<div dir="ltr">
<pre>Package: dcraw<br>Version: 9.28-7</pre><pre>Found a memory leak in the latest version of dcraw.<br><br>Here is a transcript:
<br>osboxes@osboxes:~/Desktop$ dcraw -g 2.2 1.0 -b 1.2 -j leak<br>fseek(0x5a1841ba9430, -2145648639,0): Invalid argument<br>osboxes@osboxes:~/Desktop$<br><br></pre><pre>For reference:<br><a href="https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=memory+leak" target="_blank">https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=memory+leak</a><br><br></pre><pre>Impact:<br>
Memory leaks can create vulnerabilities. Attackers might exploit them to degrade service (denial of service attacks) or infer information about memory layouts, aiding other exploits.<br>These also affect the previous versions too.<br><br>Tested machine and version:
</pre><div><span style="font-family:monospace">osboxes@osboxes:~/Desktop$ uname -a
</span></div><div><span style="font-family:monospace">Linux osboxes 6.8.0-49-generic #49-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 4 02:06:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
</span></div><div><span style="font-family:monospace">osboxes@osboxes:~/Desktop$ cat /etc/os-release
</span></div><div><span style="font-family:monospace">PRETTY_NAME="Ubuntu 24.04.1 LTS"
</span></div><div><span style="font-family:monospace">NAME="Ubuntu"
</span></div><div><span style="font-family:monospace">VERSION_ID="24.04"
</span></div><div><span style="font-family:monospace">VERSION="24.04.1 LTS (Noble Numbat)"
</span></div><div><span style="font-family:monospace">VERSION_CODENAME=noble
</span></div><div><span style="font-family:monospace">ID=ubuntu
</span></div><div><span style="font-family:monospace">ID_LIKE=debian
</span></div><div><span style="font-family:monospace">HOME_URL="<a href="https://www.ubuntu.com/" target="_blank">https://www.ubuntu.com/</a>"
</span></div><div><span style="font-family:monospace">SUPPORT_URL="<a href="https://help.ubuntu.com/" target="_blank">https://help.ubuntu.com/</a>"
</span></div><div><span style="font-family:monospace">BUG_REPORT_URL="<a href="https://bugs.launchpad.net/ubuntu/" target="_blank">https://bugs.launchpad.net/ubuntu/</a>"
</span></div><div><span style="font-family:monospace">PRIVACY_POLICY_URL="<a href="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" target="_blank">https://www.ubuntu.com/legal/terms-and-policies/privacy-policy</a>"
</span></div><div><span style="font-family:monospace">UBUNTU_CODENAME=noble
</span></div><div><span style="font-family:monospace">LOGO=ubuntu-logo
</span></div><div><span style="font-family:monospace">osboxes@osboxes:~/Desktop$ sudo dpkg -l | grep -i dcraw
</span></div><div><span style="font-family:monospace">ii dcraw
9.28-7
amd64 decode raw digital camera images
</span></div><div><span style="font-family:monospace">osboxes@osboxes:~/Desktop$
</span></div><pre>How to reproduce:<br></pre><pre>Use the file attached with dcraw<br>dcraw -g 2.2 1.0 -b 1.2 -j leak<br><br>Reproducing using msan and afl:<br><br>Compiling using AFL and memory santizier<br>~/Desktop/AFL/AFLplusplus/afl-clang-lto -fsanitize=memory,undefined -o dcraw -O4 dcraw.c -lm -DNODEPS<br></pre><pre>Fuzzing :<br><br>/home/fuzzing-android/Desktop/AFL/AFLplusplus/afl-fuzz -m none -i in/ -o out/ -S slave3 -- ./dcraw -g 2.2 1.0 -b 1.2 -j @@<br></pre><pre> Reproducing:<br><br>fuzzing-android@fuzzingandroid:~/Desktop/dcraw_latest/dcraw_9.28.orig$ ./dcraw out/master/crashes.2024-11-20-05\:00\:07/id\:000034\,sig\:06\,src\:000466\,time\:3816438\,execs\:137174\,op\:havoc\,rep\:17 <br>dcraw.c:315:17: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'<br>SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior dcraw.c:315:17 in <br>dcraw.c:313:49: runtime error: left shift of 128 by 24 places cannot be represented in type 'int'<br>SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior dcraw.c:313:49 in <br>Uninitialized bytes in __interceptor_strncmp at offset 0 inside [0x7ffcff567c80, 1)<br>==334245==WARNING: MemorySanitizer: use-of-uninitialized-value<br>==334245==WARNING: external symbolizer didn't start up correctly!<br>fuzzing-android@fuzzingandroid:~/Desktop/dcraw_latest/dcraw_9.28.orig$ <br><br></pre><pre>The compiled program and crashes are uploaded in tar file:</pre><div class="gmail_chip gmail_drive_chip" style="width:386px;height:20px;max-height:20px;background-color:rgb(245,245,245);margin:6px 0px;padding:10px;color:rgb(34,34,34);font:14px/20px "Google Sans",sans-serif;border:1px solid rgb(221,221,221)"><a href="https://drive.google.com/file/d/1KYsHpkPv6CUfnwxapPzxO4g3Gy8Eih_y/view?usp=drive_web" target="_blank" style="color:#202124;display:inline-block;max-width:356px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;text-decoration:none;border:none" aria-label="dcraw.tar"><img style="vertical-align: text-bottom; border: none; padding-right: 10px; height: 20px;" alt="" src="https://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png"> <span dir="ltr" style="vertical-align:bottom;text-decoration:none">dcraw.tar</span></a><img src="//ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/close_baseline_nv700_20dp.png" class="gmail_chip_remove" aria-label="Remove attachment" style="padding-left: 10px; cursor: pointer; width: 20px; height: 20px; float: right; display: none;"></div>
</div>