[Pkg-phototools-devel] Bug#802901: opj_dump: segmentation fault with fuzzed sample

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Sat Oct 24 20:55:57 UTC 2015 

Package: libopenjp2-tools
Version: 2.1.0-2.1
Severity: important
Tags: security

Dear Maintainer,

I've found a sample crashing opj_dump.
I can provide it privately, but I'm not attaching it here,
because I don't think that making it public before the issue is
fixed would be a good idea.

Backtrace:
$ gdb --batch -ex r -ex bt -ex q --args opj_dump -i id_e71ebe2fa4e87ee3b41c505706031b3b940f3f98.jp2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff77a0574 in opj_read_bytes_LE (p_buffer=p_buffer at entry=0x100614b82 <error: Cannot access memory at address 0x100614b82>, p_value=p_value at entry=0x7fffffff7130, p_nb_bytes=p_nb_bytes at entry=4) at /home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/cio.c:87
87	/home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/cio.c: No such file or directory.
#0  0x00007ffff77a0574 in opj_read_bytes_LE (p_buffer=p_buffer at entry=0x100614b82 <error: Cannot access memory at address 0x100614b82>, p_value=p_value at entry=0x7fffffff7130, p_nb_bytes=p_nb_bytes at entry=4) at /home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/cio.c:87
#1  0x00007ffff77b19b0 in opj_jp2_read_boxhdr_char (p_manager=0x612358, p_box_max_size=35, p_number_bytes_read=<synthetic pointer>, p_data=0x100614b82 <error: Cannot access memory at address 0x100614b82>, box=<synthetic pointer>) at /home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/jp2.c:2230
#2  opj_jp2_read_jp2h (jp2=0x6123b0, p_header_data=0x100614b82 <error: Cannot access memory at address 0x100614b82>, p_header_size=35, p_manager=0x612358) at /home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/jp2.c:2177
#3  0x00007ffff77b2b51 in opj_jp2_read_header_procedure (jp2=0x6123b0, stream=0x612280, p_manager=0x612358) at /home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/jp2.c:1866
#4  0x00007ffff77b2da4 in opj_jp2_exec (jp2=jp2 at entry=0x6123b0, p_procedure_list=0x614b00, stream=stream at entry=0x612280, p_manager=p_manager at entry=0x612358) at /home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/jp2.c:1917
#5  0x00007ffff77b55f2 in opj_jp2_read_header (p_stream=0x612280, jp2=0x6123b0, p_image=0x7fffffff72c8, p_manager=0x612358) at /home/nirgal/openjpeg2-2.1.0/src/lib/openjp2/jp2.c:2299
#6  0x000000000040320c in main (argc=0, argv=0x612300) at /home/nirgal/openjpeg2-2.1.0/src/bin/jp2/opj_dump.c:547
A debugging session is active.

	Inferior 1 [process 4091] will be killed.

Quit anyway? (y or n) [answered Y; input not from terminal]

Best regards,
Andreas

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.3.0-rc5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages libopenjp2-tools depends on:
ii  libc6         2.19-22
ii  liblcms2-2    2.6-3+b3
ii  libopenjp2-7  2.1.0-2.1
ii  libpng12-0    1.2.50-2+b2
ii  libtiff5      4.0.5-1
ii  zlib1g        1:1.2.8.dfsg-2+b1

libopenjp2-tools recommends no packages.

libopenjp2-tools suggests no packages.

-- no debconf information

More information about the Pkg-phototools-devel mailing list