You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use valgrind to analysis the bug and get the below information (absolute path information omitted):
==12529== Memcheck, a memory error detector
==12529== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==12529== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==12529== Command: ffjpeg -e segv_ffjpeg_e2
==12529==
==12529== Argument 'size' of function malloc has a fishy (possibly negative) value: -2097127520
==12529== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12529== by 0x4015EB: bmp_load (bmp.c:52)
==12529== by 0x400F2B: main (ffjpeg.c:29)
==12529==
==12529== Invalid read of size 1
==12529== at 0x40C930: jfif_encode (jfif.c:748)
==12529== by 0x400F33: main (ffjpeg.c:30)
==12529== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==12529==
==12529==
==12529== Process terminating with default action of signal 11 (SIGSEGV)
==12529== Access not within mapped region at address 0x0
==12529== at 0x40C930: jfif_encode (jfif.c:748)
==12529== by 0x400F33: main (ffjpeg.c:30)
==12529== If you believe this happened as a result of a stack
==12529== overflow in your program's main thread (unlikely but
==12529== possible), you can try to increase the size of the
==12529== main thread stack using the --main-stacksize= flag.
==12529== The main thread stack size used in this run was 8388608.
==12529==
==12529== HEAP SUMMARY:
==12529== in use at exit: 33,643,096 bytes in 12 blocks
==12529== total heap usage: 14 allocs, 2 frees, 33,647,744 bytes allocated
==12529==
==12529== LEAK SUMMARY:
==12529== definitely lost: 0 bytes in 0 blocks
==12529== indirectly lost: 0 bytes in 0 blocks
==12529== possibly lost: 0 bytes in 0 blocks
==12529== still reachable: 33,643,096 bytes in 12 blocks
==12529== suppressed: 0 bytes in 0 blocks
==12529== Rerun with --leak-check=full to see details of leaked memory
==12529==
==12529== For counts of detected and suppressed errors, rerun with: -v
==12529== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Segmentation fault
Tested in Ubuntu 16.04, 64bit.
The testcase is segv_ffjpeg_e2.
I use the following command:
and get:
I use valgrind to analysis the bug and get the below information (absolute path information omitted):
The gdb reports:
An attacker can exploit this vulnerability by submitting a malicious bmp that exploits this bug which will result in a Denial of Service (DoS).
The text was updated successfully, but these errors were encountered: