Bug #891

MRW: potential infinite loop on invalid input

Added by Alyssa Milburn about 6 years ago. Updated over 2 years ago.

Status:NewStart date:12 Mar 2013
Priority:NormalDue date:
Assignee:-% Done:


Target version:0.28


In 32-bit builds, the seek on mrwimage.cpp:135 can be backwards if the input file has a large enough value for siz, and since mrwimage.cpp:133 also overflows, this can lead to an infinite loop if you set siz=-len. Testcase attached.

infinite-loop.mrw (16 Bytes) Alyssa Milburn, 12 Mar 2013 13:32


#1 Updated by Robin Mills about 6 years ago

  • Category set to exif
  • Status changed from New to Assigned
  • Assignee set to Robin Mills
  • Priority changed from Low to Normal
  • Target version set to 0.24

Thanks, Alyssa. I'll take a look at this.

#2 Updated by Robin Mills over 5 years ago

  • Target version changed from 0.24 to 0.25

Deferred to 0.25.

#3 Updated by Robin Mills almost 4 years ago

  • Target version changed from 0.25 to 0.26

Deferred to v0.26. Insufficient time to deal with this for v0.25.

#4 Updated by Robin Mills almost 4 years ago

  • Assignee deleted (Robin Mills)

#5 Updated by Robin Mills over 2 years ago

  • Status changed from Assigned to New
  • Target version changed from 0.26 to 0.28

I've put in around 1200 hours of unpaid work to get to code complete v0.26 and closed almost 200 issues. Regrettably, there are only 5 or 6 issues on which I have not been able to work. This is one. Deferred for v0.27.

Also available in: Atom PDF

Redmine Appliance - Powered by TurnKey Linux