Hi,
Two previous issues #247 and #697, show that a return value check for gdGetBuf is necessary and it can cause read out of bound with a corrupted TGA file.
gdPutBuf is similar to gdGetBuf and it also shows the error condition in its return value.
some usages for gdPutBuf are comparing return values to see any error occurred or not. (in gd_jpeg.c and gd_gd2.c)
but there are some other call sites that do not check the return value and also the passed arguments are tainted and can be corrupted.
this is the list of them:
Hi,
Two previous issues #247 and #697, show that a return value check for
gdGetBufis necessary and it can causeread out of boundwith a corrupted TGA file.gdPutBufis similar togdGetBufand it also shows the error condition in its return value.some usages for
gdPutBufare comparing return values to see any error occurred or not. (in gd_jpeg.c and gd_gd2.c)but there are some other call sites that do not check the return value and also the passed arguments are tainted and can be corrupted.
this is the list of them:
so they need to add some condition check for
gdPutBuf.Regards.
The text was updated successfully, but these errors were encountered: