You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
onfatal Error :'out_jpgs/default/crashes/poc' Bad components count 23000004
Nonfatal Error :'out_jpgs/default/crashes/poc' Illegal value pointer fortag 9204in Exif
Nonfatal Error :'out_jpgs/default/crashes/poc' Illegally sized Exif makernote subdir (44288 entries)
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 30003
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 4a003
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 5a20e
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 5a28d
Nonfatal Error :'out_jpgs/default/crashes/poc' Illegal number format 512 fortag 0438in Exif
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 10003
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 10007
Nonfatal Error :'out_jpgs/default/crashes/poc' Extraneous 593 padding bytes before section E1
Nonfatal Error :'out_jpgs/default/crashes/poc' Undefined rotation value 65281 in Exif
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 464946
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 11e1ff00
Nonfatal Error :'out_jpgs/default/crashes/poc' Bad components count 2a004d
Nonfatal Error :'out_jpgs/default/crashes/poc' Illegal number format 15 fortag 010ain Exif
Nonfatal Error :'out_jpgs/default/crashes/poc' Illegal number format 16 fortag 0186in Exif
Nonfatal Error :'out_jpgs/default/crashes/poc' Illegal number format 18 fortag 0198in Exif
Nonfatal Error :'out_jpgs/default/crashes/poc' Illegal subdirectory link in Exif header
Nonfatal Error :'out_jpgs/default/crashes/poc' Extraneous 10 padding bytes before section DD
=================================================================
==409516==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a0000006b2 at pc 0x00000031c8b8 bp 0x7ffc86175450 sp 0x7ffc86175448
WRITE of size 1 at 0x61a0000006b2 thread T0
#0 0x31c8b7 in Put16u exif.c#1 0x31c8b7 in ClearOrientation exif.c:1248:17#2 0x31c8b7 in DoAutoRotate jhead.c:729:20#3 0x31c8b7 in ProcessFile jhead.c:879:17#4 0x31c8b7 in main jhead.c:1770:13#5 0x7f84881c90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16#6 0x260eed in _start (/home/hh/Downloads/jhead/jhead+0x260eed)
0x61a0000006b2 is located 50 bytes inside of 1164-byte region [0x61a000000680,0x61a000000b0c)
freed by thread T0 here:
#0 0x2dca72 in free /home/hh/Downloads/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:127:3#1 0x3237f4 in DiscardAllButExif jpgfile.c:540:13
previously allocated by thread T0 here:
#0 0x2dccdd in malloc /home/hh/Downloads/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3#1 0x320538 in ReadJpegSections jpgfile.c:175:25#2 0x32256b in ReadJpegFile jpgfile.c:381:11
SUMMARY: AddressSanitizer: heap-use-after-free exif.c in Put16u
Shadow bytes around the buggy address:
0x0c347fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c347fff8090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c347fff80a0: 00 04 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c347fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c347fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c347fff80d0: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd
0x0c347fff80e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c347fff80f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c347fff8100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c347fff8110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c347fff8120: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==409516==ABORTING
Thanks
The text was updated successfully, but these errors were encountered:
Hi jhead Team
I found an overflow error.
System info:
Ubuntu 20.04 : clang 10.0.0 , gcc 9.3.0
Fedora 33: clang 11.0.0 , gcc 10.2.1
jhead version 3.06 commit be7e43c
file:
jhead_poc.zip
Verification steps:
1.Get the source code of jhead
Edit file makefile
2.Compile the jhead
3.run jhead
asan info
Thanks
The text was updated successfully, but these errors were encountered: