Menu
▾
▴
1 Attachments
#14 null pointer dereference incjpeg Edit
I would like to report a null pointer derefernece in libjpeg library in rdppm.c:153. here is the details:
This bug can be used to cause a denial of service attack and some cases remote code execution if the library is used in a system accepts users input.
$ /opt/libjpeg/bin/cjpeg crasher
Starting program: /opt/libjpeg/bin/cjpeg crasher
Program received signal SIGSEGV, Segmentation fault.
*#0 get_text_gray_row (cinfo=0x7fffffffe2c0, sinfo=<optimized out="">) at rdppm.c:153
1 0x0000000000401996 in main (argc=0x2, argv=0x7fffffffe618) at cjpeg.c:6**42
2 0x00007ffff7738af5 in __libc_start_main () from /lib64/libc.so.6
3 0x0000000000401e2d in _start ()
*ptr++ = rescale[read_pbm_integer(cinfo, infile)];
=> 0x407b08 <get_text_gray_row+200>: movzx esi,BYTE PTR [r13+rcx*1+0x0]
gdb$ p $r13+$rcx*1+0x0
gdb$ $8 = 0x92d91bc1
gdb$ x/x 0x92d91bc1
0x92d91bc1: Cannot access memory at address 0x92d91bc1
Aladdin Mubaied
Discussion
Anonymous
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Diff: