virus for png file in webkit?

[Yipeng Cao]

see the following screen cap:



anyone saw this one before?


Thanks
Yipeng

[Alexandre Elias]

This png was intentionally designed to trigger a buffer overflow in an older version of libpng.  The associated html file links to some history in https://bugzilla.mozilla.org/show_bug.cgi?id=251381 .  So your antivirus program is not wrong.  That said, Chromium should be safe against the exploit given that this test ensures the overflow doesn't work :).

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev

[Yipeng Cao]

ah,  interesting.  thanks Alex!

[Bernhard Bauer]

Maybe the png file actually exploits the test binary to make it print success? ;-)

Bernhard.

On Fri Feb 20 2015 at 3:50:44 AM 'Yipeng Cao' via Chromium-dev <chromi...@chromium.org> wrote:

ah,  interesting.  thanks Alex!

On Thu, Feb 19, 2015 at 6:27 PM, Alexandre Elias <ael...@chromium.org> wrote:

This png was intentionally designed to trigger a buffer overflow in an older version of libpng.  The associated html file links to some history in https://bugzilla.mozilla.org/show_bug.cgi?id=251381 .  So your antivirus program is not wrong.  That said, Chromium should be safe against the exploit given that this test ensures the overflow doesn't work :).

On Thu, Feb 19, 2015 at 6:14 PM, 'Yipeng Cao' via Chromium-dev <chromi...@chromium.org> wrote:

see the following screen cap:

anyone saw this one before?


Thanks
Yipeng

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.