-
Notifications
You must be signed in to change notification settings - Fork 265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gdImageGdPtr memory leak #700
Comments
The first test script is bogus, since ìm1 Anyhow, this is not related to CVE-2016-6912, because that was about a double-free in case |
Sorry I had a typo in test 1 and You are using some conditional checks in the second test is the test file you are using here with a little change that I replace
|
if you pass garbage to libgd, you can only expect garbage back. it is not gd's responsibility to make sure programmers don't pass it garbage. that includes, but is not limited to, programmers passing in NULL pointers. gd guarantees that failures coming from the OS are handled gracefully when possible, as are corrupt input files/images. |
If |
I'm using this:
|
Sorry, but I couldn't understand why you are using multiple checks on thanks |
"some places check for NULL" is not the same thing as "gd guarantees you can pass it NULL pointers". if you have code passing NULL pointers to functions, your code is bad and needs fixing. it is not a bug in gd. we should be able to add non-null attributes to our functions so the compiler could try and enforce that too. |
It seems to me a very typical issue is to get libwebp may fail to encode an image, and this also needs to be handled by the client; in this case libgd is the client. The only reason |
correct. i would consider any library gd calls to be part of the "OS". |
Hi, despite of Isn't it necessary to add success and fail return value to |
Oh, right. Stll, not a security issue, since it is documented:
|
But there are some CVEs on |
I guess the function was not documented to be not intended for production usage back then. |
Hello,
I found that 'gdImageGdPtr' in gd_gd.c and 'gdImageWebpPtr' in gd_webp.c are similar functions for different picture formats. You have changed 'gdImageWebpPtr' because of CVE-2016-6912 (double free), So It seems that you need to change 'gdImageGdPtr' too.
I run two test files with ASAN, and the result is shown below. The test files are located in the 'tests/webp' folder.
Test1:
ASAN result:
Test2:
ASAN result:
Is there another CVE here?
The text was updated successfully, but these errors were encountered: