Menu
▾
▴
3 Attachments
#159 psdParser::UnpackRLE() memory out of bounds.
Our team found a error where psdParser::UnpackRLE() could cause a memory out of bounds when loading certain psd images.
We found that the source code does not break the loop when the read line ends.
// assert we don't write beyound eol
memcpy(line, rle_line, line + len > line_end ? line_end - line : len);
// not break when line >= line_end
line += len;
rle_line += len;
How to reproduce the error:
Load the tst_memcpy.psd.
FIBITMAP *dib = FreeImage_Load(FREE_IMAGE_FORMAT::FIF_PSD, "./tst_memcpy.psd");
Here's a patch that might help fix the error.
Discussion
Anonymous
