We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2454

Summary:	Crash when loading some XPM files
Product:	SDL_image	Reporter:	Jeff Pohlmeyer <yetanothergeek>
Component:	misc	Assignee:	Sam Lantinga <slouken>
Status:	RESOLVED FIXED	QA Contact:	Sam Lantinga <slouken>
Severity:	critical
Priority:	P2
Version:	unspecified
Hardware:	x86
OS:	Linux
Attachments:	Malformed XPM test file

Description Jeff Pohlmeyer 2014-03-19 21:12:39 UTC

Created attachment 1595 [details]
Malformed XPM test file

The attached XPM file causes a segfault in the "showimage" test program.

Tested on ArchLinux i686, crash occurs with both SDL_image-1.2.12 and SDL2_image-2.0.0

I'm setting the severity to "critical" because this may potentially be an exploitable buffer overrun, but that's purely speculation.

Comment 1 Sam Lantinga 2014-04-18 06:32:34 UTC

This wasn't a buffer overflow, just a missing NULL check.
Fixed, thanks!
https://hg.libsdl.org/SDL_image/rev/ee17b8eb58ce

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 2454

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.