Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PNG: Out of bounds palette index #28

Open
cfcs opened this issue Sep 26, 2019 · 1 comment
Open

PNG: Out of bounds palette index #28

cfcs opened this issue Sep 26, 2019 · 1 comment
Labels
bug

Comments

@cfcs
Copy link
Collaborator

cfcs commented Sep 26, 2019

(This is part of the work on a test suite for imagelib that @olleolleolle and I are working on.)

Here's a trigger for an out-of-bounds array indexing operation in imagePNG.ml (line 952).

id:000049,sig:06,src:000245,op:ext_AO,pos:12

As you can see the code already has a FIXME, so we should! :-)

     | 3 ->
       let image = create_rgb ~max_val:255 w h in
       for y = 0 to h - 1 do
         for x = 0 to w - 1 do
           let index = unfiltered_int.(y).(x) in
           let index = (* FIXME *)
             if index >= Array.length !palette
             then (Printf.fprintf stderr "Palette index too big...\n%!"; 0)
             else index
           in
           let p = !palette.(index) in (* <-- line 952 *)
           write_rgb image x y p.r p.g p.b
         done
       done;
       image
@cfcs cfcs added the bug label Sep 26, 2019
@cfcs
Copy link
Collaborator Author

cfcs commented Sep 26, 2019
edited
Loading

I think maybe just raise (Corrupted_image "PNG palette index out of bounds") would be sufficient?
(wonder if this can be negative as well?)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cfcs