New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
It exists a buffer overflow when use function raw2image() #193
Comments
Could you please specify what LibRaw version (branch, commit ID, etc) has this problem? Just checked with 4channels from current master branch: it refuses your crash sample at early stage. |
It's the master branch,commit ID is e6c6d25. |
This is not buffer overflow, but possible write at 0. Fixed in this patch: 7e29b9f |
This crash is also existing in the latest commit 7e29b9f
And when I use AddressSanitizer,the program will be like this
|
Could not confirm that: just recompiled latest commit with clang, there is no SEGV in raw2image ./bin/4channels ~/asan/0000.rawProcessing file /home/lexa/asan/0000.raw |
After I confirmd,in the latest 7e29b9f,it is like this
My environment is Linux ubuntu 4.15.0-42-generic #45~16.04.1-Ubuntu SMP Mon Nov 19 13:02:27 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux |
Your latest report (malloc assertion) definitely points to some other problem, because raw2image is already done before black level subtraction (reported) and file write |
This is was assigned CVE-2018-20363 |
This specific initial case is definitely resolved. Please open other issue if there is another problem (not raw2image/raw2image_ex/copy_bayer related). |
Description
When use function raw2image(),it will be buffer overflow
My test program
4channels in Libraw/bin
Command and argument
./configure --disable-shared CFLAGS="-fsanitize=address -ggdb" CXXFLAGS="-fsanitize=address -ggdb
./4channels ../../../output2/dcraw_emu2/crashes/id:000000,sig:11,src:002769+002786,op:splice,rep:4
Crash Information
POC File
crash.zip
CREDIT
pu!m,Huawei Weiran Labs
The text was updated successfully, but these errors were encountered: