As is common in C programming, many Netpbm programs were written with the assumption that inputs aren't such that they cause the program to attempt to compute values that cannot be represented in the data structure the program uses. For example, you might supply an input image that is 1 million columns wide by 1 million rows tall. The program might naively attempt to multiply those values together and represent the result in a 32 bit integer structure. Since the real product is too large to represent in 32 bits, the naive C code actually computes a different number, without recognizing any kind of error.

Such an overflow can cause an untold variety of program failures. A typical example is that the program uses the bogus number as the amount of storage that needs to be allocated for an array. It thus allocates too little storage for the array. A subsequent reference to an element in the array thus references arbitrary storage that has nothing to do with that array.

This could conceivably be a security exposure.

Most of the historical overflows were fixed as of about Release 10.18, with the addition of some centralized code to allocate arrays with overflow checking, and checks in the image reading library routines for giant image dimensions that would cause common calculations to overflow.

The others that remain are mainly just undiscovered.


By Bryan Henderson, San Jose, CA; bryanh@giraffe-data.com last checked 2005.01.10.