https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47342 The read overflow triggered by reading `src[j]` in ```cpp for (j = 0; j < max; ++j) { dst[j] = src[j]; } ``` The max is calculated as `new_comps[pcol].w * new_comps[pcol].h`, however the `src = old_comps[cmp].data;` which may have different `w` and `h` dimensions.pull/23067/head
parent
9208dcb07c
commit
a2fc479c0b
1 changed files with 1 additions and 1 deletions
Loading…
Reference in new issue