Menu

#554 Divide-by-zero in ReadMNGImage (coders/png.c)

v1.0_(example)
closed-fixed
None
5
2018-03-25
2018-03-25
Trace Probe
No

On lastest version and changeset ec4d09b23157, there is a divide-by-zero in ReadMNGImage function of coders/png.c, which could be triggered by the POC below.

To reproduce the issue, build with ASAN and run: ./gm identify $POC.

The complete stack trace is below:

==159644==ERROR: AddressSanitizer: FPE on unknown address 0x000000855d94 (pc 0x000000855d94 bp 0x7ffca6ae8b30 sp 0x7ffca6ae67c0 T0)
# 0 0x855d93 in ReadMNGImage /u/test/test/product/graphicsmagick/master/src/coders/png.c:4638:61
1 0x5d1ab9 in ReadImage /u/test/test/product/graphicsmagick/master/src/magick/constitute.c:1607:13
2 0x5d10de in PingImage /u/test/test/product/graphicsmagick/master/src/magick/constitute.c:1370:9
3 0x57bffe in IdentifyImageCommand /u/test/test/product/graphicsmagick/master/src/magick/command.c:8379:17
4 0x57eed1 in MagickCommand /u/test/test/product/graphicsmagick/master/src/magick/command.c:8872:17
5 0x5a4353 in GMCommandSingle /u/test/test/product/graphicsmagick/master/src/magick/command.c:17393:10
6 0x5a3053 in GMCommand /u/test/test/product/graphicsmagick/master/src/magick/command.c:17446:16
7 0x7f4db84edc04 in __libc_start_main (/lib64/libc.so.6+0x21c04)
8 0x4240db in _start (/home/test/test/product/graphicsmagick/master/exe_asan/bin/gm+0x4240db)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /u/test/test/product/graphicsmagick/master/src/coders/png.c:4638:61 in ReadMNGImage
==159644==ABORTING

1 Attachments

Discussion

  • Bob Friesenhahn

    Bob Friesenhahn - 2018-03-25
    • status: open --> closed-fixed
    • assigned_to: Bob Friesenhahn
     
  • Bob Friesenhahn

    Bob Friesenhahn - 2018-03-25

    This issue is solved by Mercurial changeset 15496:84040fada1ee. Thank you very much for the report.

     

Log in to post a comment.