![]() In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. This issue may be used to leak internal memory allocation information.Įprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. This happens because two_back points to a memory address lower than the start of the buffer out. A crafted image file may trigger out of bounds memcpy read in `stbi_gif_load_next`. ![]() Stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. ![]() ![]() When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |