-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
astcenc outright segfaults in decode mode with these inputs #4
Comments
Hi, |
Merged
Pull Request #13 fixes these; they were mostly a matter of zero-dimension values for the overall image size, and overly simplified ASTC-blocksize dimension value checking allowing for a combination of... *p = malloc(0); // segfault if p is accessed ...and trying to lookup invalid expansions at 7, 9, or 11 X/Y or 2, 7, 8, 9, 10, 11, or 12 Z blocksizes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I realize that input validation is not currently a priority; however, in case you'd ever like to work on it, I let a fuzzer have its way with
astcenc -d
for more-or-less twenty hours, and it shook out these 173 address boundary errors, which may be mostly related.This link refers to a gzipped tarball containing the test cases it found. Each test case is trimmed to the smallest form that still reliably produces the crash.
http://marumie.magnifi.ca/astcenc/crashes.tgz
If any of these are architecture-specific, my test platform was AMD64.
Have a nice morning in Cambridge. :- )
The text was updated successfully, but these errors were encountered: