Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV exrmakepreview in makePreview.cpp:132 #493

Closed
strongcourage opened this issue Jul 24, 2019 · 6 comments
Closed

SEGV exrmakepreview in makePreview.cpp:132 #493

strongcourage opened this issue Jul 24, 2019 · 6 comments
Labels
Bug A bug in the source code

Comments

@strongcourage
Copy link

Hi,

I found a null pointer dereference bug on exrmakepreview (the latest commit 9410823 on master).

PoC: https://github.com/strongcourage/PoCs/blob/master/openexr_9410823/PoC_npd_generatePreview
Command: exrmakepreview -v $PoC /dev/null

ASAN says:

==5549==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000402db3 bp 0x7fbf849cd800 sp 0x7ffe12fc8050 T0)
    #0 0x402db2 in generatePreview /home/dungnguyen/gueb-testing/openexr/OpenEXR/exrmakepreview/makePreview.cpp:132
    #1 0x402db2 in makePreview(char const*, char const*, int, float, bool) /home/dungnguyen/gueb-testing/openexr/OpenEXR/exrmakepreview/makePreview.cpp:162
    #2 0x402187 in main /home/dungnguyen/gueb-testing/openexr/OpenEXR/exrmakepreview/main.cpp:185
    #3 0x7fbf8244082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #4 0x402428 in _start (/home/dungnguyen/PoCs/openexr_9410823/exrmakepreview-asan+0x402428)

Thanks,
Manh Dung
peterhillman added a commit to peterhillman/openexr that referenced this issue Jul 25, 2019
@peterhillman
Fix logic for 1 pixel high/wide preview images (Fixes AcademySoftware…
587ad0e 
…Foundation#493)
@kdt3rd kdt3rd closed this as completed in 7450450 Jul 25, 2019
@kdt3rd kdt3rd added the Bug A bug in the source code label Jul 25, 2019
@carnil
Copy link

carnil commented Dec 10, 2020

CVE-2020-16588 seems to have been assigned for this issue.

@theta682
Copy link
Contributor

Please, communicate with NVD (https://nvd.nist.gov/info) and update the applicable version. As I understand it was fixed in 2.4.0.

@meshula
Copy link
Contributor

meshula commented Dec 14, 2020

@theta682 when you say communicate with NVD, do you mean send an email to the "general contact" address? I don't spot tools or instructions on their website to update the applicable version on either the info page or on the page specifically for this issue. (https://nvd.nist.gov/vuln/detail/CVE-2020-16588)

@strongcourage
Copy link
Author

Hi all,

I requested a CVE for this bugs several months ago, and recently this one has been asssigned a CVE. In my report, I showed that this bug has been fixed by the developers. You can see the fix commit in the references. So I think we don't need to do anything.

Best,
MD

@meshula
Copy link
Contributor

meshula commented Dec 14, 2020

Great, thanks for looking into it!

@theta682
Copy link
Contributor

@meshula on https://nvd.nist.gov/info you can find the e-mail (nvd@nist.gov). Previously I contacted them and they updated the CVE which I asked to update.

DominicJacksonBFX pushed a commit to boris-fx/mocha-openexr that referenced this issue Jun 22, 2022
@peterhillman @DominicJacksonBFX
Fix logic for 1 pixel high/wide preview images (Fixes AcademySoftware…
781223e 
…Foundation#493)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug A bug in the source code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@meshula @carnil @kdt3rd @theta682 @strongcourage