Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stbi__shiftsigned has assertion which can be triggered by user supplied image file.
poc: poc.zip
result:
#0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff678c801 in __GI_abort () at abort.c:79 #2 0x00007ffff677c39a in __assert_fail_base ( fmt=0x7ffff69037d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5adc60 <.str.73> "v >= 0 && v < 256", file=file@entry=0x5ac2a0 <.str.2> "./stb_image.h", line=line@entry=0x13bc, function=function@entry=0x5adca0 <__PRETTY_FUNCTION__.stbi__shiftsigned> "int stbi__shiftsigned(int, int, int)") at assert.c:92 #3 0x00007ffff677c412 in __GI___assert_fail (assertion=0x5adc60 <.str.73> "v >= 0 && v < 256", file=0x5ac2a0 <.str.2> "./stb_image.h", line=0x13bc, function=0x5adca0 <__PRETTY_FUNCTION__.stbi__shiftsigned> "int stbi__shiftsigned(int, int, int)") at assert.c:101 #4 0x0000000000536b79 in stbi__shiftsigned (v=0xffffffa5, shift=0x18, bits=0xd) at ./stb_image.h:5052 #5 0x00000000005030b4 in stbi__bmp_load (s=0x7fffffffcc80, x=0x607000000038, y=0x60700000003c, comp=0x7fffffffcda0, req_comp=0x3, ri=0x7fffffffc940) at ./stb_image.h:5287 #6 0x00000000004ff7b3 in stbi__load_main (s=0x7fffffffcc80, x=0x607000000038, y=0x60700000003c, comp=0x7fffffffcda0, req_comp=0x3, ri=0x7fffffffc940, bpc=0x8) at ./stb_image.h:988 #7 0x00000000004fa325 in stbi__load_and_postprocess_8bit (s=0x7fffffffcc80, x=0x607000000038, y=0x60700000003c, comp=0x7fffffffcda0, req_comp=0x3) at ./stb_image.h:1092 #8 0x00000000004ff0b2 in load_with_builtin (pchunk=0x603000000010, fstatic=0x0, fuse_palette=0x1, reqcolors=0x100, bgcolor=0x0, loop_control=0x0, fn_load=0x4d0b50 <load_image_callback>, context=0x610000000040) at loader.c:912 #9 0x00000000004fddc3 in sixel_helper_load_image_file (filename=0x7fffffffe5da "poc", fstatic=0x0, fuse_palette=0x1, reqcolors=0x100, bgcolor=0x0, loop_control=0x0, fn_load=0x4d0b50 <load_image_callback>, finsecure=0x0, cancel_flag=0x108e980 <signaled>, context=0x610000000040, allocator=0x604000000010) at loader.c:1392 #10 0x00000000004d0858 in sixel_encoder_encode (encoder=0x610000000040, filename=0x7fffffffe5da "poc") at encoder.c:1737 #11 0x00000000004c66c9 in main (argc=0x2, argv=0x7fffffffe308) at img2sixel.c:457 #12 0x00007ffff676db97 in __libc_start_main (main=0x4c3320 <main>, argc=0x2, argv=0x7fffffffe308, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe2f8) at ../csu/libc-start.c:310 #13 0x000000000041bd3a in _start ()
The text was updated successfully, but these errors were encountered:
According to the MITRE CVE feed, this issue has been assigned CVE-2019-20056, altough the issue seem to be in stb_image.h, and not specific to libsixel.
Sorry, something went wrong.
Fix for CVE-2019-20056, assertion failure problem(#126). Thanks to @s…
bab1e60
…leicasper
814f831
Fixed on v1.8.5. Thanks!
No branches or pull requests
stbi__shiftsigned has assertion which can be triggered by user supplied image file.
poc:
poc.zip
result:
The text was updated successfully, but these errors were encountered: