New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integer overflow in ReadNumber #9372
Comments
|
I suggest you to use github feature to
cv::imread("2.ReadNumber_int_overflow_poc");and also
BTW, the number written in the file is large, so raising a run time error looks valid behavior to me. What did you expect to see ? |
|
Thanks for your suggestion! I will do that next time. |
|
got CVE-2017-12864 |
|
probably it's better to link, not just writing down. |
System information (version)
Detailed description
integer overflow in ReadNumber
/home/scdeny/github/opencv/modules/imgcodecs/src/grfmt_pxm.cpp:83:18: runtime error: signed integer overflow: 555555555 * 10 cannot be represented in type 'int'
static int ReadNumber( RLByteStream& strm, int maxdigits )
81:
do
{
val = val*10 + code - '0';
if( ++digits >= maxdigits ) break;
code = strm.getByte();
}
while( isdigit(code));
Steps to reproduce
cv::imread("2.ReadNumber_int_overflow_poc")
poc is here:
https://github.com/scdeny/opencv_pocs/blob/master/2.ReadNumber_int_overflow_poc
The text was updated successfully, but these errors were encountered: