Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Segfault on bad favicon #51
Using RMagic 2.13.2, I'm trying to read an untrusted favicon. The following test script results in a segfault:
The segfault is:
However, if you read the file via Magick::Image.read() it does not segfault:
I tracked the problem down to these two lines: https://github.com/rmagick/rmagick/blob/master/ext/RMagick/rmimage.c#L10775-10776
With the given favicon, BlobToImage is freeing the *blob memory and then magick_free() attempts to free the same memory location.
This happens on both Ubuntu 12.04 and OS X.