[Hugin-devs] [Bug 1942836] Re: Potential Integer Overflow vulnerability in src/celeste/svm.cpp
** Changed in: hugin Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Hugin Developers, which is subscribed to Hugin. https://bugs.launchpad.net/bugs/1942836 Title: Potential Integer Overflow vulnerability in src/celeste/svm.cpp Status in Hugin: Fix Released Bug description: In my fork of Hugin (Hugin++) someone reported the following potential vulnerability. Since I copied this code from Hugin, I forward the reporting here. I had a short look at the file svm.cpp and can confirm that an integer overflow may occure. On Windows variables of type 'int' have only 32 bits. So a solution may be to test for model->nr_class <= 0x . This is the but report at Hugin++: There seems to be potential integer overflow vulnerability in src/celeste/svm.cpp. In line 2862, model->nr_class is read from external source. (2862) FSCANF(fp,"%d",&model->nr_class); ... (2867) int n = model->nr_class * (model->nr_class-1)/2; (2868) model->rho = Malloc(double,n); If model->nr_class is a large integer that can cause integer overflow in line 2867, allocation of memory on 2868 may happen with unexpected value. To manage notifications about this bug go to: https://bugs.launchpad.net/hugin/+bug/1942836/+subscriptions ___ Mailing list: https://launchpad.net/~hugin-devs Post to : hugin-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~hugin-devs More help : https://help.launchpad.net/ListHelp
[Hugin-devs] [Bug 1942836] Re: Potential Integer Overflow vulnerability in src/celeste/svm.cpp
Fixed in changeset eda0e338b594 ** Changed in: hugin Status: New => Fix Committed ** Changed in: hugin Milestone: None => 2021.0beta1 -- You received this bug notification because you are a member of Hugin Developers, which is subscribed to Hugin. https://bugs.launchpad.net/bugs/1942836 Title: Potential Integer Overflow vulnerability in src/celeste/svm.cpp Status in Hugin: Fix Committed Bug description: In my fork of Hugin (Hugin++) someone reported the following potential vulnerability. Since I copied this code from Hugin, I forward the reporting here. I had a short look at the file svm.cpp and can confirm that an integer overflow may occure. On Windows variables of type 'int' have only 32 bits. So a solution may be to test for model->nr_class <= 0x . This is the but report at Hugin++: There seems to be potential integer overflow vulnerability in src/celeste/svm.cpp. In line 2862, model->nr_class is read from external source. (2862) FSCANF(fp,"%d",&model->nr_class); ... (2867) int n = model->nr_class * (model->nr_class-1)/2; (2868) model->rho = Malloc(double,n); If model->nr_class is a large integer that can cause integer overflow in line 2867, allocation of memory on 2868 may happen with unexpected value. To manage notifications about this bug go to: https://bugs.launchpad.net/hugin/+bug/1942836/+subscriptions ___ Mailing list: https://launchpad.net/~hugin-devs Post to : hugin-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~hugin-devs More help : https://help.launchpad.net/ListHelp
