Public bug reported:
# enviroment
ubuntu 18.04
./jhead poc
# version
3.04
# asan out
==6757==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x612000000144
at pc 0x56033e019b38 bp 0x7ffe9162eb20 sp 0x7ffe9162eb10
READ of size 1 at 0x612000000144 thread T0
#0 0x56033e019b37 in process_DQT jpgqguess.c:111
#1 0x56033e0128e2 in ReadJpegSections jpgfile.c:223
#2 0x56033e01490e in ReadJpegSections jpgfile.c:126
#3 0x56033e01490e in ReadJpegFile jpgfile.c:379
#4 0x56033e00a66c in ProcessFile jhead.c:905
#5 0x56033e005b2e in main jhead.c:1756
#6 0x7f5889de2bf6 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#7 0x56033e008279 in _start (/home/fuzz/jhead-3.04/jhead+0x12279)
0x612000000144 is located 0 bytes to the right of 260-byte region
[0x612000000040,0x612000000144)
allocated by thread T0 here:
#0 0x7f588a62eb40 in __interceptor_malloc
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
#1 0x56033e011d6b in ReadJpegSections jpgfile.c:173
SUMMARY: AddressSanitizer: heap-buffer-overflow jpgqguess.c:111 in process_DQT
Shadow bytes around the buggy address:
0x0c247fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c247fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c247fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c247fff8020: 00 00 00 00 00 00 00 00[04]fa fa fa fa fa fa fa
0x0c247fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c247fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6757==ABORTING
** Affects: jhead (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "poc file"
https://bugs.launchpad.net/bugs/1920605/+attachment/5478474/+files/poc3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1920605
Title:
heap overflow
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1920605/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
