hopper-vul
hopper-vul
The inner implementation RE2::Set::Compile() will return true for success and false for failure of prog_ compilation. Other APIs return -1 to inform an error, however this API use 0. The...
Hi, we found a crash in `cre2_find_named_capturing_groups` by using fuzzing. When analyzing the crash dump, the program crashed at ```const std::map& m = TO_CONST_RE2(re)->NamedCapturingGroups();```. Here is the trigger program to...
Hi, I found a crash when fuzzing the cre2 by a synthetical harness. The sample code is listed bellow. The internal implementation of `cre2_set_compile()` returns false if `prog_` is nullptr,...
cJSON_DetachItemViaPointer() will crash if the detached item has field `prev` is null. The common suitation scenario is the detached item is created by cJSON_Create* APIs and directly pass it to...
Hi, we found an iteger overflow happend in png_read_png by fuzzing and it evently caused a crash. Similar to #456, let assume the read 13 bytes are : `{0, 0,...
Hi, we have found a overflow crash inside `png_read_png` by using fuzzing. The crash location is at: `png_combine_row` pngrutil.c:3675, which is the same as #455 mentioned, but absolute different routines....
Hi, when fuzzing libpng, we found `png_progressive_combine_row()` could be crashed if it is called after `png_read_png()`. In `png_read_png`, it calls `png_read_info(png_ptr,..)`->`png_handle_IHDR(png_ptr,..)` to read bytes (exactly 13 bytes) form png io...
In png_image_write_main, the function checks overflow by : ```c png_uint_32 png_row_stride = image->width * channels; ... if (image->height > 0xffffffffU/png_row_stride) ... ``` if the `width` is zero in image structure,...
Hi, I found a crash in `png_warning` by using fuzzing. The `png_warning` will crash when the length of second argument less than 15 and the first byte is 0x23, if...
Hi, when fuzzing the libpng, i found a possible overflow in `png_set_quantize`. If the passed `num_palette` greater than the passed `maximum_colors` and the length of passed `histogram`, it will happens...