db2acff8b1
stb_vorbis: fix bug in computing end of temp alloc buffer if it's not a multiple of 8
2020-07-13 04:12:21 -07:00
3152efaa97
Merge branch 'fuzzer_updates' of https://github.com/randy408/stb into working
2020-07-13 04:08:36 -07:00
f3085776a4
Merge branch 'patch-1' of https://github.com/coltongit/stb into working
2020-07-13 04:07:16 -07:00
589a678b65
Merge branch 'master' of https://github.com/recp/stb into working
2020-07-13 04:06:19 -07:00
a9df364a7c
Merge branch 'fix_stb_vorbis_alignment' of https://github.com/RandomShaper/stb into working
2020-07-13 04:00:41 -07:00
bfaccab17a
Merge branch 'stb-image-fuzzing-fixes' of https://github.com/rcgordon/stb into working
2020-07-13 03:53:53 -07:00
58b2e1490d
Merge branch 'fix_alloca' of https://github.com/Clownacy/stb into working
2020-07-13 03:33:18 -07:00
ce54bbc454
Merge branch 'master' of https://github.com/AdamKorcz/stb into working
2020-07-13 03:29:47 -07:00
0ccb4f0071
Merge branch 'rg-matchcolors' of https://github.com/castano/stb into working
2020-07-13 03:27:22 -07:00
5a8702567a
credit for PR
2020-07-13 03:11:47 -07:00
da888065bf
Merge branch 'master' of https://github.com/Vawx/stb into working
2020-07-13 03:11:13 -07:00
fb1cea02f8
tweak PR
2020-07-13 03:06:50 -07:00
add7adc3ea
Merge branch 'patch-1' of https://github.com/vickit144/stb into working
2020-07-13 03:05:44 -07:00
fd9c3ea4af
Merge branch 'bmp-assert' of https://github.com/zturtleman/stb into working
2020-07-13 03:01:52 -07:00
6f7420a825
add credits for last few PR merges
2020-07-13 02:59:10 -07:00
67881b61ab
Merge branch 'stbds-arraddn' of https://github.com/HeroicKatora/stb into working
2020-07-13 02:52:03 -07:00
1c816743b6
make PR compile in MSVC6
2020-07-13 02:49:46 -07:00
cae8e852f6
Merge branch 'perfect-endpoint-quantization' of https://github.com/castano/stb into test
2020-07-13 02:48:11 -07:00
cae97bdb17
Merge branch 'alloca-fix' of https://github.com/mackron/stb into test
2020-07-13 02:47:41 -07:00
fdafd1aab4
Merge branch 'loadgif-realloc-sized' of https://github.com/SasLuca/stb into test
2020-07-13 02:45:13 -07:00
b3a74a5c8a
fix PR to work on VC6
2020-07-13 02:43:26 -07:00
206529e08e
Merge branch 'unused#801' of https://github.com/hashitaku/stb into test
2020-07-13 02:42:57 -07:00
dfdb7d9c14
stb_ds: use keyoffset in key comparison
2020-07-13 02:42:37 -07:00
523a14f3e1
stb_image_write: small buffer to avoid calling fwrite on every pixel
2020-07-13 02:20:59 -07:00
802a1df278
tweak indentation
2020-07-13 02:20:37 -07:00
c5b527aa01
modern seeding of mersenne twister
2020-07-13 02:20:07 -07:00
1e400e21d2
stb_ds: fix shputs() for strdup and arena hash table
2020-07-12 18:54:31 +02:00
c24de24aa8
stb_vorbis: Add missing error checks in comment reading mallocs
...
Fixes #988 .
2020-07-07 11:41:18 +02:00
3b14b5afa6
Update Makefile
2020-06-01 06:22:44 +02:00
c8303509fa
make fuzz target compilable as c++ code
2020-06-01 06:18:13 +02:00
9cd6cdc0e5
add ossfuzz build script
2020-06-01 06:09:16 +02:00
a6b384358f
Merge branch 'fuzzer_updates' of https://github.com/randy408/stb into fuzzer_updates
2020-06-01 06:03:50 +02:00
a7fed59fe4
add fuzz target to Makefile
2020-06-01 06:01:40 +02:00
9e292f0731
Fix minor typo in comment on line 6532
2020-05-30 17:41:25 -03:00
ec898982b0
stbi: use __thread if GCC can't use _Thread_local
2020-05-26 00:22:12 +03:00
8cb98357de
stbi: fix thread local selector
...
* GCC < 5 supports __thread and GCC >= 5 supports C11 with _Thread_local
* Skip _Thread_local for MSVC because it may not be supported
2020-05-26 00:03:46 +03:00
d1d0e9fdb0
add fuzz target to Makefile
2020-05-11 08:59:07 +02:00
5a7af50fa5
remove stb_png_read_fuzzer.options
2020-05-11 08:47:45 +02:00
88062723ff
rename fuzz target
2020-05-11 08:18:56 +02:00
b75413f8a4
do not define STBI_ONLY_PNG in fuzz target
2020-05-11 08:18:15 +02:00
4bafa56899
rename fuzz target, add entry point
2020-05-11 05:48:25 +02:00
2d0faa4d26
stb_vorbis.c: Fix missing update to 64-bit alignment
2020-05-03 02:35:08 +02:00
c29138ba59
Add randy408 to the "Bug warnings & fixes" list.
2020-04-29 14:20:33 -04:00
29d639546d
fix integer arithmetic in stbi__zexpand()
2020-04-29 14:19:01 -04:00
b09cb2c6f5
Add Ryan C. Gordon to "Bug & warning fixes" contribution list.
2020-04-28 13:28:45 -04:00
89f3f35c9f
stbi__skip should return immediately if skipping zero bytes.
...
Otherwise we might waste time or throw away state in the i/o callbacks.
2020-04-28 13:28:45 -04:00
d60594847e
Reject images that are too large (as defined by the application).
...
The BMP loader already had this hardcoded to (1 << 24) pixels, so this seems
like a good default to apply to all formats, but many apps will want to clamp
this much much lower.
It's possible to craft malicious but valid images that are enormous, causing
stb_image to allocate tons of memory and eat a ton of CPU, so locking these
to a maximum permitted size can save a lot of headaches in the wild.
2020-04-28 13:28:45 -04:00
98ca24b8c7
Turn several asserts into formal checks.
...
There are several places where stb_image protects itself from bad data with
STBI_ASSERT macros, but if these are compiled out in release builds the code
will overflow buffers, etc, without warning. If they are left enabled, the
process will crash from assertion failures.
This patch attempts to leave the assertions in place that are meant to verify
the correctness of the interfaces (if the calling function was meant to pass
only 8 or 16 for bit depth, it's reasonable to assert that is accurate), but
changes asserts that are triggered by corrupt or malicious image file data.
Failed asserts were the majority of crashes during fuzzing; now all of these
cases safely report an error back to the calling app.
2020-04-28 13:28:45 -04:00
95560bc6cf
Be more aggressive about unexpected EOF conditions.
...
Fixes several hangs in the presence of bad input data.
2020-04-28 13:28:45 -04:00
eb4b057f0d
Check a return value for errors.
...
Catches bad input data found during fuzzing.
2020-04-28 13:28:45 -04:00
