the image size if 0x0
As a consequence, no space is allocated for the image bits and the allocated size of the header does not take the NUL byte into account.
I suggest silently allocating one additional byte malloc(*bytes+1);, maybe only when the size of the image is 0x0.
See also [ Security] heap-buffer-overflow of export.c in function export_tga #53
Hi libcaca Team
When I use the libfuzz test library API, I found an overflow error. Here are the steps to reproduce and my running environment
System info:
Ubuntu 20.04 : clang 10.0.0 , gcc 9.3.0
Fedora 33: clang 11.0.0 , gcc 10.2.1
libcaca version e4968ba
Verification steps:
1.Get the source code of libcaca
2.Compile the libcaca.so library
$ cd libcaca $ ./bootstrap $ ./configure $ makeor
3.Create the poc_troff.cc && build
4.compile poc_troff.cc
5.Run poc_troff
asan info:
The text was updated successfully, but these errors were encountered: