Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
stb_image.h: stbi__hdr_load heap overflow #317
There is a heap overflow condition in the HDR parsing due to the RLE decoding loop not checking that there is enough space in the allocated buffer.
An HDR triggering the vulnerability can be generated with the following Python script:
And here is the ASan report:
I've actually been doing a fuzz of the stb_image.h file and have independently identified most of the issues that @cryptoad has found here. I've been using AFL -- http://lcamtuf.coredump.cx/afl/ -- which is very easy to set up and get running.
For reference, here is a zip of the file produced by the above script, and I've reproed that it does seg fault.