Program crashes when processing certain maliciously crafted images #6

pic4xiu · 2023-06-17T06:44:51Z

I found that in the ConvertToGraphicField function, in the first layer of for loop, if the width is 0, the calculation of line[lineIndex] will cause the program to go out of bounds. Because the line definition statement is line := make([]uint8, width), the program directly crashes.

func ConvertToGraphicField(source image.Image, graphicType GraphicType) string {
	var gfType string
	var lastLine string
	size := source.Bounds().Size()
	width := size.X / 8
	height := size.Y
	if size.Y%8 != 0 {
		width = width + 1
	}

	var GraphicFieldData string

	for y := 0; y < size.Y; y++ {
		line := make([]uint8, width)
		lineIndex := 0
		index := uint8(0)
		currentByte := line[lineIndex]//line[0] is out of bounds
		...

The reason why did not choose to introduce error to indicate that the program went wrong is that it seems reasonable to return an empty string, because the image width is 0.

SimonWaldherr · 2023-06-17T20:20:08Z

👍

Update zplgfa.go

0c8c6c6

SimonWaldherr merged commit c0d018f into SimonWaldherr:master Jun 17, 2023

GoVulnBot mentioned this pull request Sep 5, 2023

x/vulndb: potential Go vuln in github.com/SimonWaldherr/zplgfa: CVE-2023-36307 golang/vulndb#2040

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Program crashes when processing certain maliciously crafted images #6

Program crashes when processing certain maliciously crafted images #6

pic4xiu commented Jun 17, 2023

SimonWaldherr commented Jun 17, 2023

Program crashes when processing certain maliciously crafted images #6

Program crashes when processing certain maliciously crafted images #6

Conversation

pic4xiu commented Jun 17, 2023

SimonWaldherr commented Jun 17, 2023