Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Oct 2016 17:07:22 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: potrace: memory allocation failure

On Saturday 08 October 2016 22:30:54 Agostino Sarubbo wrote:
> A crafted image, through a fuzz testing, causes the memory allocation to
> fail.
> 
> This is the first case where my ASan symbolyzer didn’t start up correctly.
> I’m  reporting only what it prints at the end (not useful at all but
> demostrates a bit that the issue exist)

I worked on it and now I'm able to get the full stacktrace, which has been 
updated on the post.

For completeness I'm pasting the interesting trace here:

   #9 0x500bcb in bm_new /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/bitmap.h:76:30
    #10 0x500bcb in bm_readbody_bmp /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/bitmap_io.c:559
    #11 0x500bcb in bm_read /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/bitmap_io.c:133
    #12 0x4f8608 in process_file /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/main.c:1058:9
    #13 0x4f5904 in main /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/main.c:1214:7
    #14 0x7f167735c61f in __libc_start_main /var/tmp/portage/sys-
libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289
    #15 0x4190b8 in getenv (/usr/bin/potrace+0x4190b8)

--
Agostino

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ