hugin-devs team mailing list archive

[tmodes <1942836@xxxxxxxxxxxxxxxxxx>]

Fixed in changeset eda0e338b594

** Changed in: hugin
       Status: New => Fix Committed

** Changed in: hugin
    Milestone: None => 2021.0beta1

-- 
You received this bug notification because you are a member of Hugin
Developers, which is subscribed to Hugin.
https://bugs.launchpad.net/bugs/1942836

Title:
  Potential Integer Overflow vulnerability in src/celeste/svm.cpp

Status in Hugin:
  Fix Committed

Bug description:
  In my fork of Hugin (Hugin++) someone reported the following potential
  vulnerability. Since I copied this code from Hugin, I forward the
  reporting here. I had a short look at the file svm.cpp and can confirm
  that an integer overflow may occure. On Windows variables of type
  'int' have only 32 bits. So a solution may be to test for
  model->nr_class <= 0xffff .

  This is the but report at Hugin++:

  There seems to be potential integer overflow vulnerability in src/celeste/svm.cpp.
  In line 2862, model->nr_class is read from external source.

  (2862) FSCANF(fp,"%d",&model->nr_class);
  ...
  (2867) int n = model->nr_class * (model->nr_class-1)/2;
  (2868) model->rho = Malloc(double,n);

  If model->nr_class is a large integer that can cause integer overflow in line 2867,
  allocation of memory on 2868 may happen with unexpected value.

To manage notifications about this bug go to:
https://bugs.launchpad.net/hugin/+bug/1942836/+subscriptions