Monthly Archives: April 2017

Description: imageworsener is a utility for image scaling and processing. The complete ASan output of the issue: # imagew $FILE /tmp/out -outfmt bmp ==20314==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fe233b99af8 at pc 0x7fea7f55da64 bp 0x7ffdb4737840 sp 0x7ffdb4737838 WRITE of size 4 … Continue reading →

Description: imageworsener is a utility for image scaling and processing. There are two left shift visible with UbSan enabled. # imagew $FILE /tmp/out -outfmt bmp src/imagew-util.c:415:68: runtime error: left shift of 255 by 24 places cannot be represented in type … Continue reading →

Description: imageworsener is a utility for image scaling and processing. There is a memory allocation failure, I will show the interesting ASan output, # imagew $FILE /tmp/out -outfmt bmp #8 0x551fc0 in my_mallocfn /tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-cmd.c:794:9 #9 0x7f37f140c9ae in iw_malloc_ex /tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-util.c:48:8 #10 … Continue reading →

Description: imageworsener is a utility for image scaling and processing. A fuzz on it discovered a divide-by-zero. The complete ASan output: # imagew $FILE /tmp/out -outfmt bmp ==20305==ERROR: AddressSanitizer: FPE on unknown address 0x7f8e57340cd6 (pc 0x7f8e57340cd6 bp 0x7ffc0fee8910 sp 0x7ffc0fee87e0 … Continue reading →

Description: libcroco is a Generic Cascading Style Sheet (CSS) parsing and manipulation toolkit. A fuzz on it discovered and heap overflow and an undefined behavior. The complete ASan output: # csslint-0.6 $FILE ==9246==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400000007a at pc … Continue reading →

Description: libsndfile is a C library for reading and writing files containing sampled sound. A fuzz via the sndfile-resample command-line tool of libsamplerate, discovered and invalid memory read and an invalid memory write. The upstream author Erik de Castro Lopo … Continue reading →

Description: libsamplerate is a Sample Rate Converter for audio. This bug was initially discovered and silently fixed by the upstream author Erik de Castro Lopo (erikd). As usual I’m providing the stacktrace and the reproducer so that all release distros … Continue reading →

Description: binutils are a collection of binary tools necessary to build programs. An updated clang version were able to discover two null pointer dereference in the following simple way: # echo “int main () { return 0; }” > test.c … Continue reading →

Description: elfutils is a set of libraries/utilities to handle ELF objects (drop in replacement for libelf). A fuzz on eu-elflint showed a memory allocation failure. The interesting ASan output: # eu-elflint -d $FILE ==5053==AddressSanitizer CHECK failed: /tmp/portage/sys-devel/gcc-6.3.0/work/gcc-6.3.0/libsanitizer/sanitizer_common/sanitizer_common.cc:180 “((0 && “unable … Continue reading →

Description: elfutils is a set of libraries/utilities to handle ELF objects (drop in replacement for libelf). A fuzz on eu-elflint showed an heap overflow. The complete ASan output: # eu-elflint -d $FILE ==14428==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000aff4 at pc … Continue reading →