#166 a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c

[Mr.lei]

compile :
export CC=clang
export CXX=clang++
use asan
make

than:run it
giving a malform args,it will be segment fault and leak memory and print something

such as:

command : ./gif2rgb -s

cc@ubuntu:~/Downloads/giflib-5.2.1$ ./gif2rgb -s
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2500==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fe2786db817 bp 0x7ffdeac3b1e0 sp 0x7ffdeac3b198 T0)
==2500==The signal is caused by a READ memory access.
==2500==Hint: address points to the zero page.
#0 0x7fe2786db817 /build/glibc-SzIz7B/glibc-2.31/string/../sysdeps/x86_64/multiarch/memchr-avx2.S:65
#1 0x7fe2785eadb5 in _IO_str_init_static_internal /build/glibc-SzIz7B/glibc-2.31/libio/strops.c:41:11
#2 0x7fe2785ba421 in _IO_strfile_read /build/glibc-SzIz7B/glibc-2.31/stdio-common/../libio/strfile.h:95:3
#3 0x7fe2785ba421 in __isoc99_vsscanf /build/glibc-SzIz7B/glibc-2.31/stdio-common/isoc99_vsscanf.c:33:13
#4 0x43a238 in __isoc99_sscanf (/home/cc/Downloads/giflib-5.2.1/gif2rgb+0x43a238)
#5 0x4e1bf6 in GAGetParmeters /home/cc/Downloads/giflib-5.2.1/getarg.c
#6 0x4e1bf6 in GAUpdateParameters /home/cc/Downloads/giflib-5.2.1/getarg.c:292:12
#7 0x4e1bf6 in GAGetArgs /home/cc/Downloads/giflib-5.2.1/getarg.c:188:22
#8 0x4c4512 in main /home/cc/Downloads/giflib-5.2.1/gif2rgb.c:509:18
#9 0x7fe27857b082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#10 0x41c3dd in _start (/home/cc/Downloads/giflib-5.2.1/gif2rgb+0x41c3dd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-SzIz7B/glibc-2.31/string/../sysdeps/x86_64/multiarch/memchr-avx2.S:65
==2500==ABORTING

command

./gif2rgb -s 1 2

and then input enter 6 time

 such as:

 cc@ubuntu:~/Downloads/giflib-5.2.1$ ./gif2rgb -s 1 2

GI;8,a�

==2682==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x494b1d in malloc (/home/cc/Downloads/giflib-5.2.1/gif2rgb+0x494b1d)
#1 0x4dc162 in GifMakeMapObject /home/cc/Downloads/giflib-5.2.1/gifalloc.c:53:32

Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x494b1d in malloc (/home/cc/Downloads/giflib-5.2.1/gif2rgb+0x494b1d)
#1 0x4c4772 in RGB2GIF /home/cc/Downloads/giflib-5.2.1/gif2rgb.c:227:34
#2 0x4c4772 in main /home/cc/Downloads/giflib-5.2.1/gif2rgb.c:530:2
#3 0x7f2a11889082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

Indirect leak of 768 byte(s) in 1 object(s) allocated from:
#0 0x494c92 in calloc (/home/cc/Downloads/giflib-5.2.1/gif2rgb+0x494c92)
#1 0x4dc17e in GifMakeMapObject /home/cc/Downloads/giflib-5.2.1/gifalloc.c:58:38

SUMMARY: AddressSanitizer: 794 byte(s) leaked in 3 allocation(s).

[Eric S. Raymond]

This is not an interesting bug. gif2rgb is vey old, very crappy code. It's bot imoirtant for anything, it's lagacy form nearly 40 yers ago and the manual page has a warning that the tool can be coredumped by malformed gifs.

Please do not report the 2,317th crash bug in gif2rgb unless you can include a patcjh to fix it.

[Eric S. Raymond]

After I wroye my previous reoly this bug was fixed.

[Sebastian Pipping]

I checked Git masteragainst the two cases just now.
The first case — command ./gif2rgb -s — I confirm as fixed (by commit 38e39296dea689c0ca972f6abb2e6cc180dfbd8f that is attributed to issue 153).

The second case — command yes '' | ./gif2rgb -s 1 2 — fails with the exact same LeakSanitizer output on master of today (at 8bed392c280ad2c237e8bf1beca6f8f68f893e87).