You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An segmentation fault caused when using jhead.
AddressSanitizer reports it as heap-buffer-overflow
version
./jhead -V
Jhead version: 3.08
OS and Arch
Ubuntu 20.04.1 LTS
AddressSanitizer report:
==2483510==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000000128 at pc 0x561988eb2854 bp 0x7ffec714dd40 sp 0x7ffec714dd30
READ of size 8 at 0x611000000128 thread T0
#0 0x561988eb2853 in PrintFormatNumber /home/jhead/exif.c:401
#1 0x561988ed449f in ProcessGpsInfo /home/jhead/gpsinfo.c:215
#2 0x561988ebe6c1 in ProcessExifDir /home/jhead/exif.c:884
#3 0x561988ebd9a6 in ProcessExifDir /home/jhead/exif.c:870
#4 0x561988ebd9a6 in ProcessExifDir /home/jhead/exif.c:870
#5 0x561988ebd9a6 in ProcessExifDir /home/jhead/exif.c:870
#6 0x561988ebd9a6 in ProcessExifDir /home/jhead/exif.c:870
#7 0x561988ec0c6b in process_EXIF /home/jhead/exif.c:1063
#8 0x561988ea1726 in ReadJpegSections /home/jhead/jpgfile.c:290
#9 0x561988ea1726 in ReadJpegSections /home/jhead/jpgfile.c:118
#10 0x561988ea2cc4 in ReadJpegFile /home/jhead/jpgfile.c:385
#11 0x561988e90c57 in ProcessFile /home/jhead/jhead.c:895
#12 0x561988e85110 in main /home/jhead/jhead.c:1805
#13 0x7f0e4215e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#14 0x561988e8a16d in _start (/home/chenying/fuzz_target/jhead/jhead+0x1616d)
0x61100000012e is located 0 bytes to the right of 238-byte region [0x611000000040,0x61100000012e)
allocated by thread T0 here:
#0 0x7f0e42588808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x561988e9f393 in ReadJpegSections /home/jhead/jpgfile.c:175
#2 0x561988e9f393 in ReadJpegSections /home/jhead/jpgfile.c:118
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/jhead/exif.c:401 in PrintFormatNumber
Shadow bytes around the buggy address:
0x0c227fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff8020: 00 00 00 00 00[06]fa fa fa fa fa fa fa fa fa fa
0x0c227fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2483510==ABORTING
summary
An segmentation fault caused when using jhead.
AddressSanitizer reports it as heap-buffer-overflow
version
OS and Arch
Ubuntu 20.04.1 LTS
AddressSanitizer report:
POC
poc.zip
The text was updated successfully, but these errors were encountered: