stack-buffer-overflow in main function
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apng2gif (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
When apng2gif runs with a very long parameter(>256) in argv[2]
For example:
in command line:
$ apng2gif a.png `python -c 'print "a"*0x100'`
apng2gif 1.7
*** buffer overflow detected ***: apng2gif terminated
已放弃 (核心已转储)
There is a stack-buffer-
In fact,this vulnerability affects all versions less than 1.8
Analyze:
In the sourcecode:https:/
you can see there is a bug when the main function calls strcpy:
......
if (back_b < 0) back_b = 0;
if (back_b > 255) back_b = 255;
bcolor = (back_r<<16) + (back_g<<8) + back_b;
}
}
}
}
else
if (szOut[0] == 0)
}
......
In fact, in the above example:
so when argv[2] is too lang,it will lead to a stack-buffer-
information type: | Private Security → Public Security |
Thanks for reporting this issue. Has this been reported upstream? Also would you mind if I make this bug publicly visible so that the upstream developers can see it?