Project

General

Profile

Bug #891

« Previous | 36 of 78 | Next »

MRW: potential infinite loop on invalid input

Added by Alyssa Milburn over 8 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
exif
Target version:
0.28
Start date:
12 Mar 2013
Due date:
% Done:

0%

Estimated time:

Description

In 32-bit builds, the seek on mrwimage.cpp:135 can be backwards if the input file has a large enough value for siz, and since mrwimage.cpp:133 also overflows, this can lead to an infinite loop if you set siz=-len. Testcase attached.

Files

infinite-loop.mrw (16 Bytes) infinite-loop.mrw Alyssa Milburn, 12 Mar 2013 13:32

History

#1

Updated by Robin Mills over 8 years ago

  • Category set to exif
  • Status changed from New to Assigned
  • Assignee set to Robin Mills
  • Priority changed from Low to Normal
  • Target version set to 0.24

Thanks, Alyssa. I'll take a look at this.

#2

Updated by Robin Mills over 8 years ago

  • Target version changed from 0.24 to 0.25

Deferred to 0.25.

#3

Updated by Robin Mills over 6 years ago

  • Target version changed from 0.25 to 0.26

Deferred to v0.26. Insufficient time to deal with this for v0.25.

#4

Updated by Robin Mills over 6 years ago

  • Assignee deleted (Robin Mills)
#5

Updated by Robin Mills about 5 years ago

  • Status changed from Assigned to New
  • Target version changed from 0.26 to 0.28

I've put in around 1200 hours of unpaid work to get to code complete v0.26 and closed almost 200 issues. Regrettably, there are only 5 or 6 issues on which I have not been able to work. This is one. Deferred for v0.27.

Also available in: Atom PDF