Thread with 9 posts
jump to expanded post
I found a bug in stb_image, but not the sexy security vulnerability kind
https://github.com/nothings/stb/issues/1456
can I nerd-snipe someone who knows about DEFLATE and/or Huffman coding? 🥺
ooh it’s a regression. I’m scared that the cause of the regression will be “introducing security checks” though
(narrator voice) it was
I might have found the problem ^^
It was a team effort, though!
me: so, the purpose of the adler-32 checksum at the end of a png’s zlib stream…
you: …is to check the data integrity, right?
me: no, the purpose of a system is what it does
you: oh no
me: and what it does is let the decompressor have little a buffer overrun, as a treat
you:
well, i think i nerd-sniped @.rygorous, they fixed it properly now. thank you!!
@hikari not even a nerd snipe, this is just my job. :)
@rygorous aha, congratulations?