Skip to content
This repository has been archived by the owner on Feb 14, 2023. It is now read-only.

SEGFAULT: Malformed lepton file generated by AFL + SymExec #87

Closed
insuyun opened this issue Apr 1, 2017 · 1 comment
Closed

SEGFAULT: Malformed lepton file generated by AFL + SymExec #87

insuyun opened this issue Apr 1, 2017 · 1 comment

Comments

@insuyun
Copy link

insuyun commented Apr 1, 2017

Hi, all. This malformed lepton file can cause crash.
It can cause DoS of lepton. Here is ASAN result and I attached the file.
Thanks.

./lepton -unjailed ../../output/afl2/crashes/id:000197,sig:11,src:001438+000435,op:splice,rep:8 out.jpg
lepton v1.0-1.2.1-93-g113228d
r: Unknown Item in header instead of ZSTART ACHIEVED 1491076141 218983
ASAN:SIGSEGV
=================================================================
==70976== ERROR: AddressSanitizer: SEGV on unknown address 0x000000210818 (pc 0x00000045e95a sp 0x7ffff3035b10 bp 0x7ffff3035d10 T2)
AddressSanitizer can not provide additional info.
    #0 0x45e959 (/home/insu/projects/qsym-eval/apps/lepton/lepton/build-asan/lepton+0x45e959)
    #1 0x468bbb (/home/insu/projects/qsym-eval/apps/lepton/lepton/build-asan/lepton+0x468bbb)
    #2 0x46e07a (/home/insu/projects/qsym-eval/apps/lepton/lepton/build-asan/lepton+0x46e07a)
    #3 0x491341 (/home/insu/projects/qsym-eval/apps/lepton/lepton/build-asan/lepton+0x491341)
    #4 0x4913d5 (/home/insu/projects/qsym-eval/apps/lepton/lepton/build-asan/lepton+0x4913d5)
    #5 0x492db9 (/home/insu/projects/qsym-eval/apps/lepton/lepton/build-asan/lepton+0x492db9)
    #6 0x7ffff49daa5f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19+0xb1a5f)
    #7 0x7ffff4e63b97 (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x18b97)
    #8 0x7ffff4c35183 (/lib/x86_64-linux-gnu/libpthread-2.19.so+0x8183)
    #9 0x7ffff414237c (/lib/x86_64-linux-gnu/libc-2.19.so+0xfa37c)
Thread T2 created by T0 here:
    #0 0x7ffff4e55b5b (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0xab5b)
    #1 0x7ffff49dacae (/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19+0xb1cae)
==70976== ABORTING
@carnil
Copy link

carnil commented May 12, 2017

This issue got assigned CVE-2017-8891

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants