Skip to content

null-pointer-dereference IMG_LoadPCX_RW@IMG_pcx.c:178-24 #148

Closed
@SDLBugzilla

Description

@SDLBugzilla

This bug report was migrated from our old Bugzilla tracker.

These attachments are available in the static archive:

Reported in version: 2.0.4
Reported for operating system, platform: Linux, x86_64

Comments on the original bug report:

On 2019-05-05 03:00:32 +0000, pwd wrote:

Created attachment 3774
poc

IMG_LoadPCX_RW@IMG_pcx.c:178-24___SEGV_UNKNOW

description

An issue was discovered in libsdl2 2.0.9 with SDL2_image-2.0.4 , There is a null-pointer-dereference in function IMG_LoadPCX_RW at IMG_pcx.c:178-24

commandline

loadtif  @@ 

source

 174                         }
 175                     } else
 176                         count = 1;
 177                 }
> 178                 dst[i] = ch;
 179                 count--;
 180             }
 181         }
 182 
 183         if(src_bits <= 4) {

// loadtif.c
// #include <stdio.h>
// #include <SDL.h>
// #include <SDL_image.h>
//
// int main(int argc, char * argv[]){
//         IMG_Init(IMG_INIT_TIF);//IMG_INIT_JPG);IMG_INIT_PNG
//         while(__AFL_LOOP(1000)){
//               SDL_Surface * image = IMG_Load(argv[1]);
//               if (image){
//                 SDL_FreeSurface(image);
//               }
//         }
//         IMG_Quit();
// }

bug report

ASAN:DEADLYSIGNAL
=================================================================
==13991==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd7bb11fabf bp 0x7ffe60cd2650 sp 0x7ffe60cd23e0 T0)
    # 0 0x7fd7bb11fabe in IMG_LoadPCX_RW /src/SDL2_image-2.0.4/IMG_pcx.c:178:24
    # 1 0x7fd7bb10e9bd in IMG_LoadTyped_RW /src/SDL2_image-2.0.4/IMG.c:195:17
    # 2 0x7fd7bb10df41 in IMG_Load /src/SDL2_image-2.0.4/IMG.c:136:12
    # 3 0x4ea0f0 in main /src/loadtif.c:8:37
    # 4 0x7fd7b9c1482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    # 5 0x4189e8 in _start (/src/aflbuild/installed/bin/loadtif+0x4189e8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/SDL2_image-2.0.4/IMG_pcx.c:178:24 in IMG_LoadPCX_RW
==13991==ABORTING

others

from fuzz project pwd-libsdl2-loadtif-00
crash name pwd-libsdl2-loadtif-00-00000004-20190419.tif
Auto-generated by pyspider at 2019-04-19 00:07:04

On 2019-06-10 22:26:56 +0000, Sam Lantinga wrote:

Fixed, thanks!
https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions