Date: Fri, 21 Oct 2016 17:07:22 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: Re: potrace: memory allocation failure On Saturday 08 October 2016 22:30:54 Agostino Sarubbo wrote: > A crafted image, through a fuzz testing, causes the memory allocation to > fail. > > This is the first case where my ASan symbolyzer didn’t start up correctly. > I’m reporting only what it prints at the end (not useful at all but > demostrates a bit that the issue exist) I worked on it and now I'm able to get the full stacktrace, which has been updated on the post. For completeness I'm pasting the interesting trace here: #9 0x500bcb in bm_new /tmp/portage/media- gfx/potrace-1.13/work/potrace-1.13/src/bitmap.h:76:30 #10 0x500bcb in bm_readbody_bmp /tmp/portage/media- gfx/potrace-1.13/work/potrace-1.13/src/bitmap_io.c:559 #11 0x500bcb in bm_read /tmp/portage/media- gfx/potrace-1.13/work/potrace-1.13/src/bitmap_io.c:133 #12 0x4f8608 in process_file /tmp/portage/media- gfx/potrace-1.13/work/potrace-1.13/src/main.c:1058:9 #13 0x4f5904 in main /tmp/portage/media- gfx/potrace-1.13/work/potrace-1.13/src/main.c:1214:7 #14 0x7f167735c61f in __libc_start_main /var/tmp/portage/sys- libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289 #15 0x4190b8 in getenv (/usr/bin/potrace+0x4190b8) -- Agostino
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ