You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a signed integer overflow within the library, within the following tags can trigger this resulting in denial of service within rlottie.
./harness` small.json
frame count: 1
starting...
/home/harry/rlottie/src/vector/freetype/v_ft_raster.cpp:1385:38: runtime error: signed integer overflow: -2147483648 - 2147483647 cannot be represented in type 'int'
This can be found here when loading in the Json file:
Hello,
There is a signed integer overflow within the library, within the following tags can trigger this resulting in denial of service within rlottie.
This can be found here when loading in the Json file:
{ "v": "0", "": [], "assets": [ { "": 0 }, { "": 0, "id": "fr000", "h": 2 }, { "": 0 } ], "layers": [ { "": 0 }, { "": 0 }, { "": 0, "ks": { "": { "": 0 } }, "ty": 2, "refId": "fr000" } ] }The overflow occurs when the parameters of refId are given 000 resulting in a overflow. This has to be within the layers function for the bug to be triggered:
https://github.com/Samsung/rlottie/blob/master/src/vector/freetype/v_ft_raster.cpp#L1385C15-L1385C73
To recreate issue:
compile code with:
harness.cpp.tar.gz
The text was updated successfully, but these errors were encountered: