[Debian-astro-maintainers] Bug#914447: dcraw-9.27-1 : invalid memory write crash in kodak_radc_load_raw()

Jaeseung Choi jschoi.2022 at gmail.com
Fri Nov 23 15:14:47 GMT 2018 

Package: dcraw
Version: 9.27-1+b1
Severity: normal

Dear Maintainer,

Running dcraw-9.27 the attached input file raises a crash caused by invalid
memory write in kodak_radc_load_raw().

First, below is the GDB log that shows crash from dcraw-9.27 binary
downloaded with 'apt-get'.
----------------------------------------------------------------------------------------
jason at debian-amd64-stretch:~/dcraw-crashes$ gdb -q dcraw
Reading symbols from dcraw...(no debugging symbols found)...done.
(gdb) run ./crash-1_00000009
Starting program: /usr/bin/dcraw ./crash-1_00000009
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
./crash-1_00000009: Unexpected end of file

Program received signal SIGBUS, Bus error.
0x000055555555e677 in ?? ()
(gdb) x/i $rip
=> 0x55555555e677:      mov    %di,0x6f8(%rsp,%rdx,2)
(gdb) info reg rsp rdx
rsp            0x7fffffffa120   0x7fffffffa120
rdx            0x7fff   32767
-------------------------------------------------------------------------------------

Since the downloaded binary did not have any symbol information, we
downloaded its code and compiled it with AddressSanitizer.
While AddressSanitizer failed to identify the root cause of the bug, it
reported an invalid memory access error in kodak_radc_load_raw(), as below.
-------------------------------------------------------------------------------------
==4934==ERROR: AddressSanitizer: SEGV on unknown address 0x10007fff97ec (pc
0x00000051920b bp 0x7fffffffda90 sp 0x7fffffff9200 T0)
    #0 0x51920a in kodak_radc_load_raw
/home/jason/packages-sanitize/dcraw-9.27/dcraw.c:2240:42
    #1 0x5bc6e6 in main
/home/jason/packages-sanitize/dcraw-9.27/dcraw.c:10150:10
    #2 0x7ffff6a3582f in __libc_start_main
/build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #3 0x4196c8 in _start (/home/jason/Chatkey/replay_box/dcraw+0x4196c8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/jason/packages-sanitize/dcraw-9.27/dcraw.c:2240:42 in
kodak_radc_load_raw
==4934==ABORTING
-------------------------------------------------------------------------------------


-- System Information:
Debian Release: 9.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set
LC_ALL to default locale: No such file or directory
UTF-8), LANGUAGE=en_US:en (charmap=locale: Cannot set LC_ALL to default
locale: No such file or directory
UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dcraw depends on:
ii  libc6            2.24-11+deb9u3
ii  libjpeg62-turbo  1:1.5.1-2
ii  liblcms2-2       2.8-4

dcraw recommends no packages.

Versions of packages dcraw suggests:
pn  gphoto2  <none>
ii  netpbm   2:10.0-15.3+b2

-- debconf information excluded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-astro-maintainers/attachments/20181124/42d2b877/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash-1_00000009
Type: application/octet-stream
Size: 16 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-astro-maintainers/attachments/20181124/42d2b877/attachment.obj>

More information about the Debian-astro-maintainers mailing list