You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a signed integer overflow within the library, within the following tags can trigger this resulting in denial of service within rlottie. ./harness small.json frame count: 1 starting... /home/rlottie/src/vector/freetype/v_ft_raster.cpp:1385:38: runtime error: signed integer overflow: -2147483648 - 2147483647 cannot be represented in type 'int'
This can be found here when loading in the Json file:
The overflow occurs when the parameters of refId are given 000 resulting in a overflow. This has to be within the layers function for the bug to be triggered:
Hello,
There is a signed integer overflow within the library, within the following tags can trigger this resulting in denial of service within rlottie.
./harness small.json frame count: 1 starting... /home/rlottie/src/vector/freetype/v_ft_raster.cpp:1385:38: runtime error: signed integer overflow: -2147483648 - 2147483647 cannot be represented in type 'int'
This can be found here when loading in the Json file:
{ "v": "0", "": [], "assets": [ { "": 0 }, { "": 0, "id": "fr000", "h": 2 }, { "": 0 } ], "layers": [ { "": 0 }, { "": 0 }, { "": 0, "ks": { "": { "": 0 } }, "ty": 2, "refId": "fr000" } ] }
The overflow occurs when the parameters of refId are given 000 resulting in a overflow. This has to be within the layers function for the bug to be triggered:
rlottie/src/vector/freetype/v_ft_raster.cpp
Line 1434 in 67f103b
harness.cpp.tar.gz
The text was updated successfully, but these errors were encountered: