sabon sakin fakiti don sarrafa hoto da juyawa
, wanda ke kawar da lahani guda 52 da aka gano a lokacin gwaji mai ban mamaki ta hanyar aikin .
A cikin duka, tun daga Fabrairu 2018, OSS-Fuzz ya gano matsalolin 343, wanda 331 an riga an gyara su a cikin GraphicsMagick (don sauran 12, kwanakin 90 na gyaran lokaci bai ƙare ba tukuna). Na dabam
cewa OSS-Fuzz kuma ana amfani dashi don bincika wani aiki mai alaƙa , wanda sama da matsaloli 100 a halin yanzu ba a warware su ba, bayanan da aka riga aka samu a bainar jama'a bayan lokacin gyara ya ƙare.
Baya ga yuwuwar al'amurra da aikin OSS-Fuzz ya gano, GraphicsMagick 1.3.32 kuma yana magance raunin buffer 14 lokacin sarrafa hotuna na musamman a cikin SVG, BMP, DIB, MIFF, MAT, MNG, TGA,
TIFF, WMF da XWD. Ingantattun abubuwan da ba na tsaro sun haɗa da faɗaɗa tallafi ga WebP da ikon yin rikodin hotuna a tsarin makafi don kallo.
Hakanan an lura shine cirewa daga GraphicsMagick 1.3.32 na fasalin da za'a iya amfani dashi don haifar da zubewar bayanai. Batun ya shafi sarrafa bayanin “@filename” don tsarin SVG da WMF, wanda ke ba da damar rubutun da ke cikin ƙayyadadden fayil ɗin don nunawa a saman hoton ko haɗa shi cikin metadata. Mai yuwuwa, idan aikace-aikacen yanar gizo ba su da ingantaccen ingantaccen sigogin shigarwa, maharan na iya amfani da wannan fasalin don samun abubuwan da ke cikin fayiloli daga uwar garken, misali, maɓallan shiga da kuma adana kalmomin shiga. Matsalar kuma tana bayyana a cikin ImageMagick.
source: budenet.ru