Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kodi image exif parse bug #22377

Closed
5 tasks
dhje0ng opened this issue Jan 3, 2023 · 8 comments · Fixed by #22380
Closed
5 tasks

kodi image exif parse bug #22377

dhje0ng opened this issue Jan 3, 2023 · 8 comments · Fixed by #22380
Labels
Resolution: Fixed issue was resolved by a code change

Comments

@dhje0ng
Copy link

dhje0ng commented Jan 3, 2023

Bug report

Describe the bug

After inserting the wrong/malformed image file into the USB storage device and mounting it, run kodi to run the Picture application. Exifparse crashes while scanning (reading) the wrong image files included in the USB storage device, leading to the termination of the process

Expected Behavior

If you include an invalid image file, the kodi process crashes, you can check the memory address through the internal crash log.

Actual Behavior

Possible Fix

  1. Please check the attached crash report information. It is reporting which functions are crashing. I guess is that it has to do with CExifparse function.

To Reproduce

Steps to reproduce the behavior:

  1. Save the attached image file to a USB storage device.
  2. After recognizing the USB storage device in an environment that can operate kodi, such as Raspberry Pi, run the Picture application inside kodi.
  3. After a while the process crashes.
  4. If you need a crash log dump, you can enable the log dump option in preferences within kodi.

image.zip

Debuglog

kodi_crashlog-20230103_053835.log
kodi_crashlog-20230103_071817.log
kodi_crashlog-20230103_071903.log

Screenshots

스크린샷 2023-01-03 오후 4 30 51

Additional context or screenshots (if appropriate)

Here is some additional context or explanation that might help:

스크린샷 2023-01-03 오후 4 32 28

Your Environment

Used Operating system:

  • [O] Android

  • iOS

  • tvOS

  • [0] Linux

  • macOS

  • Windows

  • Windows UWP

  • Operating system version/name: Raspberrypi 4

  • Kodi version: Latest Version.

note: Once the issue is made we require you to update it with new information or Kodi versions should that be required.
Team Kodi will consider your problem report however, we will not make any promises the problem will be solved.

@fritsch
Copy link
Member

fritsch commented Jan 3, 2023

Thanks very much, might be this one:
image

which was also found by Coverity.

@fritsch
Copy link
Member

fritsch commented Jan 3, 2023

Potential fix: fritsch@367cc80

Why I say potential:

  • I currently cannot compile kodi
  • The implementation we have here seems to be from the same GPL source as android uses it

It might be better to remove kodi's code and somehow rely on upstream libraries to not run into such issues in the future.

@dhje0ng
Copy link
Author

dhje0ng commented Jan 3, 2023

Can this be rated as a vulnerability? For example, CVE (Common Vulnerabilities and Exposure)

@fritsch
Copy link
Member

fritsch commented Jan 3, 2023

I informed the team internally and the process now starts to run. It is definitely a potential DOS and should be handled as such.

As an inactive senior member I don't really know the processes internally anymore, but I made sure the team was made aware. Thanks much for reporting.

@dhje0ng
Copy link
Author

dhje0ng commented Jan 3, 2023

Thank you Once the process is complete, CVE will proceed with registration from the internal team that manages Kodi?

@fritsch
Copy link
Member

fritsch commented Jan 3, 2023

Btw. do you test old exploits? I fixed now all illegal memory accesses and it seems, that you are using drafted images, that were used to fix these issues in upstream code some years ago.

Is this some "university" bug hunting game? Just out of curiosity, it needs fixing - that is clear.

Second part: fritsch@54df944

@dhje0ng
Copy link
Author

dhje0ng commented Jan 3, 2023

No, it's just that we've found an unexpected bug in the process of using, researching, and testing Kodi software on Android platforms, and we're reporting it because we want it to be officially patched.

I didn't think it was a bug bounty. but I'd be happy if it was recognized as a vulnerability to illegal memory access.

The process seems to have been completed because you finally told me that the patch was applied.

@fritsch
Copy link
Member

fritsch commented Jan 3, 2023

Thanks again very much. We still need to review the issue.

Let those reports coming :-). We are very short on people working on kodi, it's a freetime project you know. So whenever you find something and have an idea on how to fix it, feel free to contribute.

It would also be great if you could verify that kodi with the linked PullRequest is also fine for you. I tested with the memory sanitizers on AMD64, so depending on ptr sizes / etc. there might be differences.

Thanks again for your time you invested into kodi.

@thexai thexai added the Resolution: Fixed issue was resolved by a code change label Jan 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Resolution: Fixed issue was resolved by a code change
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants