Closed
Description
The GET_PROPERTY_TABLE in x3f_load_property_list function get a large name_offset and value_offset, the programe will crash in parse_x3f funtion 's utf2char(P[i].name, name) and utf2char(P[i].value, value) when it access a unreadable address.
raw-identify poc_54F1F_name
Program received signal SIGSEGV, Segmentation fault.
0x0000000000454f1f in utf2char (buffer=0x7ffffff70d70 "FLENGTH", str=0x3e6e1cc8) at src/libraw_cxx.cpp:6087
(gdb) bt
#0 0x0000000000454f1f in utf2char (buffer=0x7ffffff70d70 "FLENGTH", str=0x3e6e1cc8) at src/libraw_cxx.cpp:6087
#1 LibRaw::parse_x3f (this=this@entry=0x7ffffff74170) at src/libraw_cxx.cpp:6158
#2 0x000000000043bd7e in LibRaw::identify (this=this@entry=0x7ffffff74170) at internal/dcraw_common.cpp:17827
#3 0x0000000000451b34 in LibRaw::open_datastream (this=0x7ffffff74170, stream=0x6decc0) at src/libraw_cxx.cpp:2002
#4 0x000000000045350c in LibRaw::open_file (this=this@entry=0x7ffffff74170,
fname=0x7fffffffe4d7 "poc_54F1F_name", max_buf_size=max_buf_size@entry=262144000)
at src/libraw_cxx.cpp:1041
#5 0x0000000000403aeb in main (ac=<optimized out>, av=<optimized out>) at samples/raw-identify.cpp:136
Please assign a CVE-ID, thank you!
Metadata
Metadata
Assignees
Labels
No labels