Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8 -targa -grayscale -outfile o [infile]
The output of djpeg with address sanitizer enabled
./djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8 -targa -grayscale -outfile o /root/fuzz/mozjpeg/output/moz-fuzz02/crashes/001-mozjpeg-quantize_ord_dither-536.crash Corrupt JPEG data: 94 extraneous bytes before marker 0xdd ASAN:SIGSEGV ================================================================= ==51824==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x7fb8a48a9302 bp 0x7ffe5825e380 sp 0x7ffe5825db08 T0) #0 0x7fb8a48a9301 (/lib/x86_64-linux-gnu/libc.so.6+0x8f301) #1 0x7fb8a4fe7b1e in __asan_memset (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8cb1e) #2 0x7fb8a4cf3736 in jzero_far /root/mozjpeg/jutils.c:132 #3 0x7fb8a4ce99f7 in quantize_ord_dither /root/mozjpeg/jquant1.c:536 #4 0x7fb8a4cc2772 in post_process_1pass /root/mozjpeg/jdpostct.c:145 #5 0x7fb8a4c91f0e in process_data_simple_main /root/mozjpeg/jdmainct.c:311 #6 0x7fb8a4c6a16c in jpeg_read_scanlines /root/mozjpeg/jdapistd.c:282 #7 0x404c89 in main /root/mozjpeg/djpeg.c:731 #8 0x7fb8a483a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #9 0x4018e8 in _start (/opt/asan/bin/djpeg+0x4018e8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 ?? ==51824==ABORTING
and the second POC file, i think thay should be a same vulneribility.
./djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8 -targa -grayscale -outfile o /root/fuzz/mozjpeg/output/moz-fuzz02/crashes/002-mozjpeg-quantize_ord_dither-536.crash ASAN:SIGSEGV ================================================================= ==43339==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f7c8450a9ea bp 0x7ffea3850b70 sp 0x7ffea3850b00 T0) #0 0x7f7c8450a9e9 in quantize_ord_dither /root/mozjpeg/jquant1.c:536 #1 0x7f7c844e3772 in post_process_1pass /root/mozjpeg/jdpostct.c:145 #2 0x7f7c844b2f0e in process_data_simple_main /root/mozjpeg/jdmainct.c:311 #3 0x7f7c8448b16c in jpeg_read_scanlines /root/mozjpeg/jdapistd.c:282 #4 0x7f7c8448b307 in read_and_discard_scanlines /root/mozjpeg/jdapistd.c:316 #5 0x7f7c8448b4d1 in increment_simple_rowgroup_ctr /root/mozjpeg/jdapistd.c:342 #6 0x7f7c8448c6d4 in jpeg_skip_scanlines /root/mozjpeg/jdapistd.c:504 #7 0x404bff in main /root/mozjpeg/djpeg.c:729 #8 0x7f7c8405b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #9 0x4018e8 in _start (/opt/asan/bin/djpeg+0x4018e8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /root/mozjpeg/jquant1.c:536 quantize_ord_dither ==43339==ABORTING
mozjpeg-quantize_ord_dither-crash.zip
Zhao Liang, Huawei Weiran Labs
The text was updated successfully, but these errors were encountered:
CVE-2017-15232 patch was only working on 1 (out of 2) POCs.
9fe7cfb
For benchmark purpose, we only consider 1 of the POC now. See mozilla/mozjpeg#268.
No branches or pull requests
Command and argument
djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8 -targa -grayscale -outfile o [infile]
Crash Information
The output of djpeg with address sanitizer enabled
and the second POC file, i think thay should be a same vulneribility.
POC file
mozjpeg-quantize_ord_dither-crash.zip
CREDIT
Zhao Liang, Huawei Weiran Labs
The text was updated successfully, but these errors were encountered: