New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERROR-Segmentation fault #501
Comments
|
(gdb) bt |
|
then i will provide the ASAN data: |
|
gdb-peda$ x/x 0x0053ffffffbc then I use gdb want to access 0x0053ffffffbc.but I can't. then I read the image-pnm.cpp.I find the reason of this error。 |
|
CVE-2018-10971 has been assigned for this issue (not requested by me). |
|
@EnchantedJohn include sample PoC file to this issue e.g. inside zip file. |
|
Thanks,I will close it. |
|
@EnchantedJohn You have misunderstood something. You should not close these issue reports before these have been fixed. |
I used the AFL tool to find the bug of the image_load_pnm() method,
error is :
Starting program: /home/lx/5_7/flif/flif/src/flif -e id:000003,sig:11,src:000049,op:havoc,rep:2 test6.flif
Warning: expected ".png", ".pnm" or ".pam" file name extension for input file, trying anyway...
Error: could not allocate enough memory for image buffer.
Program received signal SIGSEGV, Segmentation fault.
0x00000000004ac45a in set (x=, c=, r=0, p=0, this=0x7fffffffdfb0) at image/image.hpp:906
906 planes[p]->set(r,c,x);
The following is which is the gdb stack

Then the following is gdb's instructions and registers
(gdb) x/i $pc
=> 0x4ac45a <image_load_pnm(char const*, Image&)+5210>: mov (%rdi),%r10
(gdb) i r
rax 0xffffffff 4294967295
rbx 0xffffffff 4294967295
rcx 0x0 0
rdx 0x0 0
rsi 0x0 0
rdi 0x0 0
rbp 0x1 0x1
rsp 0x7fffffffdd90 0x7fffffffdd90
r8 0x7ffff7fca780 140737353918336
r9 0x7461636f6c6c6120 8386093311352135968
r10 0x7fffffffdb50 140737488345936
r11 0x246 582
r12 0x0 0
r13 0x80 128
r14 0x7fffffffdfb0 140737488347056
r15 0xfffffe44 4294966852
rip 0x4ac45a 0x4ac45a <image_load_pnm(char const*, Image&)+5210>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
The text was updated successfully, but these errors were encountered: