Skip to content

It exists a buffer overflow when use function raw2image() #193

Closed
@fantasyoung

Description

@fantasyoung

Description

When use function raw2image(),it will be buffer overflow

My test program

4channels in Libraw/bin

Command and argument

./configure --disable-shared CFLAGS="-fsanitize=address -ggdb" CXXFLAGS="-fsanitize=address -ggdb
./4channels ../../../output2/dcraw_emu2/crashes/id:000000,sig:11,src:002769+002786,op:splice,rep:4

Crash Information

Processing file ../../../output2/dcraw_emu2/crashes/id:000000,sig:11,src:002769+002786,op:splice,rep:4
ASAN:SIGSEGV
=================================================================
==47956==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000042a61d bp 0x7ffdaf5c2c00 sp 0x7ffdaf5c2b20 T0)
    #0 0x42a61c in LibRaw::raw2image() src/libraw_cxx.cpp:3409
    #1 0x404824 in main samples/4channels.cpp:110
    #2 0x7fc4d13ce82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #3 0x403df8 in _start (/home/wind/libraw_fuzz_new/as_libraw/LibRaw-master/bin/4channels+0x403df8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/libraw_cxx.cpp:3409 LibRaw::raw2image()
==47956==ABORTING

POC File

crash.zip

CREDIT

pu!m,Huawei Weiran Labs

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions