droellke
droellke
This repo builds under GCC v7.4.0 (e.g. also AFL v2.25b) and CLANG 7.0.0 in 64bit.
This repo slightly modified the challenges# source code to enable instrumentation (e.g. AFSAN/DFSAN). I mainly exchanged library calls, so it shouldn't affect the challenges' vulnerabilities.
Couldn't drag-n-drop original .app to Simulator, but after these changes compilation via xcode works seamlessly!
decodeGeneric() in lodepng.c:4812 has integer overflow. lodepng_inspect_chunk() in lodepng.c:4716 has integer overflow. Can be fixed easily by adding check if INT_MAX-chunkLength-12 < chunk, or using static int lodepng_addofl(size_t a, size_t...
In lodepng_deflatev(), getPixelColorsRGBA8() and lodepng_convert_rgb(), divide by zero can be triggered via bitdepth and input size. Please check if greater than 0 before usage. LOC enumaration: https://sourcegraph.com/github.com/lvandeve/lodepng@master/-/blob/lodepng.cpp#L3271 https://sourcegraph.com/github.com/lvandeve/lodepng@master/-/blob/lodepng.cpp#L3355 https://sourcegraph.com/github.com/lvandeve/lodepng@master/-/blob/lodepng.cpp#L3443:17 https://sourcegraph.com/github.com/lvandeve/lodepng@master/-/blob/lodepng.cpp#L3610...
png_ptr->pixel_depth and png_ptr->rowbytes may be overflown in the following lines: https://sourcegraph.com/github.com/glennrp/libpng@dbe3e0c43e549a1602286144d94b0666549b18e6/-/blob/pngrutil.c#L902 https://sourcegraph.com/github.com/glennrp/libpng@dbe3e0c43e549a1602286144d94b0666549b18e6/-/blob/pngrutil.c#L903 ( (size_t)(width) * (size_t)(pixel_bits) inside PNG_ROWBYTES )
Setting row_bytes to 0 may trigger undefined behavior or crash in the following line: https://sourcegraph.com/github.com/glennrp/libpng@dbe3e0c43e549a1602286144d94b0666549b18e6/-/blob/pngrutil.c#L3172