MRW: potential infinite loop on invalid input
In 32-bit builds, the seek on mrwimage.cpp:135 can be backwards if the input file has a large enough value for siz, and since mrwimage.cpp:133 also overflows, this can lead to an infinite loop if you set siz=-len. Testcase attached.
Updated by Robin Mills over 5 years ago
- Status changed from Assigned to New
- Target version changed from 0.26 to 0.28
I've put in around 1200 hours of unpaid work to get to code complete v0.26 and closed almost 200 issues. Regrettably, there are only 5 or 6 issues on which I have not been able to work. This is one. Deferred for v0.27.