New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PATCH] Fix potential allocation of huge memory amount due to type overflow in src/lodepng.cpp (Origin: bugzilla #735982) #5593

doxygen opened this Issue Jul 2, 2018 · 0 comments


None yet
1 participant

doxygen commented Jul 2, 2018

status RESOLVED severity normal in component general for ---
Reported in version 1.8.8-GIT on platform Other
Assigned to: Dimitri van Heesch

Original attachment names and IDs:

On 2014-09-03 17:35:13 +0000, Ettl Martin wrote:

Created attachment 285274
proposed fix

Please review the attached patch. It fixes coverity-scan id CID-50003. In src/lodepng.cpp the function ftell is called. In case of an error ftell returns the value -1. This return value is cached in a local variable and then it is used to allocate memory. If so, a huge amount of memory is allocated, because the -1 (int) is casted to (size_t)-max.

Best regards and many thanks

Martin Ettl

On 2014-09-23 18:51:10 +0000, Dimitri van Heesch wrote:

Thanks, I'll include the patch in the next GIT update.

On 2014-12-25 16:02:32 +0000, Dimitri van Heesch wrote:

This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.8.9. Please verify if this is indeed the case. Reopen the
bug if you think it is not fixed and please include any additional information
that you think can be relevant (preferrably in the form of a self-contained example).

@doxygen doxygen closed this Jul 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment