Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gdPutBuf return value check #750

Closed
meweez opened this issue Sep 5, 2021 · 1 comment
Closed

gdPutBuf return value check #750

meweez opened this issue Sep 5, 2021 · 1 comment
Assignees
Milestone

Comments

@meweez
Copy link
Contributor

meweez commented Sep 5, 2021

Hi,
Two previous issues #247 and #697, show that a return value check for gdGetBuf is necessary and it can cause read out of bound with a corrupted TGA file.

gdPutBuf is similar to gdGetBuf and it also shows the error condition in its return value.
some usages for gdPutBuf are comparing return values to see any error occurred or not. (in gd_jpeg.c and gd_gd2.c)

but there are some other call sites that do not check the return value and also the passed arguments are tainted and can be corrupted.
this is the list of them:

file function line
gd_webp.c _gdImageWebpCtx 230 link
gd_bmp.c _gdImageBmpCtx 269 link
gd_bmp.c _gdImageBmpCtx 328 link
gd_gif_out.c flush_char 1635 link

so they need to add some condition check for gdPutBuf.

Regards.

@pierrejoye pierrejoye added this to the GD 2.3.3 milestone Sep 7, 2021
@pierrejoye pierrejoye self-assigned this Sep 7, 2021
pierrejoye added a commit that referenced this issue Sep 7, 2021
pierrejoye added a commit that referenced this issue Sep 8, 2021
Partial fix for #750, BMP and WebP. Gif's usage of PutBuf needs too much refactoring for the actual gain here."
@pierrejoye
Copy link
Contributor

Partial fix applied for BMP and WebP. For GIF, a lot of refactoring is needed and I am not sure it is worth it. What do you think?

We can open a separate issue for GIF as it also requires ABI/API breaks for what I see.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants