Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

division by zero in libexif/exif-entry.c #31

Closed
orangesnn opened this issue Feb 18, 2020 · 6 comments
Closed

division by zero in libexif/exif-entry.c #31

orangesnn opened this issue Feb 18, 2020 · 6 comments
Assignees

Comments

@orangesnn
Copy link
Contributor

orangesnn commented Feb 18, 2020

The problem of dividing by zero was found during the OSS Fuzz project test.

Project: libexif
Fuzzer: libFuzzer_libexif_exif_loader_fuzzer
Fuzz target binary: exif_loader_fuzzer
Platform Id: linux
Type of test:undefined

Command:
python infra/helper.py build_fuzzers --sanitizer undefined libexif
python infra/helper.py run_fuzzer libexif exif_loader_fuzzer -max_total_time=300 -timeout=180

Results of execution:

exif-entry.c:1057:43: runtime error: division by zero
#0 0x4bd2c0 in exif_entry_get_value /src/libexif/libexif/exif-entry.c:1087:43
#1 0x4b3c7b in content_func(_ExifEntry*, void*) /src/exif_loader_fuzzer.cc:8:3
#2 0x4b4979 in exif_content_foreach_entry /src/libexif/libexif/ecif-content

The reason for this problem is that the division was performed without judging whether the divisor is zero.The pull request as follows
pull request : division by zero https://github.com/libexif/libexif/pull/32/commits/4431cd0d67c2b17bf764fa9c253f11051ae8355a

@msmeissn
Copy link
Contributor

merged pull request, thanks!

@msmeissn msmeissn self-assigned this Feb 24, 2020
@carnil
Copy link

carnil commented May 10, 2020

CVE-2020-12767 appears to have been assigned for this issue.

@wuruoyu
Copy link

wuruoyu commented Jun 5, 2020

Hi, I am doing fuzzing for this library and have a quick question.

Where could I find the target binary "exif_loader_fuzzer"? I don't find its source code or binary in the repo. I am also curious about how its interface is defined.

Thanks in advance!

@orangesnn
Copy link
Contributor Author

嗨,我正在对该库进行模糊测试,并有一个快速的问题。

在哪里可以找到目标二进制文件“ exif_loader_fuzzer”?我在存储库中找不到其源代码或二进制文件。我也很好奇它的接口是如何定义的。

提前致谢!
In the oss-fuzz project. The url of the oss-fuzz project is :
https://github.com/google/oss-fuzz/tree/master/projects/libexif

@wuruoyu
Copy link

wuruoyu commented Jun 5, 2020

Thank you hhhh

@msmeissn
Copy link
Contributor

msmeissn commented Jun 5, 2020

similar code also in this repo here : https://github.com/libexif/libexif/blob/master/test/test-fuzzer.c
which can be used for afl etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants