New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security]Multiple Memory error #663

Closed
hellok opened this Issue Nov 24, 2015 · 4 comments

Comments

Projects
None yet
3 participants
@hellok

hellok commented Nov 24, 2015

1.software:
openjpeg-version.2.1latest
found by alphafuzzer http://blog.topsec.com.cn/ad_lab/alphafuzzer/

2.reproduce:
3 different type error.
openjpeg-version.2.1/bin/opj_decompress -o 1.pgm -i input1

download:
input1 file:http://166.111.132.158:8000/
input2 file:http://166.111.132.158:8000/
input3 file:http://166.111.132.158:8000/

3.stack:
gdb-peda$ r -o 1.pgm -i input1

Starting program: /home/openjpeg-version.2.1/bin/opj_decompress -o 1.pgm -i input1

The extension of this file is incorrect.

FOUND s:15. SHOULD BE .jp2

[INFO] Start to read j2k main header (85).

Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
EAX: 0x83bdb77 --> 0x8
EBX: 0xb7e93000 --> 0x1b6da4
ECX: 0x980b3b
EDX: 0xb7258842 --> 0x0
ESI: 0x83bdb77 --> 0x8
EDI: 0xfffefdf1
EBP: 0x83ac290 --> 0x1
ESP: 0xbfffba38 --> 0xb7fd839c --> 0xdc1a8
EIP: 0xb7e060e9 (movdqu xmm4,XMMWORD PTR [eax+ecx_1-0x40])
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0xb7e060da: movdqu xmm1,XMMWORD PTR [eax+0x10]
0xb7e060df: movdqu xmm2,XMMWORD PTR [eax+0x20]
0xb7e060e4: movdqu xmm3,XMMWORD PTR [eax+0x30]
=> 0xb7e060e9: movdqu xmm4,XMMWORD PTR [eax+ecx_1-0x40]
0xb7e060ef: movdqu xmm5,XMMWORD PTR [eax+ecx_1-0x30]
0xb7e060f5: movdqu xmm6,XMMWORD PTR [eax+ecx_1-0x20]
0xb7e060fb: movdqu xmm7,XMMWORD PTR [eax+ecx*1-0x10]
0xb7e06101: movdqu XMMWORD PTR [edx],xmm0
[------------------------------------stack-------------------------------------]
0000| 0xbfffba38 --> 0xb7fd839c --> 0xdc1a8
0004| 0xbfffba3c --> 0xb7f41086 (<j2k_read_ppm_v3+1350>: mov eax,DWORD PTR [esp+0x38])
0008| 0xbfffba40 --> 0xb7258842 --> 0x0
0012| 0xbfffba44 --> 0x83bdb77 --> 0x8
0016| 0xbfffba48 --> 0x980b3b
0020| 0xbfffba4c --> 0x8
0024| 0xbfffba50 --> 0x83ad960 --> 0x0
0028| 0xbfffba54 --> 0xb7bda0cf --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0xb7e060e9 in ?? () from /lib/i386-linux-gnu/libc.so.6
gdb-peda$

@mayeut

This comment has been minimized.

Show comment
Hide comment
@mayeut

mayeut Jan 6, 2016

Collaborator

@hellok
Thanks for reporting this. I'm having trouble to download the input images. Are the links still OK ?

Collaborator

mayeut commented Jan 6, 2016

@hellok
Thanks for reporting this. I'm having trouble to download the input images. Are the links still OK ?

@stweil

This comment has been minimized.

Show comment
Hide comment
@stweil

stweil Jan 6, 2016

Contributor

@hellok, the download links don't work for normal internet users like me.

Contributor

stweil commented Jan 6, 2016

@hellok, the download links don't work for normal internet users like me.

@hellok

This comment has been minimized.

Show comment
Hide comment
@hellok

hellok commented Jan 20, 2016

@mayeut @stweil try this, : )
sample.zip

@mayeut mayeut added this to the OPJ v2.1.1 milestone Jan 27, 2016

@mayeut

This comment has been minimized.

Show comment
Hide comment
@mayeut

mayeut Jan 27, 2016

Collaborator

All those images are failing gracefully with master.

Collaborator

mayeut commented Jan 27, 2016

All those images are failing gracefully with master.

@mayeut mayeut closed this Jan 27, 2016

@detonin detonin changed the title from [Security]Multiple Memory error to [Security]Multiple Memory error Jan 27, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment