Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NULL pointer dereference in the stb_image.h #1452

Open
0xdd96 opened this issue Feb 21, 2023 · 1 comment
Open

NULL pointer dereference in the stb_image.h #1452

0xdd96 opened this issue Feb 21, 2023 · 1 comment
Labels
1 stb_image 2 bug

Comments

@0xdd96
Copy link

0xdd96 commented Feb 21, 2023

I discovered a null pointer dereference vulnerability in the stb_image.h of libsixel, which also exists in this project.

Specifically, if the stbi__pic_load_core function returns 0 (line 6528), result will be released (line 6529) and set to 0 (line 6530). This null pointer will be dereferenced in stbi__convert_format, which would crash the application.

stb/stb_image.h

Lines 6523 to 6535 in 5736b15

// intermediate buffer is RGBA
result = (stbi_uc *) stbi__malloc_mad3(x, y, 4, 0);
if (!result) return stbi__errpuc("outofmem", "Out of memory");
memset(result, 0xff, x*y*4);
if (!stbi__pic_load_core(s,x,y,comp, result)) {
STBI_FREE(result);
result=0;
}
*px = x;
*py = y;
if (req_comp == 0) req_comp = *comp;
result=stbi__convert_format(result,4,req_comp,x,y);

This was referenced Feb 25, 2023
Open
Open
sezero added a commit to libsdl-org/SDL_image that referenced this issue Feb 25, 2023
@sezero
stb_image.h: NULL ptr dereference fix by Neil Bickford from mainstream:
d372c87 
Mainstream pull requests:
nothings/stb#1454
Related mainstream issue tickets:
nothings/stb#1452
sezero added a commit to libsdl-org/SDL_image that referenced this issue Feb 25, 2023
@sezero
stb_image.h: NULL ptr dereference fix by Neil Bickford from mainstream:
bae8e45 
Mainstream pull requests:
nothings/stb#1454
Related mainstream issue tickets:
nothings/stb#1452
@cocoa-xu cocoa-xu mentioned this issue Mar 18, 2023
Merged
@0xdd96 0xdd96 mentioned this issue Mar 19, 2023
Merged
U2FsdGVkX1 pushed a commit to fedora-riscv/usd that referenced this issue Aug 12, 2023
@musicinmybrain
Update minimum stb_image versions
8930f44 
Ensure we have a fix for null pointer dereference bug
nothings/stb#1452.
U2FsdGVkX1 pushed a commit to fedora-riscv/usd that referenced this issue Aug 12, 2023
@musicinmybrain
Update minimum stb_image versions
fec1893 
Ensure we have a fix for null pointer dereference bug
nothings/stb#1452.
U2FsdGVkX1 pushed a commit to fedora-riscv/stb that referenced this issue Aug 12, 2023
@musicinmybrain
Fix null pointer dereference in stb_image
f31cbe6 
nothings/stb#1452
U2FsdGVkX1 pushed a commit to fedora-riscv/stb that referenced this issue Aug 12, 2023
@musicinmybrain
Fix null pointer dereference in stb_image
c1ec87b 
nothings/stb#1452
U2FsdGVkX1 pushed a commit to fedora-riscv/stb that referenced this issue Aug 12, 2023
@musicinmybrain
Fix null pointer dereference in stb_image
524c326 
nothings/stb#1452
U2FsdGVkX1 pushed a commit to fedora-riscv/stb that referenced this issue Aug 12, 2023
@musicinmybrain
Fix null pointer dereference in stb_image
2c15832 
nothings/stb#1452
U2FsdGVkX1 pushed a commit to fedora-riscv/stb that referenced this issue Aug 12, 2023
@musicinmybrain
Fix null pointer dereference in stb_image
0096ab2 
nothings/stb#1452
@NBickford-NV NBickford-NV mentioned this issue Oct 4, 2023
Open
@NBickford-NV
Copy link
Contributor

Tracking CVE numbers: this is https://nvd.nist.gov/vuln/detail/CVE-2023-43898 ((#1521), and its equivalent in Servo's Rust port is https://rustsec.org/advisories/RUSTSEC-2023-0021.html.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1 stb_image 2 bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rygorous @0xdd96 @NBickford-NV