[Bug 1751738] [NEW] Invalid memory address dereference in Image::RGB::RGB (in image.cpp)

Mon, 26 Feb 2018 01:31:02 -0800 

Public bug reported:

Package: sam2p
Version: 0.49.2 - 0.49.4
Source code:https://github.com/pts/sam2p

Details:
In function Image::RGB::RGB at image.cpp (Line 1239,sam2p version:0.49.4):
Key code that causes crashes:
Image::RGB::RGB(Image::Sampled::dimen_t wd_, Image::Sampled::dimen_t ht_, 
unsigned char bpc_) {
  init(0,0,wd_,ht_,bpc_,TY_RGB,3);

Crash Information:
The output with address sanitizer enabled:

> ./sam2p 007-unknown-add-refer EPS: /dev/null 
> This is sam2p 0.49.4.
> Available Loaders: PS PDF JAI PNG JPEG TIFF PNM BMP GIF LBM XPM PCX TGA.
> Available Appliers: XWD Meta Empty BMP PNG TIFF6 TIFF6-JAI JPEG-JAI JPEG PNM 
> GIF89a+LZW XPM PSL1C PSL23+PDF PSL2+PDF-JAI P-TrOpBb.
> ASAN:SIGSEGV
> ==10156==ERROR: AddressSanitizer: SEGV on unknown address 0x10009e757d03 (pc 
> 0x7ffff6ef6b73 bp 0x7fffffffd6b0 sp 0x7fffffffce40 T0)
>     #0 0x7ffff6ef6b72 in __asan_memset 
> (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8cb72)
>     #1 0x474210 in Image::RGB::RGB(unsigned int, unsigned int, unsigned char) 
> /root/sam2p_ASAN2/sam2p/image.cpp:1239
>     #2 0x431fe6 in LoadPCX /root/sam2p_ASAN2/sam2p/in_pcx.cpp:213
>     #3 0x431fe6 in in_pcx_reader /root/sam2p_ASAN2/sam2p/in_pcx.cpp:533
>     #4 0x475999 in Image::load(Image::Loader::UFD*, SimBuffer::Flat const&, 
> char const*) /root/sam2p_ASAN2/sam2p/image.cpp:1427
>     #5 0x40384a in run_sam2p_engine(Files::FILEW&, Files::FILEW&, char const* 
> const*, bool) /root/sam2p_ASAN2/sam2p/sam2p_main.cpp:1055
>     #6 0x402463 in main /root/sam2p_ASAN2/sam2p/sam2p_main.cpp:1148
>     #7 0x7ffff6ac082f in __libc_start_main 
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>     #8 0x402d38 in _start (/usr/local/sam2p-asan2/bin/sam2p+0x402d38)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV ??:0 __asan_memset
> ==10156==ABORTING

reference link:https://github.com/pts/sam2p/issues/19

** Affects: sam2p (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: security

** Attachment added: "PoC File"
   
https://bugs.launchpad.net/bugs/1751738/+attachment/5063359/+files/007-unknown-add-refer

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1751738

Title:
  Invalid memory address dereference in Image::RGB::RGB (in image.cpp)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sam2p/+bug/1751738/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to