Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Attempt to multiply with overflow in PNM decoder #1616

Closed
saethlin opened this issue Nov 20, 2021 · 1 comment · Fixed by #1619
Closed

Attempt to multiply with overflow in PNM decoder #1616

saethlin opened this issue Nov 20, 2021 · 1 comment · Fixed by #1619
Labels
good first issue

Comments

@saethlin
Copy link

Running the PNM fuzzing target, this input produces a crash due to an attempt to multiply with overflow:

[80, 54, 10, 52, 50, 57, 52, 56, 50, 57, 52, 56, 35, 56, 10, 52, 10, 48, 10, 12, 12, 56]

It looks like the offending multiply is this:

image/src/codecs/pnm/decoder.rs

Line 608 in 0f1c38a

S::from_bytes(&bytes, width * components, buf)

I suspect this should be a checked_mul
@fintelia
Copy link
Contributor

Yeah, I think the right fix is switching the type for the second argument from u32 -> usize while also replacing the multiplication with a checked_mul.

@shikharvashistha shikharvashistha mentioned this issue Nov 21, 2021
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
good first issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added overflow handling to multiplication of width and components shikharvashistha/image
2 participants
@fintelia @saethlin