Closed frokaikan closed 6 years ago
Hi, your bitmap file, not_kitty.bmp is a 4-bit image, but the bitmap module only supports 8-bit palletized or 24-bit BMP images.
So the call to bm_load()
on line 15 returned NULL
which is why you got the segmentation fault in line 19 when you called bm_width()
.
I've been meaning to add support for more types in the future, but I haven't gotten around to it yet. I will update the documentation to mention that it only supports those two types in the meantime.
Here is a test program:
#include <stdio.h>
#include "bmp.h"
int main(int argc, char *argv[]) {
if(argc < 2) return 1;
Bitmap *bmp = bm_load(argv[1]);
if(!bmp) {
fprintf(stderr, "error loading %s: %s\n", argv[1], bm_last_error);
return 1;
}
bm_save(bmp, "out.bmp");
bm_free(bmp);
printf("success\n");
return 0;
}
Its output: error loading not_kitty.bmp: unsupported BMP type
and how about this PNG file? It got almost the same error. (I use libpng to compile the library.) not_kitty.zip
Is it the same reason as you say?
Mmm, this is interesting. Your image is an 8-bit PNG, and I've used libpng
's mechanisms to convert those images internally when the image is being loaded, but when I looked at the code on GitHub now I couldn't find it.
I see some error handling code is also missing, so I think I haven't pushed all of my most recent changes to GitHub. I'll look into it this evening.
I'll also keep your files as examples of images that the library should be able to load.
CVE-2018-17073 was assigned to this issue.
I've added a bunch of assert()
s to bmp.c
to address this, in commit 1c88bbd728da6bff8f4533bcfdb0dfef4ed8038b.
(I've done it through asserts for performance reasons; so that the release version don't need to check for NULL pointers on every single call to the API functions)
System: Ubuntu 18.04 Compile use: clang++ with asan, libpng, libjpeg Here's my program:
and here is my bmp: not_kitty.zip
AddressSanitizer:DEADLYSIGNAL
==18470==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000553844 bp 0x000000572df0 sp 0x7ffc6aced1f0 T0) ==18470==The signal is caused by a READ memory access. ==18470==Hint: address points to the zero page.
0 0x553843 in bm_width /opt/bitmap/bmp.c:4255:15
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /opt/bitmap/bmp.c:4255:15 in bm_width ==18470==ABORTING