Skip to content

Out-of-bounds read when user overrides image dimensions #12

Description

@benzwick

In app/mvox.cpp:268-270, the user can override nx, ny, nz via command-line options:

if (nx == 0) nx = size[0];
if (ny == 0) ny = size[1];
if (nz == 0) nz = size[2];

If the user sets values larger than the actual image dimensions, the loops at lines 363-364 and 449 index past the image buffer:

int mask = masks[i];        // out of bounds
int attr = attributes[i];   // out of bounds

The same issue applies to the tensor image, and there is no validation that the masks, attributes, and tensor images have matching dimensions.

Fix: Validate user-provided dimensions do not exceed actual image size, and check that all input images have the same dimensions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions