Menu
▾
▴
4 Attachments
#161 Two patch fix out of bounds.
Here are two patches might help fix memory access out of bounds.
-
The mChunk buffer size is not checked before reading the mng image, add boundary check, avoid accessing illegal addresses.
Reproduce the error byFreeImage_Load(FIF_MNG, "./crash.mng"); -
Fix ReadColorTable() may access out-of-bounds. The maximum length of input pPal is 256, limit the number of colors allowed.
Reproduce the error byFreeImage_Load(FIF_PICT, "./crash.pict");
Discussion
Anonymous
