Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Oct 2016 17:07:22 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: potrace: memory allocation failure

On Saturday 08 October 2016 22:30:54 Agostino Sarubbo wrote:
> A crafted image, through a fuzz testing, causes the memory allocation to
> fail.
> 
> This is the first case where my ASan symbolyzer didn’t start up correctly.
> I’m  reporting only what it prints at the end (not useful at all but
> demostrates a bit that the issue exist)

I worked on it and now I'm able to get the full stacktrace, which has been 
updated on the post.

For completeness I'm pasting the interesting trace here:

   #9 0x500bcb in bm_new /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/bitmap.h:76:30
    #10 0x500bcb in bm_readbody_bmp /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/bitmap_io.c:559
    #11 0x500bcb in bm_read /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/bitmap_io.c:133
    #12 0x4f8608 in process_file /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/main.c:1058:9
    #13 0x4f5904 in main /tmp/portage/media-
gfx/potrace-1.13/work/potrace-1.13/src/main.c:1214:7
    #14 0x7f167735c61f in __libc_start_main /var/tmp/portage/sys-
libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289
    #15 0x4190b8 in getenv (/usr/bin/potrace+0x4190b8)

--
Agostino

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.