Alex Rebert

icon company @google icon location Pittsburgh

Results 4 issues of Alex Rebert

Various unchecked exceptions while parsing malformed inputs

3 comment

`ImageMetadataReader.readMetadata` can lead to various unchecked exceptions when parsing malformed psd, mp3, heif, and jpeg files. **Steps to repro** 1. Download the [malformed inputs](https://github.com/drewnoakes/metadata-extractor/files/3432593/metadata-extractor-malformed-inputs.zip) and extract them. 2. For each...

bug
help wanted
format-psd
image-queue
format-heif
format-mp3

Fix memory safety issues found by OSS-Fuzz

1 comment

This PR attempts to fix all the open security-relevant issues found by OSS-Fuzz: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33457: There was an integer overflow when computing `pageSize`. Fixed in c71d965fe9790f635e08c64b5528c6a16fad91ac - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33554: wasm3 was...

Fix out-of-bounds memory accesses in regex parsing

This PR fixes out-of-bounds memory accesses in regex parsing found by OSS-Fuzz. # Out-of-bounds write The implicit casting from integer to unsigned char of min & max in `parserep` allowed...

Update fails when current_exe's directory is not writable (even if current_exe is writable)

We're running into an issue where self update fails trying to write the tmp file in the `std::env::current_exe`s directory. In our particular case, the `std::env::current_exe`s directory is not writable, hence...