ocaml-imagelib PNG: Out of bounds palette index

PNG: Out of bounds palette index

Open cfcs opened this issue 5 years ago • 1 comments

(This is part of the work on a test suite for imagelib that @olleolleolle and I are working on.)

Here's a trigger for an out-of-bounds array indexing operation in imagePNG.ml (line 952).

id:000049,sig:06,src:000245,op:ext_AO,pos:12

As you can see the code already has a FIXME, so we should! :-)

     | 3 ->
       let image = create_rgb ~max_val:255 w h in
       for y = 0 to h - 1 do
         for x = 0 to w - 1 do
           let index = unfiltered_int.(y).(x) in
           let index = (* FIXME *)
             if index >= Array.length !palette
             then (Printf.fprintf stderr "Palette index too big...\n%!"; 0)
             else index
           in
           let p = !palette.(index) in (* <-- line 952 *)
           write_rgb image x y p.r p.g p.b
         done
       done;
       image

Sep 26 '19 11:09 cfcs

I think maybe just raise (Corrupted_image "PNG palette index out of bounds") would be sufficient? (wonder if this can be negative as well?)

Sep 26 '19 11:09 cfcs

ocaml-imagelib ocaml-imagelib copied to clipboard

PNG: Out of bounds palette index

ocaml-imagelib
ocaml-imagelib copied to clipboard