New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
division by zero in libexif/exif-entry.c #31
Comments
|
merged pull request, thanks! |
|
CVE-2020-12767 appears to have been assigned for this issue. |
|
Hi, I am doing fuzzing for this library and have a quick question. Where could I find the target binary "exif_loader_fuzzer"? I don't find its source code or binary in the repo. I am also curious about how its interface is defined. Thanks in advance! |
|
|
Thank you hhhh |
|
similar code also in this repo here : https://github.com/libexif/libexif/blob/master/test/test-fuzzer.c |
The problem of dividing by zero was found during the OSS Fuzz project test.
Project: libexif
Fuzzer: libFuzzer_libexif_exif_loader_fuzzer
Fuzz target binary: exif_loader_fuzzer
Platform Id: linux
Type of test:undefined
Command:
python infra/helper.py build_fuzzers --sanitizer undefined libexifpython infra/helper.py run_fuzzer libexif exif_loader_fuzzer -max_total_time=300 -timeout=180Results of execution:
exif-entry.c:1057:43: runtime error: division by zero#0 0x4bd2c0 in exif_entry_get_value /src/libexif/libexif/exif-entry.c:1087:43#1 0x4b3c7b in content_func(_ExifEntry*, void*) /src/exif_loader_fuzzer.cc:8:3#2 0x4b4979 in exif_content_foreach_entry /src/libexif/libexif/ecif-contentThe reason for this problem is that the division was performed without judging whether the divisor is zero.The pull request as follows
pull request : division by zero https://github.com/libexif/libexif/pull/32/commits/4431cd0d67c2b17bf764fa9c253f11051ae8355a
The text was updated successfully, but these errors were encountered: