#319 SEGV in function Load() in PluginPFM.cpp

[freeKim]

SEGV in function Load() in PluginPFM.cpp

Summary:

There is a SEGV in PluginPFM.cpp while loading image with FreeImage_Load function。

Version Affected: 3.19.0 (r1828)

ASAN Details

AddressSanitizer:DEADLYSIGNAL
=================================================================
==24231==ERROR: AddressSanitizer: SEGV on unknown address 0x613fa5f646c0 (pc 0x0000005a86b3 bp 0x7ffee3d2c080 sp 0x7ffee3d2b8e0 T0)
==24231==The signal is caused by a WRITE memory access.
    #0 0x5a86b2 in Load(FreeImageIO*, void*, int, int, void*) /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/PluginPFM.cpp
    #1 0x5252fc in FreeImage_LoadFromHandle /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/Plugin.cpp:388:24
    #2 0x52550c in FreeImage_Load /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/Plugin.cpp:408:22
    #3 0x50640c in main /home/src/freeimage-svn/FreeImage/trunk/load-test.c:16:18
    #4 0x7f6f56aa6b6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a)
    #5 0x428569 in _start (/home/src/freeimage-svn/FreeImage/trunk/load-test+0x428569)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/PluginPFM.cpp in Load(FreeImageIO*, void*, int, int, void*)
==24231==ABORTING

Reproduce

To reproduce it ,compile FreeImage with ASAN. Then compile and execute the test file in the attachment as follows:

Clang++ -g -fsanitize=address load-test.c -lfreeimage -L. -lm -o load-test
./load-test SEGV_PluginPFM_cpp

Credit

ADLab of Venustech

[Hervé Drolon]

Hi,

This use case is fixed in the SVN
https://sourceforge.net/p/freeimage/svn/HEAD/tree/FreeImage/trunk/
The fix will be available in the next FreeImage release.

Hervé