#191 sfw file crash

closed-fixed
5
2012-05-10
2012-05-09
yanli
No

if the sfw file was tampered,the application will crash.
The crash code is at line 288 or 282 in sfw.c.
if (offset+=(offset[2] << 8)+offset[3]+2) > buffer_size it will crash in TranslateSFWMarker(offset).
if should ThrowReaderException?

Discussion

  • Bob Friesenhahn

    Bob Friesenhahn - 2012-05-10

    This should be resolved by Mercurial changeset 8c25d8d40948. Please check my work.

     
  • Bob Friesenhahn

    Bob Friesenhahn - 2012-05-10
    • labels: 595549 --> File Format Support
    • status: open --> closed-fixed
     

Log in to post a comment.