Failure to check file size leads to out-of-bounds memory access

Hello,
I am testing my new fuzz tester recently. I found a crash when testing the gif2tga program. After analysis, the vulnerability appears in the following code snippet

```
	if(v!=i->gce.transparent_color || !i->gce.transparent_flag) {
#ifndef NGIFLIB_INDEXED_ONLY
		if(p->mode & NGIFLIB_MODE_INDEXED) {
#endif /* NGIFLIB_INDEXED_ONLY */
			*context->frbuff_p.p8 = v;
#ifndef NGIFLIB_INDEXED_ONLY
		} else
			*context->frbuff_p.p32 = v < i->ncolors ?
			   GifIndexToTrueColor(i->palette, v) : 0;
#endif /* NGIFLIB_INDEXED_ONLY */
	}
```

I think it should be caused by not checking the file structure in the LoadGIF function, resulting in too many memory addresses being allocated.

The condition for the vulnerability to be triggered is

`gif2tga poc.gif`

The poc file is

![poc](https://github.com/miniupnp/ngiflib/assets/47141195/a5cfdf79-e156-4b2b-b811-e8a622e2525e)

by Kaiyu Xie

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Failure to check file size leads to out-of-bounds memory access #33

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Failure to check file size leads to out-of-bounds memory access #33

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions