Hi Renchen On Wed, 16 Mar 2016 11:00:21 -0700, Renchen.Sun wrote:
> Not sure if it's the correct email address to talk about this. I use > libnsbmp lib in my project and realize that it crashes on decoding a > bmp file as attached in this email. > > Please take a look and fix it if possible. This bimap has rle-8 > encoding and it seems like libnsbmp has out-of-bound access to the > memory. I can reproduce this here. Can you raise it on the bugtracker please? http://bugs.netsurf-browser.org Thanks Chris Stack trace: bmp_decode_rle.part.0()+0x40c (section 1 @ 0x2A02B0) bmp_decode_rle.part.0()+0x60 (section 1 @ 0x29FF04) [image/bmp.c:183] nsbmp_redraw()+0x88 (section 1 @ 0x14590C) [content/content.c:636] content_scaled_redraw()+0x138 (section 1 @ 0xE7210) [amiga/bitmap.c:593] bitmap_render()+0xbc (section 1 @ 0x22A4) [desktop/browser_history.c:524] browser_window_history_add()+0x284 (section 1 @ 0x11DE98) [desktop/browser.c:1409] browser_window_callback()+0x6ec (section 1 @ 0x11A978) [content/hlcache.c:191] hlcache_content_callback()+0x4c (section 1 @ 0xF50D0) [content/content.c:772] content_set_ready()+0xf8 (section 1 @ 0xE5ED8) [image/bmp.c:168] nsbmp_convert()+0x148 (section 1 @ 0x145AB8) [content/content.c:286] content_llcache_callback()+0x210 (section 1 @ 0xE62A4) [content/llcache.c:3003] llcache_object_notify_users()+0x1ec (section 1 @ 0xF8678) [content/llcache.c:3430] llcache_catch_up_all_users()+0x5c (section 1 @ 0xF882C) [amiga/schedule.c:248] ami_schedule_handle()+0x16c (section 1 @ 0x3B3E0) [amiga/gui.c:2819] ami_get_msg()+0x4f4 (section 1 @ 0x1D6B8) [amiga/gui.c:5702] main()+0xea8 (section 1 @ 0x21798) native kernel module newlib.library.kmod+0x000020ac native kernel module newlib.library.kmod+0x00002d5c native kernel module newlib.library.kmod+0x00002ef0 _start()+0x170 (section 1 @ 0x16C) native kernel module dos.library.kmod+0x00024c18 native kernel module kernel+0x0003b648 native kernel module kernel+0x0003b6c8
