-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap buffer overflow in tinyexr::DecodePixelData #78
Comments
Problematic code comes from OpenEXR code portion( Although PR from you is always welcome! |
Anyway, it looks I found solution and pushed a fix to @ChijinZ could you please test |
I have tested hufdecode-fix branch and verified the heap-buffer-overflow was already fixed. I will get in touch with you if I find other problems. Thank you very much for the quick reply and feedback! |
Thanks! |
git log
I build tinyexr with clang and address sanitizer. When testcase (see: https://github.com/ChijinZ/security_advisories/blob/master/tinyexr_6fd0c1f/heap-buffer-overflow) is input into test_tinyexr (command: ./test_tinyexr testcase), a heap-buffer-overflow has triggered.
Address sanitizer provided information as below:
The text was updated successfully, but these errors were encountered: