AddressSanitizer report LeakSanitizer: SEGV when use the posterize
ConcoctionSec opened this issue · comments
Version
Posterize (2.1) 2015
Environment
Ubuntu 18.04,64 bit
Command
Compile test program:
$ make clean all
Compile test program with address sanitizer:
- Update Makefile:
CFLAGS ?= -Wall -Wno-unknown-pragmas -I. -I/usr/local/include/libpng16/ -I/usr/local/include/ -I/usr/include/ -I/usr/X11/include/ $(CFLAGSOPT) -fsanitize=address
LDFLAGS ?= -L/usr/local/lib/ -L/usr/lib/ -L/usr/X11/lib/ -fsanitize=address
- Compile program:
$ make clean all
Result
The result of running without ASAN:
$ ./posterize -Q 95 SEGV.png
error: gamma value does not match sRGB
libpng warning: Invalid image width in IHDR
libpng warning: Image width exceeds user limit in IHDR
error: Invalid IHDR data
Segmentation fault (core dumped)
Information obtained by using ASAN:
$ ./posterize_asan -Q 95 SEGV.png
error: gamma value does not match sRGB
AddressSanitizer:DEADLYSIGNAL
=================================================================
==18674==ERROR: AddressSanitizer: SEGV on unknown address 0x02007eb79a0c (pc 0x55de6e864ae6 bp 0x0ffff5c0cf9a sp 0x7fffae067ca0 T0)
==18674==The signal is caused by a READ memory access.
#0 0x55de6e864ae6 in rwpng_write_image24 (/docker/mp/posterize+0xcae6)
#1 0x55de6e85c11f in main (/docker/mp/posterize+0x411f)
#2 0x7f7a1ae090b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#3 0x55de6e85c6ed in _start (/docker/mp/posterize+0x46ed)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/docker/mp/posterize+0xcae6) in rwpng_write_image24
==18674==ABORTING
Description
When we execute the command, asan reports the error LeakSanitizer: SEGV.
Poc
Poc file is this.
Hi @NISL-SecurityGroup .
Maybe?:
CFLAGS ?= -g ...
and
> gdb ./posterize
(gdb): r SEGV.png
Hello, thank you for your reply, we refer to your comments and added CFLAGS ?= -g ...
when compiling. The following are the normal operation results and the operation results using gdb:
The result of running without ASAN:
normal operation:
$ ./posterize -Q 95 SEGV.png
error: gamma value does not match sRGB
libpng warning: Image width exceeds user limit in IHDR
error: Invalid IHDR data
Segmentation fault (core dumped)
using gdb:
(gdb) r -Q 95 crash01.png
Starting program: /docker/mp/posterize -Q 95 crash01.png
warning: Error disabling address space randomization: Operation not permitted
error: gamma value does not match sRGB
libpng warning: Invalid image width in IHDR
libpng warning: Image width exceeds user limit in IHDR
error: Invalid IHDR data
Program received signal SIGSEGV, Segmentation fault.
0x00007f2a7be16153 in ?? () from /lib/x86_64-linux-gnu/libpng16.so.16
The result of running with ASAN:
normal operation:
$ ./posterize-asan -Q 95 SEGV.png
error: gamma value does not match sRGB
AddressSanitizer:DEADLYSIGNAL
=================================================================
==563==ERROR: AddressSanitizer: SEGV on unknown address 0x020072988bb5 (pc 0x55b63da426d0 bp 0x0fff94c85cde sp 0x7ffca642e6c0 T0)
==563==The signal is caused by a READ memory access.
\#0 0x55b63da426d0 in rwpng_write_image24 /docker/mp/rwpng.c:556
\#1 0x55b63da31666 in main /docker/mp/posterize.c:526
\#2 0x7fbfdd8590b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
\#3 0x55b63da3230d in _start (/docker/mp/posterize+0x530d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /docker/mp/rwpng.c:556 in rwpng_write_image24
==563==ABORTING
using gdb:
(gdb) r -Q 95 crash01.png
Starting program: /docker/mp/posterize -Q 95 crash01.png
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
error: gamma value does not match sRGB
Program received signal SIGSEGV, Segmentation fault.
0x0000557f92da56d0 in rwpng_write_image24 (outfile=outfile@entry=0x7fdc9282e6a0 <_IO_2_1_stdout_>, mainprog_ptr=0xfffdacdf528, mainprog_ptr@entry=0x7ffed66faa90, filter=<optimized out>) at rwpng.c:556
556 png_set_IHDR(png_ptr, info_ptr, mainprog_ptr->width, mainprog_ptr->height,
Hi @NISL-SecurityGroup .
Maybe?:
CFLAGS ?= -g ...
and
> gdb ./posterize (gdb): r SEGV.png