libgd

Author SHA1 Message Date

Author	SHA1	Message	Date
Pierre Joye	167ea1f4f0	Fix tests based on coverity reports (#819 ) * Partial #818, unused arg * Partial #818, init var * partail #818, fix va_args usage * partail #818, handle f* calls and avoid possible call to malloc with negative values * partail #818, prevent double free * partail #818, resource leak if test fail * partail #818, null deref fix * partail #818, avoid double free on fp failure * Partial #818, fix error msg * Partial #818, leak on error * Partial #818, null deref * Partial #818, avoid possible negative index on failure * partial #818, does not free if we return if requested new size overflow * partial #818, avoid double free, free where the alloc happened	2022-02-01 15:09:01 +07:00
Christoph M. Becker	58b6dde319	Fix OOB reads of the TGA decompression buffer It is possible to craft TGA files which will overflow the decompression buffer, but not the image's bitmap. Therefore we also have to check for potential decompression buffer overflows. This issue had been reported by Ibrahim El-Sayed to security@libgd.org; a modified case exposing an off-by-one error of the first patch had been provided by Konrad Beckmann. This commit is an amendment to commit `fb0e0cce`, so we use CVE-2016-6906 as well.	2016-12-13 15:51:51 +01:00
Christoph M. Becker	fb0e0cce0b	Fix OOB reads of the TGA decompression buffer It is possible to craft TGA files which will overflow the decompression buffer, but not the image's bitmap. Therefore we augment the check for the bitmap's overflow with a check for the buffer's overflow. This issue had been reported by Ibrahim El-Sayed to security@libgd.org. CVE-2016-6906	2016-12-13 13:31:05 +01:00

Pierre Joye

Fix tests based on coverity reports (#819 )

* Partial #818, unused arg

* Partial #818, init var

* partail #818, fix va_args usage

* partail #818, handle f* calls and avoid possible call to malloc with negative values

* partail #818, prevent double free

* partail #818, resource leak if test fail

* partail #818, null deref fix

* partail #818, avoid double free on fp failure

* Partial #818, fix error msg

* Partial #818, leak on error

* Partial #818, null deref

* Partial #818, avoid possible negative index on failure

* partial #818, does not free if we return if requested new size overflow

* partial #818, avoid double free, free where the alloc happened

2022-02-01 15:09:01 +07:00

Christoph M. Becker

58b6dde319

Fix OOB reads of the TGA decompression buffer

It is possible to craft TGA files which will overflow the decompression
buffer, but not the image's bitmap. Therefore we also have to check for
potential decompression buffer overflows.

This issue had been reported by Ibrahim El-Sayed to security@libgd.org;
a modified case exposing an off-by-one error of the first patch had been
provided by Konrad Beckmann.

This commit is an amendment to commit fb0e0cce, so we use CVE-2016-6906
as well.

2016-12-13 15:51:51 +01:00

Christoph M. Becker

fb0e0cce0b

Fix OOB reads of the TGA decompression buffer

It is possible to craft TGA files which will overflow the decompression
buffer, but not the image's bitmap. Therefore we augment the check for the
bitmap's overflow with a check for the buffer's overflow.

This issue had been reported by Ibrahim El-Sayed to security@libgd.org.

CVE-2016-6906

2016-12-13 13:31:05 +01:00

3 Commits (167ea1f4f0003f3e9f7ca1e586189e99cf33d47f)