Skip to content
This repository has been archived by the owner on Feb 14, 2023. It is now read-only.

Integer Overflow at src/lepton/jpgcoder.cc:4160 #111

Closed
hongxuchen opened this issue Jul 17, 2018 · 0 comments
Closed

Integer Overflow at src/lepton/jpgcoder.cc:4160 #111

hongxuchen opened this issue Jul 17, 2018 · 0 comments

Comments

@hongxuchen
Copy link

We found with our fuzzer an interger overflow error inside read_ujpg from jpgcoder.cc when feeding lepton 3f6d98c with a crafted lep file.

POC:
https://github.com/ntu-sec/pocs/blob/master/lepton-3f6d98c/crashes/iof_jpgcoder.cc:4160_1.lep?raw=true

When running lepton -unjailed $POC /tmp/test.jpg, it output the messages:

lepton v1.0-1.2.1-171-g3f6d98c
START ACHIEVED 1531794366 328204
src/lepton/jpgcoder.cc:4160:83: runtime error: signed integer overflow: -1509949439 * 2 cannot be represented in type 'int'
Assert Failed: false && "Data not properly zlib coded" at (src/lepton/jpgcoder.cc:4162)

When running lepton $POC /tmp/test.jpg, it crashes with message like:

lepton v1.0-1.2.1-171-g3f6d98c
=================================================================
[1]    97197 invalid system call  ~/FOT/lepton/lepton ./hbo_inflate.c:1170_2.lep
sjuxax pushed a commit to sjuxax/lepton that referenced this issue Apr 10, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant