Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Global-buffer-overflow READ 4 · LibRaw::parseSigmaMakernote #309

Closed
alex opened this issue Jun 28, 2020 · 1 comment
Closed

Global-buffer-overflow READ 4 · LibRaw::parseSigmaMakernote #309

alex opened this issue Jun 28, 2020 · 1 comment

Comments

@alex
Copy link
Contributor

@alex alex commented Jun 28, 2020

Found at 20ad21c

clusterfuzz-testcase-minimized-encoder_dng_fuzzer-5693021307011072.zip


==111682==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000019d66c8 at pc 0x0000014a907c bp 0x7ffce53f29f0 sp 0x7ffce53f29e8
--
  | READ of size 4 at 0x0000019d66c8 thread T0
  | SCARINESS: 17 (4-byte-read-global-buffer-overflow)
  | #0 0x14a907b in LibRaw::parseSigmaMakernote(int, int, unsigned int) libraw/src/metadata/makernotes.cpp:47:17
  | #1 0x14ad282 in LibRaw::parse_makernote(int, int) libraw/src/metadata/makernotes.cpp:413:5
  | #2 0x148f600 in LibRaw::parse_exif(int) libraw/src/metadata/exif_gps.cpp:289:7
  | #3 0x146c229 in LibRaw::parse_tiff_ifd(int) libraw/src/metadata/tiff.cpp:741:7
  | #4 0x147b52c in LibRaw::parse_tiff(int) libraw/src/metadata/tiff.cpp:1486:9
  | #5 0x141ea3e in LibRaw::identify() libraw/src/metadata/identify.cpp:494:14
  | #6 0x1356472 in LibRaw::open_datastream(LibRaw_abstract_datastream*) libraw/src/utils/open.cpp:390:4
  | #7 0x13550ea in LibRaw::open_file(char const*, long long) libraw/src/utils/open.cpp:61:13
  | #8 0x132cc60 in libraw_open_file libraw/src/libraw_c_api.cpp:74:16
  | #9 0x8cdcfd in ReadDNGImage imagemagick/coders/dng.c:416:13
  | #10 0x60ed4e in ReadImage imagemagick/MagickCore/constitute.c:553:15
  | #11 0x5a5b5c in BlobToImage imagemagick/MagickCore/blob.c:497:9
  | #12 0x4dd754 in Magick::Image::read(Magick::Blob const&) imagemagick/Magick++/lib/Image.cpp:4028:12
  | #13 0x4cb5d6 in LLVMFuzzerTestOneInput imagemagick/Magick++/fuzz/encoder_fuzzer.cc:49:11
  | #14 0x4cc9cd in main
  | #15 0x7f3f43ed882f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/libc-start.c:291
  | #16 0x420d68 in _start
  |  
  | 0x0000019d66c8 is located 56 bytes to the left of global variable '<string literal>' defined in 'src/metadata/makernotes.cpp:68:22' (0x19d6700) of size 6
  | '<string literal>' is ascii string 'NIKON'
  | 0x0000019d66c8 is located 0 bytes to the right of global variable '__const._ZN6LibRaw19parseSigmaMakernoteEiij.wb_table1' defined in 'src/metadata/makernotes.cpp' (0x19d66a0) of size 40
  | SUMMARY: AddressSanitizer: global-buffer-overflow (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds-honggfuzz_imagemagick_6c758f2561112e17568a05126726c2ca513bfabc/revisions/encoder_dng_fuzzer+0x14a907b)

@LibRaw
Copy link
Owner

@LibRaw LibRaw commented Jun 28, 2020

Thanks, fixed in b487d36

@LibRaw LibRaw closed this as completed Jun 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants