[fltk.bugs] [CRIT] STR #2881: Check image bounds before allocation

Sat, 03 Nov 2012 09:06:54 -0700 

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

Link: http://www.fltk.org/str.php?L2881
Version: 1.3-current
Fix Version: 1.4-feature


Current PNG reader (I assume this applies for jpeg too) does not check for
image bounds, causing fake images to crash the program.

I'm attaching sample with 50.000 x 50.000 found on
http://news.ycombinator.com/item?id=4616182. Every FLTK program that tries
to load it will immediately result throwing exception from load_png_.

Here is the stack trace too:
#0  0xb7fff424 in __kernel_vsyscall ()
#1  0x411dd93f in raise () from /lib/libc.so.6
#2  0x411df293 in abort () from /lib/libc.so.6
#3  0x418eda15 in __gnu_cxx::__verbose_terminate_handler() () from
/lib/libstdc++.so.6
#4  0x418eb604 in ?? () from /lib/libstdc++.so.6
#5  0x418eb640 in std::terminate() () from /lib/libstdc++.so.6
#6  0x418eb8ef in __cxa_throw () from /lib/libstdc++.so.6
#7  0x418ebf5f in operator new(unsigned int) () from /lib/libstdc++.so.6
#8  0x418ec02c in operator new[](unsigned int) () from /lib/libstdc++.so.6
#9  0x08050e04 in Fl_PNG_Image::load_png_ (this=0x80fa110,
name_png=0x80f7680 "/home/sanel/kgmHu.png", buffer_png=0x0, maxsize=0) at
Fl_PNG_Image.cxx:190
#10 0x08050a1a in Fl_PNG_Image::Fl_PNG_Image (this=0x80fa110,
filename=0x80f7680 "/home/sanel/kgmHu.png") at Fl_PNG_Image.cxx:90
#11 0x0804e0e0 in fl_check_images (name=0x80f7680 "/home/sanel/kgmHu.png",
header=0xbfffdd70 "\211PNG\r\n\032\n") at fl_images_core.cxx:89
#12 0x08062951 in Fl_Shared_Image::reload (this=0x80f5690) at
Fl_Shared_Image.cxx:245
#13 0x080624e9 in Fl_Shared_Image::Fl_Shared_Image (this=0x80f5690,
n=0x80d7b80 "/home/sanel/kgmHu.png", img=0x0) at Fl_Shared_Image.cxx:122
#14 0x08062dfa in Fl_Shared_Image::get (n=0x80d7b80
"/home/sanel/kgmHu.png", W=0, H=0) at Fl_Shared_Image.cxx:402
#15 0x0804c942 in loadimage () at ede-image-view/ede-image-view.cpp:220
#16 0x0804d5bd in main (argc=2, argv=0xbfffefc4) at
ede-image-view/ede-image-view.cpp:411


Link: http://www.fltk.org/str.php?L2881
Version: 1.3-current
Fix Version: 1.4-feature
Attachment: http://www.fltk.org/strfiles/2881/kgmHu.png

_______________________________________________
fltk-bugs mailing list
[email protected]
http://lists.easysw.com/mailman/listinfo/fltk-bugs

Reply via email to