Panic when decoding .ico
frewsxcv opened this issue · 2 comments
extern crate image;
use std::io::Cursor;
fn main() {
let input = b"\x30\x30\x30\x30\x01\x00\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x28\x00\x00\x00\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x28\x00\x00\x00\x30\x30\x30\x30\x00\x00\x00\x80".to_vec();
let c = Cursor::new(input);
image::ico::ICODecoder::new(c);
}coreyf@frewbook-pro /t/tmp (master)> cargo run
Running `target/debug/tmp`
thread '<main>' panicked at 'arithmetic operation overflowed', /Users/coreyf/.cargo/registry/src/github.com-0a35038f75765ae4/image-0.4.0/./src/bmp/decoder.rs:180
Process didn't exit successfully: `target/debug/tmp` (exit code: 101)
found using afl.rs
/cc @paulrouget @mbrubeck since you both touched this code recently
I think this is due to the fact –2147483648 * -1 is 2147483648 which can't
be represented but a 32-bit integer
On Oct 25, 2015 4:51 PM, "Corey Farwell" notifications@github.com wrote:
extern crate image;
use std::io::{self, Read, Cursor};
fn main() {
let input = b"\x30\x30\x30\x30\x01\x00\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x28\x00\x00\x00\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x28\x00\x00\x00\x30\x30\x30\x30\x00\x00\x00\x80".to_vec();
let c = Cursor::new(input);
image::ico::ICODecoder::new(c);
}coreyf@frewbook-pro /t/tmp (master)> cargo run
' panicked at 'arithmetic operation overflowed', /Users/coreyf/.cargo/registry/src/github.com-0a35038f75765ae4/image-0.4.0/./src/bmp/decoder.rs:180
Runningtarget/debug/tmp
thread '
Process didn't exit successfully:target/debug/tmp(exit code: 101)found using afl.rs https://github.com/frewsxcv/afl.rs
—
Reply to this email directly or view it on GitHub
#473.