You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Evidence:
src/bmp.imageio/bmpinput.cpp:302:41: runtime error: signed integer overflow: 10240 * 276095 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /root/fuzz/fuzz_oiio/oiio/src/bmp.imageio/bmpinput.cpp:302:41 in
terminate called after throwing an instance of 'std::length_error'
what(): vector::_M_default_append
0# OpenImageIO_v2_5_2::Sysutil::stacktraceabi:cxx11 in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO_Util.so.2.5.2
1# 0x00007F5AA4E8B5CC in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO_Util.so.2.5.2
2# 0x00007F5AA4532520 in /lib/x86_64-linux-gnu/libc.so.6
3# pthread_kill in /lib/x86_64-linux-gnu/libc.so.6
4# raise in /lib/x86_64-linux-gnu/libc.so.6
5# abort in /lib/x86_64-linux-gnu/libc.so.6
6# 0x00007F5AA48C1B9E in /lib/x86_64-linux-gnu/libstdc++.so.6
7# 0x00007F5AA48CD20C in /lib/x86_64-linux-gnu/libstdc++.so.6
8# 0x00007F5AA48CD277 in /lib/x86_64-linux-gnu/libstdc++.so.6
9# 0x00007F5AA48CD4D8 in /lib/x86_64-linux-gnu/libstdc++.so.6
10# std::__throw_length_error(char const*) in /lib/x86_64-linux-gnu/libstdc++.so.6
11# 0x00007F5AA64A29AC in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
12# 0x00007F5AA64A2281 in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
13# 0x00007F5AA733A3BB in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
14# 0x00007F5AA73355FE in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
15# 0x00007F5AA7332396 in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
16# OpenImageIO_v2_5_2::ImageInput::create(OpenImageIO_v2_5_2::basic_string_view<char, std::char_traits >, bool, OpenImageIO_v2_5_2::ImageSpec const*, OpenImageIO_v2_5_2::Filesystem::IOProxy*, OpenImageIO_v2_5_2::basic_string_view<char, std::char_traits >) in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
17# OpenImageIO_v2_5_2::ImageInput::open(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, OpenImageIO_v2_5_2::ImageSpec const*, OpenImageIO_v2_5_2::Filesystem::IOProxy*) in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
18# 0x000055E91B20C502 in ../../../oiio/build/bin/iconvert
19# 0x000055E91B2133A1 in ../../../oiio/build/bin/iconvert
20# 0x00007F5AA4519D90 in /lib/x86_64-linux-gnu/libc.so.6
21# __libc_start_main in /lib/x86_64-linux-gnu/libc.so.6
22# 0x000055E91B14BC55 in ../../../oiio/build/bin/iconvert
Aborted
Platform information:
OIIO branch/version: 2.4.14.0
OS: Linux
C++ compiler: clang-14.0.6
The text was updated successfully, but these errors were encountered:
Describe the bug:
Hi, I found runtime error: signed integer overflow in file src/bmp.imageio/bmpinput.cpp:302
To Reproduce:
Steps to reproduce the behavior:
poc file:
poc.bmp.zip
Evidence:
src/bmp.imageio/bmpinput.cpp:302:41: runtime error: signed integer overflow: 10240 * 276095 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /root/fuzz/fuzz_oiio/oiio/src/bmp.imageio/bmpinput.cpp:302:41 in
terminate called after throwing an instance of 'std::length_error'
what(): vector::_M_default_append
0# OpenImageIO_v2_5_2::Sysutil::stacktraceabi:cxx11 in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO_Util.so.2.5.2
1# 0x00007F5AA4E8B5CC in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO_Util.so.2.5.2
2# 0x00007F5AA4532520 in /lib/x86_64-linux-gnu/libc.so.6
3# pthread_kill in /lib/x86_64-linux-gnu/libc.so.6
4# raise in /lib/x86_64-linux-gnu/libc.so.6
5# abort in /lib/x86_64-linux-gnu/libc.so.6
6# 0x00007F5AA48C1B9E in /lib/x86_64-linux-gnu/libstdc++.so.6
7# 0x00007F5AA48CD20C in /lib/x86_64-linux-gnu/libstdc++.so.6
8# 0x00007F5AA48CD277 in /lib/x86_64-linux-gnu/libstdc++.so.6
9# 0x00007F5AA48CD4D8 in /lib/x86_64-linux-gnu/libstdc++.so.6
10# std::__throw_length_error(char const*) in /lib/x86_64-linux-gnu/libstdc++.so.6
11# 0x00007F5AA64A29AC in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
12# 0x00007F5AA64A2281 in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
13# 0x00007F5AA733A3BB in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
14# 0x00007F5AA73355FE in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
15# 0x00007F5AA7332396 in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
16# OpenImageIO_v2_5_2::ImageInput::create(OpenImageIO_v2_5_2::basic_string_view<char, std::char_traits >, bool, OpenImageIO_v2_5_2::ImageSpec const*, OpenImageIO_v2_5_2::Filesystem::IOProxy*, OpenImageIO_v2_5_2::basic_string_view<char, std::char_traits >) in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
17# OpenImageIO_v2_5_2::ImageInput::open(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, OpenImageIO_v2_5_2::ImageSpec const*, OpenImageIO_v2_5_2::Filesystem::IOProxy*) in /root/fuzz/fuzz_oiio/oiio/build/lib/libOpenImageIO.so.2.5.2
18# 0x000055E91B20C502 in ../../../oiio/build/bin/iconvert
19# 0x000055E91B2133A1 in ../../../oiio/build/bin/iconvert
20# 0x00007F5AA4519D90 in /lib/x86_64-linux-gnu/libc.so.6
21# __libc_start_main in /lib/x86_64-linux-gnu/libc.so.6
22# 0x000055E91B14BC55 in ../../../oiio/build/bin/iconvert
Aborted
Platform information:
OIIO branch/version: 2.4.14.0
OS: Linux
C++ compiler: clang-14.0.6
The text was updated successfully, but these errors were encountered: