#79 Invalid heap read in gif2rgb, function DumpScreen2RGB()

v1.0_(example)
closed
None
1
2016-02-09
2016-01-12
Hanno Böck
No

The attached file will cause an out of bounds heap read in gif2rgb. This can be seen with either valgrind or address sanitizer. I'll attach the full output of address sanitizer as well.
This issue was found with american fuzzy lop.

2 Attachments

Discussion

  • Eric S. Raymond

    Eric S. Raymond - 2016-01-17

    Fixed in head, thanks.

     
  • Eric S. Raymond

    Eric S. Raymond - 2016-01-17
    • status: open --> closed
    • assigned_to: Eric S. Raymond
     
  • Eric S. Raymond

    Eric S. Raymond - 2016-01-17

    Fixed in head, thanks.

     
  • Hanno Böck

    Hanno Böck - 2016-01-17

    I don't see a fix for this, this is still happening in the current git head code.
    Have you actually pushed the commit? (I only see a fix for bug #78)

     
  • Eric S. Raymond

    Eric S. Raymond - 2016-01-22

    The bug is definitely failing to reproduce here, I re-downloded your test case and checked.

     
  • Hanno Böck

    Hanno Böck - 2016-01-23

    How have you tried to reproduce it? (I wrote that this can be seen with valgrind in my original report, but that seems not to be the case - address sanitizer is usually more powerful in finding these kinds of issues)

    The exact steps here how I can still reproduce it:
    git clone --depth=1 git://git.code.sf.net/p/giflib/code giflib-code
    cd giflib-code/
    CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" ./autogen.sh
    make
    wget https://sourceforge.net/p/giflib/bugs/79/attachment/gif2rgb-oob-heap-read.gif
    util/gif2rgb gif2rgb-oob-heap-read.gif

     
    • Eric S. Raymond

      Eric S. Raymond - 2016-02-09

      "Hanno Böck" ctulhu@users.sf.net:

      How have you tried to reproduce it? (I wrote that this can be seen with valgrind in my original report, but that seems not to be the case - address sanitizer is usually more powerful in finding these kinds of issues)

      The exact steps here how I can still reproduce it:
      git clone --depth=1 git://git.code.sf.net/p/giflib/code giflib-code
      cd giflib-code/
      CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" ./autogen.sh
      make
      wget https://sourceforge.net/p/giflib/bugs/79/attachment/gif2rgb-oob-heap-read.gif
      util/gif2rgb gif2rgb-oob-heap-read.gif

      I have added a couple of hardening patches recently. Would you please retest.

          <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
      
       
  • Hanno Böck

    Hanno Böck - 2016-02-09

    Tested again with latest git code, no change. bug still there.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks