Description
This bug report was migrated from our old Bugzilla tracker.
These attachments are available in the static archive:
Reported in version: 2.0.4
Reported for operating system, platform: Linux, x86_64
Comments on the original bug report:
On 2019-05-09 06:44:04 +0000, pwd wrote:
Created attachment 3778
poclibsdl2
version
libsdl2 2.0.9
others
please send email to teamseri0us360@gmail.com if you have any questions.
libc.so.60x94480@___SEGV_UNKNOW
description
An issue was discovered in libsdl2 2.0.9 with SDL2_image-2.0.4, There is a null-pointer-dereference in function libc.so.60x94480 at
commandline
loadjpg @@
source
// Breakpoint 1, stdio_read (context=0x60700000dfb0, ptr=0x7fffffffe460, size=2, maxnum=1) at /src/libsdl2/src/file/SDL_rwops.c:385 // 385 nread = fread(ptr, size, maxnum, context->hidden.stdio.fp); // (gdb) c 11 // Will ignore next 10 crossings of breakpoint 1. Continuing. // Breakpoint 1, stdio_read (context=0x60700000dfb0, ptr=0x0, size=1, maxnum=1) at /src/libsdl2/src/file/SDL_rwops.c:385 // 385 nread = fread(ptr, size, maxnum, context->hidden.stdio.fp); // (gdb) p ptr // $2 = (void *) 0x0 // (gdb)bug report
ASAN:DEADLYSIGNAL ================================================================= ==4334==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f43724b0481 bp 0x000000000010 sp 0x7ffefadce5d8 T0) # 0 0x7f43724b0480 (/lib/x86_64-linux-gnu/libc.so.6+0x94480) # 1 0x7f4372494fd2 (/lib/x86_64-linux-gnu/libc.so.6+0x78fd2) # 2 0x7f437248a235 in fread (/lib/x86_64-linux-gnu/libc.so.6+0x6e235) # 3 0x7f43733e304d in stdio_read /src/libsdl2/src/file/SDL_rwops.c:385:13 # 4 0x7f4373947b6a in IMG_LoadPCX_RW /src/SDL2_image-2.0.4/IMG_pcx.c:158:17 # 5 0x7f43739369bd in IMG_LoadTyped_RW /src/SDL2_image-2.0.4/IMG.c:195:17 # 6 0x7f4373935f41 in IMG_Load /src/SDL2_image-2.0.4/IMG.c:136:12 # 7 0x4ea140 in main /src/loadjpg.c:8:37 # 8 0x7f437243c82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) # 9 0x418a38 in _start (/src/aflbuild/installed/bin/loadjpg+0x418a38) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x94480) ==4334==ABORTINGothers
from fuzz project pwd-libsdl2-loadjpg-00 crash name pwd-libsdl2-loadjpg-00-00000008-20190418.jpg Auto-generated by pyspider at 2019-04-18 07:02:09
On 2019-05-29 13:30:03 +0000, Hugo Lefeuvre wrote:
This was assigned CVE-2019-12217.
I can confirm that this is an issue in SDL_image.
The underlying bug is the same as # 4628 (CVE-2019-12221). It is also fixed by the same patch ([PATCH] pcx: do not write directly to row buffer).
On 2019-06-10 23:22:04 +0000, Sam Lantinga wrote:
This is fixed, thanks!
On 2019-06-19 10:52:26 +0000, Castro B wrote:
Thank you! Fix
Castro B,
http://sitederencontrebelge.be
On 2019-07-31 02:04:28 +0000, sam zain wrote:
very nice post.
http://www.winmilliongame.com
http://www.gtagame100.com
http://www.subway-game.com
http://www.zumagame100.com