New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stack-buffer-overflow in function encode_ise() #294
Comments
|
Fails on 2.x and main (different failure modes). The Looks like Current hypothesis is that we are trying to use invalid symbolic values, which are out of range for some array accesses. |
|
The bug here is that complex blocks may fail to generate a valid encoding, so the final block is actually an otherwise unpopulated symbolic block in the error state. The current This issue has been in the code forever, but it's more likely that valid encodings are not found due to the reduction in search space covered by the optimized compressor. |
|
The temporary workaround is to replace error blocks with a constant color block, e.g. copying the origin color. We can probably do better here, but I'll raise a separate issue for this. |
|
Fixed in 6ffb305 |
Thank you for your timely feedback.Would you like to assign a CVE to the vulnerability we found? |
Version
Environment
Ubuntu 18.04,64 bit
Command
Compile test program:
$ mkdir build $ cd build $ cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release .. $ make -j8Compile test program with address sanitizer:
Result
The result of running without ASAN:
Information obtained by using ASAN:
Description
Poc
Poc file is this.
The text was updated successfully, but these errors were encountered: