sorry, "ncol can be overflowed" was a typo. I meant underflowed.
sorry, "ncol can be overflowed" was a type. I meant underflowed.
integer underflow bug
Hi, seems I've found a potential integer underflow in PSDParser.cpp https://github.com/WohlSoft/libFreeImage/blob/master/Source/FreeImage/PSDParser.cpp#L801 https://github.com/WohlSoft/libFreeImage/blob/master/Source/FreeImage/PSDParser.cpp#L801 memcpy(dst_line_start, line_start, _Width * _BitPerPixel / 8); In this line of code, observe that _Width * _BitPerPixel / 8 bytes of line_start are copied into dst_line_start. It seems that the variable _Width may have an arbitrary integer value -see below-,...
Hi, seems I've found a potential integer underflow in PSDParser.cpp https://github.com/WohlSoft/libFreeImage/blob/master/Source/FreeImage/PSDParser.cpp#L801 memcpy(dst_line_start, line_start, _Width * _BitPerPixel / 8); In this line of code, observe that _Width * _BitPerPixel / 8 bytes of line_start are copied into dst_line_start. It seems that the variable _Width may have an arbitrary integer value -see below-, so that _Width * _BitPerPixel / 8 is negative, which leads to integer underflow when...
Potential integer underflow in PSDParser.cpp