New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug in ass_outline.c:1354: _Bool outline_stroke(ASS_Outline *, ASS_Outline *, const ASS_Outline *, int, int, int): Assertion `rad >= eps' failed. #431
Comments
|
@MrSmile Will you take a look? |
|
In `ass_outline_construct`'s call to `outline_stroke` a signed integer
overflow happens *(undefined behaviour)*. On my machine signed overflow
happens to wrap around to a negative value, thus failing the assert.
#261 does currently not prevent this overflow .
```
ass_render.c:1222:18: runtime error: signed integer overflow: 189629639 * 16 cannot be represented in type 'int'
ass_render.c:1222:18: runtime error: signed integer overflow: 189629639 * 16 cannot be represented in type 'int'
fuzz: ass_outline.c:1354: outline_stroke: Assertion `rad >= eps' failed.
```
|
|
Any chance of a new release with this fix? The patch doesn't apply to 1.14.0 |
|
Hey folks, wondering if this will get a CVE? |
Hello, I really don't know how to apply for CVE, I see the announcement seems to require the project manager to issue security advice. |
|
Hey,
I can help with that if you need to. You can request one directly from Mitre, the link i shared earlier. |
|
Hi. Since this project is on github you can use the security advisory feature to request a CVE. Else using the form works as well. |
Think you , but I can only directly contact maintainers to ask them to create security advisories or issue CVEs on my behalf in repositories that i'm not administer. |
|
This is CVE-2020-26682 |
fuzzer & poc
libass.zip
gdb:
The text was updated successfully, but these errors were encountered: