGEOutputAllocSize can underestimate the required sized #25

Closed StefanVK closed 1 year ago

StefanVK commented 1 year ago

There exist some scenarios for which FPNGEOutputAllocSize underestimates the required size. This can lead to a heap buffer overflows.

So far I only ran into the problem with 1 pixel wide grayvalue images at compression level 2.

Example image 1 channel 1x64000 noise

With added -g option for grayvalue images: ./fpnge -2 -g ../testdata/narrow_gv.png out.png Segmentation fault (core dumped)

Allocated size: 129024 Encoded size: 129875

veluca93 commented 1 year ago

Thanks for pointing this out! Looks like that function ignored the existence of filter bytes...

It should be fixed now, please give it a look!

StefanVK commented 1 year ago

Thank you for the amazingly quick fix, Luca! This fixes our problem and your explanation why it's correct to add 1*height bytes for the filter byte for each scan line makes sense.