Issues

Issue #68 invalid

Buffer overflow reports by AddressSanitizer

Anonymous created an issue

Hi

AddressSanitizer (https://code.google.com/p/address-sanitizer/) reports a possible buffer overflow issue here:

https://bitbucket.org/libgd/gd-libgd/src/b47e37d8aefbd646566d24bdd48534e99a8e68d8/src/gd_gif_in.c?at=master#cl-399

If scd->last_byte < 2 then we are potentially accessing memory that is out of bounds. I'm not familiar enough with the code to decide what needs to be done if this happens.

Comments (3)

  1. Pierre Joye

    Line 386, if flag is set, is the only case where last_byte < 2 but it immediately returns afterwards.

    Later on line 406, last_byte can only be greater than 2 (2+count is used in both assignments).

  2. dhyanesh_damania

    It seems that line 399 has to be executed before getting to line 406. So when it gets to line 399 the first time, scd->last_byte = 0, right?

    Maybe I'm missing something?

  3. Log in to comment