Too large for 32-bit type 'int' #466
Comments
|
incorrect black value is a no problem for incorrect/random input. Won't fix |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi,i compile the ImageMagick with oss-fuzz ,and find some bugs in LibRaw library :
Stacktrace 1 :
`src/metadata/identify.cpp:1868:11: runtime error: shift exponent 4294967284 is too large for 32-bit type 'int'
#0 0x1498289 in LibRaw::identify_finetune_dcr(char*, int, int) /src/libraw/src/metadata/identify.cpp:1868:11
#1 0x145ff47 in LibRaw::identify() /src/libraw/src/metadata/identify.cpp:1085:3
#2 0x144125d in LibRaw::open_datastream(LibRaw_abstract_datastream*) /src/libraw/src/utils/open.cpp:480:4
#3 0x143d6d4 in LibRaw::libraw_openfile_tail(LibRaw_abstract_datastream*) /src/libraw/src/utils/open.cpp:142:15
#4 0x143dc05 in LibRaw::open_file(char const*) /src/libraw/src/utils/open.cpp:176:12
#5 0x10efa45 in libraw_open_file /src/libraw/src/libraw_c_api.cpp:74:16
#6 0x9ab0fb in ReadDNGImage /src/imagemagick/coders/dng.c:493:13
#7 0x769e19 in ReadImage /src/imagemagick/MagickCore/constitute.c:730:15
#8 0x719a5f in BlobToImage /src/imagemagick/MagickCore/blob.c:498:9
#9 0x61335f in Magick::Image::read(Magick::Blob const&) /src/imagemagick/Magick++/lib/Image.cpp:4044:12
#10 0x602048 in LLVMFuzzerTestOneInput /src/imagemagick/Magick++/fuzz/encoder_fuzzer.cc:66:11
#11 0x56daa3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#12 0x56d28a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
#13 0x56e959 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
#14 0x56f625 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
#15 0x55e20f in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
#16 0x587b72 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#17 0x7fe2ae700082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#18 0x53730d in _start (/out/encoder_dng_fuzzer+0x53730d)
DEDUP_TOKEN: LibRaw::identify_finetune_dcr(char*, int, int)--LibRaw::identify()--LibRaw::open_datastream(LibRaw_abstract_datastream*)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/metadata/identify.cpp:1868:11 in
MS: 2 ChangeByte-CMP- DE: "Sony"-; base unit: 4e27444a3227f6222c7e60b451173c0305779b8c
0x50,0x57,0x41,0x44,0xff,0xa,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0xa3,0xa3,0xa3,0xa3,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x21,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x59,0x53,0x6f,0x6e,0x79,0x9d,0x62,0x84,0xff,0xff,0xff,0x0,0x26,0xff,0xff,0xff,0xff,0xff,0x4d,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x49,0xa,0x0,0x0,0x0,0x0,0x29,0x0,0x0,0x59,0x0,0x0,0xff,0xff,0x2,0x0,
PWAD\377\012\000\000\000\377\377\377\377\243\243\243\243\377\377\377\377\377\377\377\377\377!\377\377\377\377\377\377\377\377\377\377YSony\235b\204\377\377\377\000&\377\377\377\377\377M\377\377\377\000\000\000\000I\012\000\000\000\000)\000\000Y\000\000\377\377\002\000
artifact_prefix='./'; Test unit written to ./crash-8369b62e328f011a69780817cfd01a3112f187e1
Base64: UFdBRP8KAAAA/////6Ojo6P///////////8h/////////////1lTb255nWKE////ACb//////03///8AAAAASQoAAAAAKQAAWQAA//8CAA==`
Stacktrace 2:
`src/metadata/identify_tools.cpp:60:43: runtime error: left shift of negative value -1
#0 0x1397045 in LibRaw::find_green(int, int, int, int) /src/libraw/src/metadata/identify_tools.cpp:60:43
#1 0x145e6a7 in LibRaw::identify() /src/libraw/src/metadata/identify.cpp:1076:37
#2 0x144125d in LibRaw::open_datastream(LibRaw_abstract_datastream*) /src/libraw/src/utils/open.cpp:480:4
#3 0x143d6d4 in LibRaw::libraw_openfile_tail(LibRaw_abstract_datastream*) /src/libraw/src/utils/open.cpp:142:15
#4 0x143dc05 in LibRaw::open_file(char const*) /src/libraw/src/utils/open.cpp:176:12
#5 0x10efa45 in libraw_open_file /src/libraw/src/libraw_c_api.cpp:74:16
#6 0x9ab0fb in ReadDNGImage /src/imagemagick/coders/dng.c:493:13
#7 0x769e19 in ReadImage /src/imagemagick/MagickCore/constitute.c:730:15
#8 0x719a5f in BlobToImage /src/imagemagick/MagickCore/blob.c:498:9
#9 0x61335f in Magick::Image::read(Magick::Blob const&) /src/imagemagick/Magick++/lib/Image.cpp:4044:12
#10 0x602048 in LLVMFuzzerTestOneInput /src/imagemagick/Magick++/fuzz/encoder_fuzzer.cc:66:11
#11 0x56daa3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#12 0x56d28a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
#13 0x56e959 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
#14 0x56f625 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
#15 0x55e20f in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
#16 0x587b72 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#17 0x7f189d99c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#18 0x53730d in _start (/out/encoder_dng_fuzzer+0x53730d)
DEDUP_TOKEN: LibRaw::find_green(int, int, int, int)--LibRaw::identify()--LibRaw::open_datastream(LibRaw_abstract_datastream*)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/metadata/identify_tools.cpp:60:43 in
MS: 2 CrossOver-CopyPart-; base unit: d297d42cc5dd5685002277aa5da909cb7901ff12
0x0,0x1,0x0,0x1,0x0,0x40,0x46,0x4e,0x4f,0x4b,0x49,0x41,0x52,0x41,0x4b,0x41,0x49,0x2d,0x30,0x33,0x34,0x30,0x57,0x46,0x58,0x20,0x4f,0x56,0x62,0x4f,0x56,0x62,0x49,0xf9,0x1,0x0,0x0,0x0,0x5b,0x1,0x0,0xf,0x0,0x40,0x46,0x4e,0x4f,0x4b,0x49,0x41,0x52,0x41,0x4b,0x41,0x49,0x2d,0x30,0x33,0x34,0x30,0x57,0x46,0x58,0x20,0x5,0xb3,0x4d,0xff,0x44,0x0,0x0,0x0,0x31,0x0,0x0,0x0,0x2e,0xff,0xff,0x4d,0x4d,0x4d,0x49,0xff,0x44,0x1,0x0,0x0,0x3b,0x0,0x1,0x0,0x49,0x0,0x49,0x49,0xff,0xff,0xff,0xff,0xff,0x59,0x10,0x41,0x52,0x45,0x26,0x4b,0xff,0x0,
\000\001\000\001\000@FNOKIARAKAI-0340WFX OVbOVbI\371\001\000\000\000[\001\000\017\000@FNOKIARAKAI-0340WFX \005\263M\377D\000\000\0001\000\000\000.\377\377MMMI\377D\001\000\000;\000\001\000I\000II\377\377\377\377\377Y\020ARE&K\377\000
artifact_prefix='./'; Test unit written to ./crash-d04430d26a1eb37e8a84eb7ca685acf1c33c5a0b
Base64: AAEAAQBARk5PS0lBUkFLQUktMDM0MFdGWCBPVmJPVmJJ+QEAAABbAQAPAEBGTk9LSUFSQUtBSS0wMzQwV0ZYIAWzTf9EAAAAMQAAAC7//01NTUn/RAEAADsAAQBJAElJ//////9ZEEFSRSZL/wA=
`
crash-d04430d26a1eb37e8a84eb7ca685acf1c33c5a0b.zip
crash-8369b62e328f011a69780817cfd01a3112f187e1.zip
The text was updated successfully, but these errors were encountered: