Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

## Out-of-range in function tinyexr::SaveEXR tinyexr.h:13107 #109

Closed
ChijinZ opened this issue Mar 5, 2019 · 0 comments
Closed

## Out-of-range in function tinyexr::SaveEXR tinyexr.h:13107 #109

ChijinZ opened this issue Mar 5, 2019 · 0 comments

Comments

@ChijinZ
Copy link

ChijinZ commented Mar 5, 2019

I build tinyexr with clang and address sanitizer. When testcase (see: https://github.com/ChijinZ/security_advisories/blob/master/tinyexr_65f9859/crashes/out-of-range-in-tinyexr.h:13107) is input into test_tinyexr (command: ./test_tinyexr testcase), a out-of-range has triggered.

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6aba801 in __GI_abort () at abort.c:79
#2  0x00007ffff7ad88b7 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00007ffff7adea06 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4  0x00007ffff7adea41 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5  0x00007ffff7adec74 in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x00007ffff7ada7b5 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7  0x000000000058df09 in std::vector<float, std::allocator<float> >::_M_range_check (this=<optimized out>, __n=0)
    at /usr/bin/../lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:825
#8  std::vector<float, std::allocator<float> >::at (this=<optimized out>, __n=0) at /usr/bin/../lib/gcc/x86_64-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:846
#9  SaveEXR (data=<optimized out>, width=0, height=112, components=4, save_as_fp16=1, outfilename=0x5f38e0 <.str> "output.exr", err=<optimized out>) at /home/jin/Documents/cve/tinyexr/./tinyexr.h:13107
#10 0x000000000058f01c in main (argc=<optimized out>, argv=<optimized out>) at test_tinyexr.cc:141
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants