#62 invalid memory access in most command line tools in util

Hanno Böck

When compiling giflib and the command line tools in the util subdir with Address Sanitizer (CFLAGS="-fsanitize=address") most of them won't even run, because already a simple call will result in an invalid memory access.
I'll attach a sample output for gif2rgb. The issue seems to be in the args parsing routinges:

==7656==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fffb06b8870 at pc 0x40b015 bp 0x7fffb06b7b80 sp 0x7fffb06b7b70
READ of size 8 at 0x7fffb06b8870 thread T0
#0 0x40b014 in GAGetArgs /tmp/giflib-5.1.1/util/getarg.c:177
#1 0x402dda in main /tmp/giflib-5.1.1/util/gif2rgb.c:507
#2 0x7f11582c4f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
#3 0x406cf1 (/mnt/ram/giflib-5.1.1/util/gif2rgb+0x406cf1)

1 Attachments


  • Eric S. Raymond

    Eric S. Raymond - 2015-01-31

    And yet these tools pass their regression tests. Therefore this might be a false positive in your fault analyzer.

    If you can identify an actual error, I'll fix it.

  • Eric S. Raymond

    Eric S. Raymond - 2015-01-31
  • Hanno Böck

    Hanno Böck - 2015-09-10

    Hi, just reviewing old issues.

    The bug here is in the file getarg.c. The command line arguments are parsed here:
    for (i = 1; i <= MAX_PARAM; i++)
    Parameters[i - 1] = va_arg(ap, void *);

    MAX_PARAM is 100. That means it will call va_arg 100 times no matter how many command line arguments there are. That's of course not how va_arg is supposed to be used, it will read random garbage from memory. I think GAGetArgs needs to be changed to contain an additional parameter that tells it how many varargs there are to be expected.

  • Eric S. Raymond

    Eric S. Raymond - 2016-01-07

    Fix has been applied.

  • Eric S. Raymond

    Eric S. Raymond - 2016-01-07
    • status: open --> closed
    • assigned_to: Eric S. Raymond

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks