Public bug reported: ================================================================= ==31092==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000009fc3 at pc 0x00000042709b bp 0x7ffdb81fee70 sp 0x7ffdb81fee60 READ of size 1 at 0x611000009fc3 thread T0 #0 0x42709a in process_DQT /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgqguess.c:111 #1 0x41ca02 in ReadJpegSections /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgfile.c:223 #2 0x41f62d in ReadJpegSections /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgfile.c:126 #3 0x41f62d in ReadJpegFile /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgfile.c:379 #4 0x411987 in ProcessFile /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jhead.c:905 #5 0x4036ca in main /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jhead.c:1756 #6 0x7f2d9edc983f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) #7 0x40d498 in _start (/home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jhead+0x40d498)
0x611000009fc3 is located 0 bytes to the right of 195-byte region [0x611000009f00,0x611000009fc3) allocated by thread T0 here: #0 0x7f2da0221602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x41beaa in ReadJpegSections /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgfile.c:173 #2 0x41f62d in ReadJpegSections /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgfile.c:126 #3 0x41f62d in ReadJpegFile /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgfile.c:379 #4 0x411987 in ProcessFile /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jhead.c:905 #5 0x4036ca in main /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jhead.c:1756 #6 0x7f2d9edc983f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/mondaylord/Documents/SMSE-AFL/bin/jhead-3.04/jpgqguess.c:111 process_DQT Shadow bytes around the buggy address: 0x0c227fff93a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff93b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff93c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff93d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff93e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c227fff93f0: 00 00 00 00 00 00 00 00[03]fa fa fa fa fa fa fa 0x0c227fff9400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff9410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff9420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff9430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c227fff9440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==31092==ABORTING ** Affects: jhead (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890227 Title: heap buffer overflow crashes on jhead To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1890227/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs