Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory exhausted in iwgif_init_screen #30

Open
whiteHat001 opened this issue Aug 6, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@whiteHat001
Copy link

commented Aug 6, 2017

root@ubuntu:/home/hjy/Desktop# imagew oom-iwgif_init_screen1 imout/out -outfmt png
oom-iwgif_init_screen1 → imout/out
==12401==ERROR: AddressSanitizer failed to allocate 0x76eb4000 (1995128832) bytes of LargeMmapAllocator: 12
==12401==Process memory map follows:
0x08048000-0x0812c000 /usr/local/bin/imagew
0x0812c000-0x0812d000 /usr/local/bin/imagew
0x0812d000-0x08131000 /usr/local/bin/imagew
0x1ffff000-0x24000000
0x24000000-0x28000000
0x28000000-0x40000000
0xb4200000-0xb4300000
0xb4400000-0xb4500000
0xb4600000-0xb4700000
0xb4800000-0xb4900000
0xb4a00000-0xb4b00000
0xb4c00000-0xb4d00000
0xb4e00000-0xb4f00000
0xb5000000-0xb5100000
0xb5200000-0xb5300000
0xb5400000-0xb5500000
0xb5600000-0xb5800000 /usr/lib/locale/locale-archive
0xb5800000-0xb5900000
0xb5a00000-0xb5b00000
0xb5c00000-0xb5d00000
0xb5d8f000-0xb6f24000
0xb6f24000-0xb6f3f000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb6f3f000-0xb6f40000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb6f40000-0xb6f41000 /lib/i386-linux-gnu/libgcc_s.so.1
0xb6f41000-0xb6f44000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6f44000-0xb6f45000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6f45000-0xb6f46000 /lib/i386-linux-gnu/libdl-2.19.so
0xb6f46000-0xb6f47000
0xb6f47000-0xb6f5f000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb6f5f000-0xb6f60000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb6f60000-0xb6f61000 /lib/i386-linux-gnu/libpthread-2.19.so
0xb6f61000-0xb6f63000
0xb6f63000-0xb710c000 /lib/i386-linux-gnu/libc-2.19.so
0xb710c000-0xb710e000 /lib/i386-linux-gnu/libc-2.19.so
0xb710e000-0xb710f000 /lib/i386-linux-gnu/libc-2.19.so
0xb710f000-0xb7112000
0xb7112000-0xb712a000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb712a000-0xb712b000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb712b000-0xb712c000 /lib/i386-linux-gnu/libz.so.1.2.8
0xb712c000-0xb7152000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7152000-0xb7153000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7153000-0xb7154000 /lib/i386-linux-gnu/libpng12.so.0.50.0
0xb7154000-0xb719d000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb719d000-0xb719e000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb719e000-0xb719f000 /usr/lib/i386-linux-gnu/libjpeg.so.8.0.2
0xb719f000-0xb71b0000
0xb71b0000-0xb71f4000 /lib/i386-linux-gnu/libm-2.19.so
0xb71f4000-0xb71f5000 /lib/i386-linux-gnu/libm-2.19.so
0xb71f5000-0xb71f6000 /lib/i386-linux-gnu/libm-2.19.so
0xb71f6000-0xb7295000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7295000-0xb7297000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7297000-0xb7298000 /usr/lib/i386-linux-gnu/libasan.so.1.0.0
0xb7298000-0xb76f0000
0xb76f8000-0xb76fc000
0xb76fd000-0xb76ff000
0xb76ff000-0xb7700000 /usr/lib/locale/locale-archive
0xb7700000-0xb7707000
0xb7707000-0xb7708000 [vdso]
0xb7708000-0xb7728000 /lib/i386-linux-gnu/ld-2.19.so
0xb7728000-0xb7729000 /lib/i386-linux-gnu/ld-2.19.so
0xb7729000-0xb772a000 /lib/i386-linux-gnu/ld-2.19.so
0xbfcd7000-0xbfcf8000 [stack]
==12401==End of process memory map.
==12401==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:66 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
#0 0xb724a4c1 (/usr/lib/i386-linux-gnu/libasan.so.1+0x544c1)
#1 0xb724e6a9 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/i386-linux-gnu/libasan.so.1+0x586a9)
#2 0xb7253e22 (/usr/lib/i386-linux-gnu/libasan.so.1+0x5de22)
#3 0xb720e99b (/usr/lib/i386-linux-gnu/libasan.so.1+0x1899b)
#4 0xb720f488 (/usr/lib/i386-linux-gnu/libasan.so.1+0x19488)
#5 0xb724484a in __interceptor_malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e84a)
#6 0x8115495 in iw_malloc_ex src/imagew-util.c:48
#7 0x8115495 in iw_malloc_large src/imagew-util.c:77
#8 0x80dee52 in iwgif_init_screen src/imagew-gif.c:510
#9 0x80dee52 in iwgif_read_image src/imagew-gif.c:670
#10 0x80e89c4 in iwgif_read_main src/imagew-gif.c:742
#11 0x80e89c4 in iw_read_gif_file src/imagew-gif.c:791
#12 0x80536ad in iwcmd_run src/imagew-cmd.c:1191
#13 0x80689b0 in iwcmd_main src/imagew-cmd.c:3018
#14 0x804a94a in main src/imagew-cmd.c:3067
#15 0xb6f7ca82 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x19a82)
#16 0x804ae2f (/usr/local/bin/imagew+0x804ae2f)

POC https://github.com/whiteHat001/FUZZ_POC/blob/master/oom-iwgif_init_screen1

@fgeek

This comment has been minimized.

Copy link

commented May 12, 2019

Someone requested CVE identifier for this: https://nvd.nist.gov/vuln/detail/CVE-2017-12804

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.