Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Sep 2016 12:24:23 -0700
From: Seth Arnold <>
To: Hanno Böck <>
Cc: "" <>,
Subject: Re: Heapoverflow in giflib5.1.4

On Tue, Sep 13, 2016 at 06:55:08PM +0200, Hanno Böck wrote:
> Two notes:
> * This is a bug *only* in the gif2rgb command line tool, not in giflib
>   itself.
> * I reported this before. The giflib maintainer claimed multiple times
>   that he has fixed it, yet he hasn't. See:

Hanno, can you still reproduce this issue? I followed your excellent
reproducer script and I don't get any ASAN warnings. If you still get ASAN
warnings this may indicate the source of the confusion.


ubuntu@x1:~$ git clone --depth=1 git:// giflib-code
Cloning into 'giflib-code'...
remote: Counting objects: 149, done.
remote: Compressing objects: 100% (147/147), done.
remote: Total 149 (delta 22), reused 10 (delta 0)
Receiving objects: 100% (149/149), 389.03 KiB | 0 bytes/s, done.
Resolving deltas: 100% (22/22), done.
Checking connectivity... done.
ubuntu@x1:~$  cd giflib-code/
ubuntu@x1:~/giflib-code$ CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" ./
Warning: This script will run configure for you -- if you need to pass
  arguments to configure, please give them as arguments to this script.
aclocal: warning: couldn't open directory 'm4': No such file or directory installing './ar-lib' installing './compile' installing './config.guess' installing './config.sub' installing './install-sh' installing './missing' installing './INSTALL'
parallel-tests: installing './test-driver'
lib/ installing './depcomp'
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
configure: creating ./config.status
config.status: creating util/Makefile
config.status: creating lib/Makefile
config.status: creating Makefile
config.status: creating doc/Makefile
config.status: creating pic/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
ubuntu@x1:~/giflib-code$ make -j
make  all-recursive
make[1]: Entering directory '/home/ubuntu/giflib-code'
Making all in lib
make[2]: Entering directory '/home/ubuntu/giflib-code/lib'
  CC       dgif_lib.lo
  CC       gif_font.lo
  CC       egif_lib.lo
  CC       gif_hash.lo
  CC       gifalloc.lo
  CC       openbsd-reallocarray.lo
  CC       gif_err.lo
  CC       quantize.lo
ar: `u' modifier ignored since `D' is the default (see `U')
make[2]: Leaving directory '/home/ubuntu/giflib-code/lib'
Making all in util
make[2]: Entering directory '/home/ubuntu/giflib-code/util'
  CC       getarg.o
  CC       gif2rgb.o
  CC       qprintf.o
  CC       gifbuild.o
  CC       gifecho.o
  CC       gifinto.o
  CC       giftext.o
  CC       giftool.o
  CC       gifclrmp.o
  CC       giffix.o
  CC       gifbg.o
  CC       gifcolor.o
  CC       giffilter.o
  CC       gifsponge.o
  CC       gifhisto.o
  CC       gifwedge.o
  AR       libgetarg.a
ar: `u' modifier ignored since `D' is the default (see `U')
  CCLD     gif2rgb
  CCLD     gifecho
  CCLD     giffix
  CCLD     giftext
  CCLD     gifinto
  CCLD     giftool
  CCLD     gifbg
  CCLD     gifclrmp
  CCLD     gifcolor
  CCLD     giffilter
  CCLD     gifsponge
  CCLD     gifwedge
  CCLD     gifhisto
  CCLD     gifbuild
make[2]: Leaving directory '/home/ubuntu/giflib-code/util'
Making all in pic
make[2]: Entering directory '/home/ubuntu/giflib-code/pic'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/ubuntu/giflib-code/pic'
make[2]: Entering directory '/home/ubuntu/giflib-code'
make[2]: Leaving directory '/home/ubuntu/giflib-code'
make[1]: Leaving directory '/home/ubuntu/giflib-code'
ubuntu@x1:~/giflib-code$ wget
--2016-09-13 19:19:27--
Resolving (
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20 [image/gif]
Saving to: ‘gif2rgb-oob-heap-read.gif’

gif2rgb-oob-heap-read.gif    100%[=============================================>]      20  --.-KB/s    in 0s

2016-09-13 19:19:27 (2.73 MB/s) - ‘gif2rgb-oob-heap-read.gif’ saved [20/20]

ubuntu@x1:~/giflib-code$  util/gif2rgb gif2rgb-oob-heap-read.gif
Background color out of range for colormap

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ