You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During my research, I have found a global-buffer-overflow in your program
"catimg". I've attached the crashing input. Find below the output of
AddressSanitizer:
=================================================================
==20758==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000048e740 at pc 0x0000004688ed bp 0x7ffd66701c30 sp 0x7ffd66701c20
READ of size 4 at 0x00000048e740 thread T0
#0 0x4688ec in stbi__extend_receive /home/vincent/tmp/catimg/src/stb_image.h:1667 #1 0x4688ec in stbi__jpeg_decode_block /home/vincent/tmp/catimg/src/stb_image.h:1722 #2 0x4688ec in stbi__parse_entropy_coded_data /home/vincent/tmp/catimg/src/stb_image.h:2487 #3 0x4688ec in stbi__decode_jpeg_image /home/vincent/tmp/catimg/src/stb_image.h:2822 #4 0x4688ec in load_jpeg_image /home/vincent/tmp/catimg/src/stb_image.h:3314 #5 0x4688ec in stbi__jpeg_load /home/vincent/tmp/catimg/src/stb_image.h:3407 #6 0x46be5b in stbi__load_main /home/vincent/tmp/catimg/src/stb_image.h:941 #7 0x48845e in stbi__xload_main /home/vincent/tmp/catimg/src/sh_image.c:72 #8 0x48845e in stbi_xload /home/vincent/tmp/catimg/src/sh_image.c:92 #9 0x48845e in img_load_from_file /home/vincent/tmp/catimg/src/sh_image.c:188 #10 0x404637 in main /home/vincent/tmp/catimg/src/catimg.c:115 #11 0x7f16dfeda82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #12 0x404988 in _start (/home/vincent/tmp/catimg/bin/catimg+0x404988)
0x00000048e740 is located 32 bytes to the left of global variable 'stbi__bmask' defined in '/home/vincent/tmp/catimg/src/stb_image.h:1598:21' (0x48e760) of size 68
0x00000048e740 is located 0 bytes to the right of global variable 'stbi__jbias' defined in '/home/vincent/tmp/catimg/src/stb_image.h:1651:18' (0x48e700) of size 64
SUMMARY: AddressSanitizer: global-buffer-overflow /home/vincent/tmp/catimg/src/stb_image.h:1667 stbi__extend_receive
Shadow bytes around the buggy address:
0x000080089c90: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089ca0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x000080089cb0: 00 00 00 00 00 00 00 04 f9 f9 f9 f9 00 00 00 00
0x000080089cc0: 00 00 00 00 00 00 00 00 00 00 00 04 f9 f9 f9 f9
0x000080089cd0: 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
=>0x000080089ce0: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 00 00 00 00
0x000080089cf0: 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x000080089d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==20758==ABORTING
The text was updated successfully, but these errors were encountered:
During my research, I have found a global-buffer-overflow in your program
![crash_catimg](https://user-images.githubusercontent.com/20932074/38457956-c2f8cf54-3a97-11e8-8953-3947fedb3540.jpg)
"catimg". I've attached the crashing input. Find below the output of
AddressSanitizer:
=================================================================
==20758==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000048e740 at pc 0x0000004688ed bp 0x7ffd66701c30 sp 0x7ffd66701c20
READ of size 4 at 0x00000048e740 thread T0
#0 0x4688ec in stbi__extend_receive /home/vincent/tmp/catimg/src/stb_image.h:1667
#1 0x4688ec in stbi__jpeg_decode_block /home/vincent/tmp/catimg/src/stb_image.h:1722
#2 0x4688ec in stbi__parse_entropy_coded_data /home/vincent/tmp/catimg/src/stb_image.h:2487
#3 0x4688ec in stbi__decode_jpeg_image /home/vincent/tmp/catimg/src/stb_image.h:2822
#4 0x4688ec in load_jpeg_image /home/vincent/tmp/catimg/src/stb_image.h:3314
#5 0x4688ec in stbi__jpeg_load /home/vincent/tmp/catimg/src/stb_image.h:3407
#6 0x46be5b in stbi__load_main /home/vincent/tmp/catimg/src/stb_image.h:941
#7 0x48845e in stbi__xload_main /home/vincent/tmp/catimg/src/sh_image.c:72
#8 0x48845e in stbi_xload /home/vincent/tmp/catimg/src/sh_image.c:92
#9 0x48845e in img_load_from_file /home/vincent/tmp/catimg/src/sh_image.c:188
#10 0x404637 in main /home/vincent/tmp/catimg/src/catimg.c:115
#11 0x7f16dfeda82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x404988 in _start (/home/vincent/tmp/catimg/bin/catimg+0x404988)
0x00000048e740 is located 32 bytes to the left of global variable 'stbi__bmask' defined in '/home/vincent/tmp/catimg/src/stb_image.h:1598:21' (0x48e760) of size 68
0x00000048e740 is located 0 bytes to the right of global variable 'stbi__jbias' defined in '/home/vincent/tmp/catimg/src/stb_image.h:1651:18' (0x48e700) of size 64
SUMMARY: AddressSanitizer: global-buffer-overflow /home/vincent/tmp/catimg/src/stb_image.h:1667 stbi__extend_receive
Shadow bytes around the buggy address:
0x000080089c90: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089ca0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x000080089cb0: 00 00 00 00 00 00 00 04 f9 f9 f9 f9 00 00 00 00
0x000080089cc0: 00 00 00 00 00 00 00 00 00 00 00 04 f9 f9 f9 f9
0x000080089cd0: 00 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9
=>0x000080089ce0: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 00 00 00 00
0x000080089cf0: 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x000080089d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080089d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==20758==ABORTING
The text was updated successfully, but these errors were encountered: