[Pkg-tigervnc-devel] Bug#768369: Acknowledgement ([libjpeg62-turbo] [DOS] Stack smashing)
Bernhard Übelacker
bernhardu at vr-web.de
Sat Nov 15 15:56:20 UTC 2014
Hello,
probably the attached patch could help in diagnose the issue.
It prints an error message and aborts, when the current buffer
pointer is advanced past the _buffer.
In debugger it shows this happens a little before what roucaries bastien in message 47 wrote.
(Because he stopped at the stack protector overwritten,
this is _buffer[137] while its size is only 128.)
Kind regards,
Bernhard
$ gdb --args convert -rotate 270 003632r270.jpg junk.jpg
(gdb) run
jchuff.c, line 591: written beyond end of _buffer, size=128, _buffer=0x0x7fffffff3e10, buffer=0x0x7fffffff3e91, pos=129
Program received signal SIGABRT, Aborted.
(gdb) bt
#0 0x00007ffff7067107 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff70684e8 in __GI_abort () at abort.c:89
#2 0x00007ffff36d4268 in encode_one_block (actbl=0x646920, dctbl=<optimized out>, last_dc_val=<optimized out>, block=0x7ffff2cf9bb0, state=0x7fffffff3dd0) at jchuff.c:591
(gdb) up
(gdb) up
#2 0x00007ffff36d4268 in encode_one_block (actbl=0x646920, dctbl=<optimized out>, last_dc_val=<optimized out>, block=0x7ffff2cf9bb0, state=0x7fffffff3dd0) at jchuff.c:591
591 kloop(44);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 002_detect-buffer-overrun-in-jchuff_c.patch
Type: text/x-patch
Size: 2961 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-tigervnc-devel/attachments/20141115/7128b4ac/attachment.bin>
More information about the Pkg-tigervnc-devel
mailing list