New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-3410 #52
Comments
|
Problem is that there is a string |
|
The value (48888888888) doesn't fit into an "int" (which has 32 bits, even on a 64 bit architecture!), so it is truncated to 1644248632 but even then, the sizes (width * height) exceed 32 bits, so some calculations' results may be truncated, while others may not be.
|
|
Thanks for reporting this. I went for |
|
This doesn't compile as "new_size" has already been declared at the start of the function. |
|
Sorry, I forgot to amend a faulty commit. I force-pushed, apologies if this causes inconveniences. |
|
Strange ... it still crashes: Ahem ... width = 0 ... this creates a black hole ;-) (albeit a very small one as new_size is also 0). |
|
Works with the added check "if (width != 0 && new_size / width != height)". |
|
Haha, well at least a division by zero is less severe than an out of bounds memory access! Fixed properly in e4968ba, and added unit tests so that it doesn’t happen again. |
Changelog: https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20 There are some CVE fixes listed there (e.g., buffer overflow, illegal WRITE access, illegal READ access). Here is one: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3410 cacalabs/libcaca#52 This update: - Moves MASTER_SITES to github (http://caca.zoy.org/browser/libcaca/trunk/README) - Defines V and PKGNAME substitution - Bumps major because of removed symbols. libcaca is moving away from using libcucul. - Disable building ruby subdirectory in Makefile.in patch to be consistent with --disable-ruby. - Remove -g -O2 and bash-ism =~ in patch-configure. bash-ism throws an error otherwise. Reorder comments while here. Feedback, tests and OK thfr@
Following vulnerability has been reported to Red Hat issue tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=1928437
The text was updated successfully, but these errors were encountered: