| Summary: | Bad IMG_Init tests for JPG, PNG, TIF, and WEBP can cause crash | ||
|---|---|---|---|
| Product: | SDL_image | Reporter: | Doug <dougmc> |
| Component: | misc | Assignee: | Ozkan Sezer <sezeroz> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | normal | ||
| Priority: | P2 | CC: | knight4553kai |
| Version: | 1.2.12 | ||
| Hardware: | All | ||
| OS: | All | ||
| Attachments: | Patch to fix IMG_Init tests in load functions | ||
Update: It appears for 2.0.0 this issue has been fixed in the IMG_Init() function itself. SDL_image 1.2.12: IMG_Init() returns all set flags for all image types. SDL_image 2.0.0: IMG_Init() returns only set flags for the specified (arg) image type. I failed to notice this in 2.0.0 since I was working with the 1.2.12 version. So this issue seems to only be important for the 1.2.12 release. Maybe they will backport the patch. Anyways, good news. https://lasvegas.es The only reason this report is bumped after 4 years and 10 months is because someone added a spam link in #c2. I will try comparing 2.0 and 1.2 versions of IMG.c but are we sure that this is still an issue in current hg? This was fixed in 2.0 back in 2016 by: http://hg.libsdl.org/SDL_image/rev/fd7214657669 .. and this fix was backport to 1.2 in 2018 by: http://hg.libsdl.org/SDL_image/rev/1a1189c2978f Closing as fixed. |
Created attachment 2000 [details] Patch to fix IMG_Init tests in load functions For each of JPG, PNG, TIF, and WEBP load functions, a call is made to IMG_Init() and tested to see if the image-type library is OK. The load function returns NULL if IMG_Init() returns zero. Here's a snippet from IMG_JPG.c: if ( !IMG_Init(IMG_INIT_JPG) ) { return NULL; } The bug is that IMG_Init returns bits/flags of which image handlers are OK. So, if I have say successfully loaded a PNG image, then I try to load say a JPG image (but the jpeg library isn't present) IMG_Init() still returns a non-zero value and the JPG loading code will proceed with NULL jpeg function pointers. This bug will "fire" if any of JPG, PNG, TIF, or WEBP is loaded OK followed by loading another image type where the library doesn't load OK or is missing. The "fix" is to test each image type's flag in the load function. For example, the jpeg code above can be fixed by doing this: if ( !(IMG_Init(IMG_INIT_JPG)&IMG_INIT_JPG) ) { return NULL; } This ensures that the correct image type flag is tested for each image type. Attached is a sample patch on changeset 467:2b0ada991468 that fixes this bug. Note: this bug also exists in the 1.2.12 release.