You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An issue was discovered in sam2p 0.49.4, There is a/an heap-buffer-overflow in function Image::Indexed::setTransp at image.cpp:563-35
commandline
sam2p @@ 1.pdf
source
None
bug report
This is sam2p 0.49.4.
Available Loaders: PS PDF JAI PNG JPEG TIFF PNM BMP GIF LBM XPM PCX TGA.
Available Appliers: XWD Meta Empty BMP PNG TIFF6 TIFF6-JAI JPEG-JAI JPEG PNM GIF89a+LZW XPM PSL1C PSL23+PDF PSL2+PDF-JAI P-TrOpBb.
=================================================================
==4183==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000043c0 at pc 0x0000005fcdc1 bp 0x7ffd2bf70b30 sp 0x7ffd2bf70b28
READ of size 1 at 0x60c0000043c0 thread T0
#0 0x5fcdc0 in Image::Indexed::setTransp(unsigned char) /home/pwd/git-fuzz/sam2p/image.cpp:563:35
#1 0x56c656 in in_gif_reader(Image::Loader::UFD*, SimBuffer::Flat const&) /home/pwd/git-fuzz/sam2p/in_gif.cpp:72:28
#2 0x61813a in Image::load(Image::Loader::UFD*, SimBuffer::Flat const&, char const*) /home/pwd/git-fuzz/sam2p/image.cpp:1435:14
#3 0x518bb5 in run_sam2p_engine(Files::FILEW&, Files::FILEW&, char const* const*, bool) /home/pwd/git-fuzz/sam2p/sam2p_main.cpp:1046:27
#4 0x5285b5 in main /home/pwd/git-fuzz/sam2p/sam2p_main.cpp:1147:10
#5 0x7f5cc964e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x41add9 in _start (/src/aflbuild/installed/bin/sam2p+0x41add9)
Address 0x60c0000043c0 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/pwd/git-fuzz/sam2p/image.cpp:563:35 in Image::Indexed::setTransp(unsigned char)
Shadow bytes around the buggy address:
0x0c187fff8820: 00 00 00 00 00 00 00 03 fa fa fa fa fa fa fa fa
0x0c187fff8830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c187fff8870: fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa fa
0x0c187fff8880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff88a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff88b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff88c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4183==ABORTING
others
from fuzz project pwd-sam2p-sam2p-01
crash name pwd-sam2p-sam2p-01-00000034-20190306.gif
Auto-generated by pyspider at 2019-03-06 18:39:22
sam2p
version
description
download link
DGifDecompressLine@cgif.c:1198-51___out-of-bounds-read
description
commandline
source
None
bug report
others
Image::Indexed::setTransp@image.cpp:563-35___heap-buffer-overflow
description
commandline
source
None
bug report
others
poc.tar.gz
The text was updated successfully, but these errors were encountered: