Headline
CVE-2022-27938: [BUG] a reachable assert in stbi__create_png_image_raw · Issue #163 · saitoha/libsixel
stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.
Describe the bug
There is a reachable assert bug found in stbi__create_png_image_raw, can be triggered via img2sixel+ ASan
To Reproduce
compile the program with CFLAGS="-fsanitize=address" CC=clang
then run ./img2sixel $POC
output:
img2sixel: ./stb_image.h:4374: int stbi__create_png_image_raw(stbi__png *, stbi_uc *, stbi__uint32, int, stbi__uint32, stbi__uint32, int, int): Assertion `img_width_bytes <= x' failed.
Aborted
system
ubuntu 16.04,
clang 12.0.1
libsixel latest commit 6a5be8b
Acknowledgement
NCNIPC of China
POC
poc.zip