We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
there is a buffer overflow issue in gif_process_raster function, line 310 of fromgif.c
309 for (code = 0; code < clear; code++) { 310 g->codes[code].prefix = -1; 311 g->codes[code].first = (unsigned char) code; 312 g->codes[code].suffix = (unsigned char) code; 313 }
g->codes[code] will OOB write with a crafted gif file.
root@ubuntu:/libsixel-master/converters# ./img2sixel crafted.gif Segmentation fault (core dumped)
//////////debug information///////////// root@ubuntu:/libsixel-master/converters# gdb -q .libs/img2sixel Reading symbols from .libs/img2sixel...done. (gdb) set args crafted.gif (gdb) r Starting program: /libsixel-master/converters/.libs/img2sixel crafted.gif
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7bad7e6 in gif_process_raster (s=0x7fffffffdc40, g=0x7fffffff95d0) at fromgif.c:310 310 g->codes[code].prefix = -1; (gdb) bt #0 0x00007ffff7bad7e6 in gif_process_raster (s=0x7fffffffdc40, g=0x7fffffff95d0) at fromgif.c:310 #1 0x00007ffff7badead in gif_load_next (s=0x7fffffffdc40, g=0x7fffffff95d0, bgcolor=0x0) at fromgif.c:462 #2 0x00007ffff7bae39f in load_gif (buffer=0x7ffff6d53010 "GIF89a\376\001\037", <incomplete sequence \346>, size=1888416, bgcolor=0x0, reqcolors=256, fuse_palette=1, fstatic=0, loop_control=1195900927, fn_load=0x7ffff7bb1d9d <load_image_callback>, context=0x606040, allocator=0x606010) at fromgif.c:599
Guoxiang Niu, Xiaolong Zhao, Muxing Guan, EaglEye Team
The text was updated successfully, but these errors were encountered:
This is same problem as #75. It is fixed with 7808a06 and merged into v1.8.3. Thanks!
Sorry, something went wrong.
No branches or pull requests
there is a buffer overflow issue in gif_process_raster function, line 310 of fromgif.c
309 for (code = 0; code < clear; code++) {
310 g->codes[code].prefix = -1;
311 g->codes[code].first = (unsigned char) code;
312 g->codes[code].suffix = (unsigned char) code;
313 }
g->codes[code] will OOB write with a crafted gif file.
root@ubuntu:/libsixel-master/converters# ./img2sixel crafted.gif
Segmentation fault (core dumped)
//////////debug information/////////////
root@ubuntu:/libsixel-master/converters# gdb -q .libs/img2sixel
Reading symbols from .libs/img2sixel...done.
(gdb) set args crafted.gif
(gdb) r
Starting program: /libsixel-master/converters/.libs/img2sixel crafted.gif
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bad7e6 in gif_process_raster (s=0x7fffffffdc40, g=0x7fffffff95d0) at fromgif.c:310
310 g->codes[code].prefix = -1;
(gdb) bt
#0 0x00007ffff7bad7e6 in gif_process_raster (s=0x7fffffffdc40, g=0x7fffffff95d0) at fromgif.c:310
#1 0x00007ffff7badead in gif_load_next (s=0x7fffffffdc40, g=0x7fffffff95d0, bgcolor=0x0) at fromgif.c:462
#2 0x00007ffff7bae39f in load_gif (buffer=0x7ffff6d53010 "GIF89a\376\001\037", <incomplete sequence \346>, size=1888416, bgcolor=0x0, reqcolors=256, fuse_palette=1, fstatic=0, loop_control=1195900927, fn_load=0x7ffff7bb1d9d <load_image_callback>, context=0x606040, allocator=0x606010) at fromgif.c:599
Guoxiang Niu, Xiaolong Zhao, Muxing Guan, EaglEye Team
The text was updated successfully, but these errors were encountered: