|
|
|
|
|
|
by hedora
1184 days ago
|
|
|
As bad (but on the png side, not the fs library side), if the app crashes mid crop, then this misuse of the posix API means the original image will be corrupted. They should be doing a “mktemp; write; sync; rename”, which atomically and durably replaces the file in most linux file systems. There might also be an exploitable race where you overwrite the file in place while it is being parsed, leading to undefined behavior in applications attempting to read the file. |
|
|