Alyssa Milburn



14 Mar 2013

15:06 Exiv2 Bug #890: ASF: heap overflow
If Abhinav or others familiar with the project can find the time to fix these bugs, then I think it's a much better i... Alyssa Milburn
14:46 Exiv2 Bug #893 (Assigned): EPS: crash on invalid input
epsimage.cpp:329/335 don't detect overflow of pos+size (and don't error out in the read case anyway). You can crash 3... Alyssa Milburn

13 Mar 2013

16:16 Exiv2 Bug #890: ASF: heap overflow
You need to also check for dataLength being too low in your new checks on quicktimevideo.cpp:1082/1100/1119/1138, bec... Alyssa Milburn
15:35 Exiv2 Bug #890: ASF: heap overflow
That certainly fixes my testcase. I'll check the other cases, thanks for the quick response.
Unfortunately (sorry!...
Alyssa Milburn

12 Mar 2013

13:32 Exiv2 Bug #891 (New): MRW: potential infinite loop on invalid input
In 32-bit builds, the seek on mrwimage.cpp:135 can be backwards if the input file has a large enough value for siz, a... Alyssa Milburn

11 Mar 2013

07:49 Exiv2 Bug #890 (Closed): ASF: heap overflow
asfvideo.cpp:624 reads dataLength amount of data into a buffer of size 500, causing a heap overflow if dataLength>500... Alyssa Milburn
07:38 Exiv2 Bug #889 (Closed): CRW: crashes when passed invalid data
crwimage.cpp is missing some sanity checks, leading to crashes when trying to load malformed CRW files.
The offset...
Alyssa Milburn
02:38 Exiv2 Bug #888: (near-)infinite loop in video decoders
Sorry, if you don't care about bugs caused by invalid data, these bugs are irrelevant. That's why I said "I don't kno... Alyssa Milburn

10 Mar 2013

16:02 Exiv2 Bug #888 (Closed): (near-)infinite loop in video decoders
If I hand RiffVideo::nikonTagsHandler() data with a size value <4, then it subtracts 4 from it (riffvideo.cpp:745 at ... Alyssa Milburn

Also available in: Atom