Opened 7 years ago
Closed 7 years ago
#6928 closed defect (fixed)
pngdataset with FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
| Reported by: | Kurt Schwehr | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | default | Version: | svn-trunk |
| Severity: | normal | Keywords: | fuzzing libpng |
| Cc: |
Description (last modified by )
With r38981, I'm getting an build failure with fuzzing when using libpng 1.6.29. I've not yet figured out a patch that will work across libpng versions, but this got 1.6.29 to work for me.
in pngdataset.cpp
#ifdef DISABLE_CRC_CHECK # include "pngpriv.h" # include "pngstruct.h" #endif
frmts/png/pngdataset.cpp:472:9: error: member access into incomplete type 'png_struct' (aka 'png_struct_def')
hPNG->flags &= ~PNG_FLAG_CRC_CRITICAL_MASK;
Change History (4)
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 7 years ago
comment:3 by , 7 years ago
Always a bonus for finding bugs anywhere in the stack, but it's not critical that gdal focus on fuzzing libpng as libpng is a part of oss-fuzz:
https://github.com/google/oss-fuzz/tree/master/projects/libpng
Note:
See TracTickets
for help on using tickets.
After all, I'm not completely sure we need this disabling of PNG CRC checking. I saw it somewhere, but it is not like we want to fuzz libpng itself after all ?