Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When use function copy_bayer(),it will exist SEGV
postprocessing_benchmark in Libraw/bin
./postprocessing_benchmark 1111
Processing file 1111 5.9 msec for unpack ================================================================= ASAN:SIGSEGV ==98633==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004556fb bp 0x7ffe69c00ed0 sp 0x7ffe69c00e90 T0) #0 0x4556fa in LibRaw::copy_bayer(unsigned short*, unsigned short*) [clone ._omp_fn.2] src/libraw_cxx.cpp:3609 #1 0x7f929c0dfcbe in GOMP_parallel (/usr/lib/x86_64-linux-gnu/libgomp.so.1+0xbcbe) #2 0x42c27b in LibRaw::copy_bayer(unsigned short*, unsigned short*) src/libraw_cxx.cpp:3601 #3 0x42e039 in LibRaw::raw2image_ex(int) src/libraw_cxx.cpp:3802 #4 0x43e36f in LibRaw::dcraw_process() src/libraw_cxx.cpp:5098 #5 0x4049bc in main samples/postprocessing_benchmark.cpp:142 #6 0x7f929b8f782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #7 0x403e48 in _start (/home/wind/libraw_fuzz_new/as_libraw_7e29b/LibRaw-7e29b9f29449fde30cc878fbb137d61c14bba3a4/bin/postprocessing_benchmark+0x403e48) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV src/libraw_cxx.cpp:3609 LibRaw::copy_bayer(unsigned short*, unsigned short*) [clone ._omp_fn.2] ==98633==ABORTING
the commit is 7e29b9f
crash.zip
pu!m,Weiran Labs
The text was updated successfully, but these errors were encountered:
The line your ASAN report pointed to is pragma omp: https://github.com/LibRaw/LibRaw/blob/master/src/libraw_cxx.cpp#L3601
Is this problem exists in not-openmp version too?
Sorry, something went wrong.
It looks like it is same problem as in raw2image, but in raw2image_ex(), could you please check this patch: 7903346
This is CVE-2018-20364
this is not copy_bayer, but raw2image_ex() problem, fixed in master branch.
No branches or pull requests
Description
When use function copy_bayer(),it will exist SEGV
My test program
postprocessing_benchmark in Libraw/bin
Command and argument
./postprocessing_benchmark 1111
Crash Information
Version
the commit is 7e29b9f
POC File
crash.zip
CREDIT
pu!m,Weiran Labs
The text was updated successfully, but these errors were encountered: