Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV on unknown address in function pngdetail. #177

Closed
yangfar opened this issue Oct 22, 2022 · 2 comments
Closed

SEGV on unknown address in function pngdetail. #177

yangfar opened this issue Oct 22, 2022 · 2 comments

Comments

@yangfar
Copy link

yangfar commented Oct 22, 2022

Version

pngdetail by Lode Vandevenne
version: 20220717

Command

./pngdetail @@

Crash Output

AddressSanitizer:DEADLYSIGNAL

=================================================================
==2262494==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000003 (pc 0x0000004f43b4 bp 0x000000000080 sp 0x7ffd35c4f320 T0)
==2262494==The signal is caused by a WRITE memory access.
==2262494==Hint: address points to the zero page.
#0 0x4f43b4 in readChunk_tRNS(LodePNGColorMode*, unsigned char const*, unsigned long) /home/hjsz/fuzz_software/lodepng-master/lodepng.cpp:4406:65
#1 0x4f2716 in lodepng_inspect_chunk(LodePNGState*, unsigned long, unsigned char const*, unsigned long) /home/hjsz/fuzz_software/lodepng-master/lodepng.cpp:4793:13
#2 0x5a39c0 in inspect_chunk_by_name(unsigned char const*, unsigned char const*, lodepng::State&, char const*) /home/hjsz/fuzz_software/lodepng-master/pngdetail.cpp:155:10
#3 0x5a39c0 in Data::loadInspect() /home/hjsz/fuzz_software/lodepng-master/pngdetail.cpp:221:7
#4 0x591e19 in showHeaderInfo(Data&, Options const&) /home/hjsz/fuzz_software/lodepng-master/pngdetail.cpp:1109:8
#5 0x59db24 in showInfos(Data&, Options const&) /home/hjsz/fuzz_software/lodepng-master/pngdetail.cpp:1330:79
#6 0x5a12a6 in main /home/hjsz/fuzz_software/lodepng-master/pngdetail.cpp:1444:5
#7 0x7fd0de890082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x41d76d in _start (/home/hjsz/fuzz_software/lodepng-master/pngdetail+0x41d76d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/hjsz/fuzz_software/lodepng-master/lodepng.cpp:4406:65 in readChunk_tRNS(LodePNGColorMode*, unsigned char const*, unsigned long)
==2262494==ABORTING

POC

POC.zip
Report of the Information Security Laboratory of Ocean University of China @OUC_ISLOUC @OUC_Blue_Whale

Thanks for your time!

@feliwir
Copy link

feliwir commented Nov 8, 2022

@lvandeve this appears inside the nist database: https://nvd.nist.gov/vuln/detail/CVE-2022-44081

Could you maybe take a deeper look at this?

@lvandeve
Copy link
Owner

lvandeve commented Nov 8, 2022

Thanks for discovering this issue and reporting! It's fixed with 997936fd2b45842031e4180d73d7880e381cf33f

The issue was in the binary utility pngdetail.cpp instead of the library itself, and was due to not correctly checking all errors

@lvandeve lvandeve closed this as completed Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants