gdPutBuf return value check #750
Description
Hi,
Two previous issues #247 and #697, show that a return value check for gdGetBuf is necessary and it can cause read out of bound with a corrupted TGA file.
gdPutBuf is similar to gdGetBuf and it also shows the error condition in its return value.
some usages for gdPutBuf are comparing return values to see any error occurred or not. (in gd_jpeg.c and gd_gd2.c)
but there are some other call sites that do not check the return value and also the passed arguments are tainted and can be corrupted.
this is the list of them:
| file | function | line |
|---|---|---|
| gd_webp.c | _gdImageWebpCtx | 230 link |
| gd_bmp.c | _gdImageBmpCtx | 269 link |
| gd_bmp.c | _gdImageBmpCtx | 328 link |
| gd_gif_out.c | flush_char | 1635 link |
so they need to add some condition check for gdPutBuf.
Regards.
Metadata
Metadata
Assignees
Labels
No labels