reject truncated reads in ReadPCX to avoid uninitialised data (PR #26624)

3 views
Skip to first unread message

Javid Khan

unread,
Jun 23, 2026, 11:45:36 AM (15 hours ago) Jun 23
to wx-...@googlegroups.com, Subscribed

ReadPCX reads the 128-byte header, the uncompressed scanline buffer and the trailing 768-byte palette of an 8-bit image with stream.Read but never checks how many bytes actually came back, so a truncated pcx leaves the unread tail of those buffers uninitialised and that data then ends up in the decoded image and in the wxImage palette returned by GetPalette. A crafted file that stops just after the 0x0c palette marker is enough to copy uninitialised stack memory into the loaded image. This rejects the file when any of those reads comes up short, in the same way the loader already bails out on other malformed input, and adds a test feeding such a truncated palette.

You can view, comment on, or merge this pull request online at:

  https://github.com/wxWidgets/wxWidgets/pull/26624

Commit Summary

  • 771c13c reject truncated reads in ReadPCX to avoid uninitialised data

File Changes

(2 files)

Patch Links:


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.Message ID: <wxWidgets/wxWidgets/pull/26624@github.com>

VZ

unread,
Jun 23, 2026, 1:59:42 PM (12 hours ago) Jun 23
to wx-...@googlegroups.com, Subscribed
vadz left a comment (wxWidgets/wxWidgets#26624)

Thanks, the fix looks good to me, so I'll merge it, but I'm a bit surprised that I don't get any errors neither from ASAN nor from Valgrind with the new test even without the fix. Shouldn't they complain about reading uninitialized memory? I must be missing something here because they don't...


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!

You are receiving this because you are subscribed to this thread.Message ID: <wxWidgets/wxWidgets/pull/26624/c4782027106@github.com>

VZ

unread,
Jun 23, 2026, 2:05:52 PM (12 hours ago) Jun 23
to wx-...@googlegroups.com, Subscribed

Closed #26624 via c77b7eb.


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!

You are receiving this because you are subscribed to this thread.Message ID: <wxWidgets/wxWidgets/pull/26624/issue_event/27107684382@github.com>

Reply all
Reply to author
Forward
0 new messages