New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap-buffer-overflow still exists in the rleUncompress #169
Comments
|
Before calling Lines 1614 to 1618 in 0647fb3
However, Lines 1501 to 1527 in 0647fb3
It's better to check the buffer boundary before calling |
|
Thanks! I can reproduce the issue. And also thank you for the PR. Will review it soon. |
|
PR has been merged! |
Describe the issue
Heap-buffer-overflow still exists in the
rleUncompress.This is similar to issue #112, but it seems that the patch 58a6258 has not fully fixed them.
To Reproduce
Environment
version: latest commit 0647fb3
poc: poc
Steps to reproduce the behavior:
./test_tinyexr ./pocHere is the trace reported by ASAN:
The text was updated successfully, but these errors were encountered: