Skip to content

Commit

Permalink
tools: Fix a buffer overflow involving a file name in pngfix
Browse files Browse the repository at this point in the history 
Reported-by: Guoxiang Niu (@niugx), EaglEye Team
Reported-by: Riccardo Mori <patacca@autistici.org>
Reviewed-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
  • Loading branch information
@thealberto @ctruta
thealberto authored and ctruta committed Nov 20, 2022
1 parent 77c3a39 commit 8a5732f
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion contrib/tools/pngfix.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3961,6 +3961,14 @@ main(int argc, const char **argv)
{
size_t outlen = strlen(*argv);

if (outlen > FILENAME_MAX)
{
fprintf(stderr, "%s: output file name too long: %s%s%s\n",
prog, prefix, *argv, suffix ? suffix : "");
global.status_code |= WRITE_ERROR;
continue;
}

if (outfile == NULL) /* else this takes precedence */
{
/* Consider the prefix/suffix options */
Expand Down Expand Up @@ -4046,4 +4054,3 @@ main(void)
return 77;
}
#endif /* PNG_SETJMP_SUPPORTED */

0 comments on commit 8a5732f

Please sign in to comment.