-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
avifdec writing PNG returns error #1086
Comments
Frank: I can't reproduce this bug. Could you provide a sample PNG file? You can email it to me and Yannis. Thanks. |
I managed to reproduce it internally with
Step 1.i. should store the offset instead of the pointer, or copy the bytes immediately. |
Add a test for AOMediaCodec#1086 to prevent regression.
Add a test for AOMediaCodec#1086 to prevent regression.
Yannis: Good job tracking this bug down. This kind of memory error is a serious problem. We should take the opportunity to review the relevant code carefully. Do you know why the Exif and XMP metadata are not affected by this bug? It seems that they avoid this bug by either reading the data early or storing the offset (in the |
I sent #1114 as an attempt to catch this kind of issue, when called by a fuzz target for example. A local run of an internal fuzz target did not report anything. Maybe the CI continuous fuzzing will. |
Add a test for #1086 to prevent regression.
Fixed by #1103. |
Steps to reproduce:
I get error:
libpng error: profile 'libavif': 49002h: length does not match profile
If I comment out this line:
https://github.com/AOMediaCodec/libavif/blob/main/apps/shared/avifpng.c#L421
Then I do not see the error.
The text was updated successfully, but these errors were encountered: