Giters

kornelski / mediancut-posterizer

Lossy PNG compressor for RGBA PNGs. Has two modes: lossy averaging filter (blurizer) that denoises the image and optimal posterization using Median Cut quantization to reduce number of unique colors in the image with minimal visual distortion

Home Page:https://pngmini.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AddressSanitizer report LeakSanitizer: SEGV when use the posterize

ConcoctionSec opened this issue · comments

commented

Version

Posterize (2.1) 2015

Environment

Ubuntu 18.04,64 bit

Command

Compile test program:

$ make clean all

Compile test program with address sanitizer:

  • Update Makefile:
CFLAGS ?= -Wall -Wno-unknown-pragmas -I. -I/usr/local/include/libpng16/ -I/usr/local/include/ -I/usr/include/ -I/usr/X11/include/ $(CFLAGSOPT) -fsanitize=address
LDFLAGS ?= -L/usr/local/lib/ -L/usr/lib/ -L/usr/X11/lib/ -fsanitize=address
  • Compile program:
$ make clean all

Result

The result of running without ASAN:

$ ./posterize -Q 95 SEGV.png

error: gamma value does not match sRGB
libpng warning: Invalid image width in IHDR
libpng warning: Image width exceeds user limit in IHDR
  error: Invalid IHDR data
Segmentation fault (core dumped)

Information obtained by using ASAN:

$ ./posterize_asan -Q 95 SEGV.png

  error: gamma value does not match sRGB
AddressSanitizer:DEADLYSIGNAL
=================================================================
==18674==ERROR: AddressSanitizer: SEGV on unknown address 0x02007eb79a0c (pc 0x55de6e864ae6 bp 0x0ffff5c0cf9a sp 0x7fffae067ca0 T0)
==18674==The signal is caused by a READ memory access.
    #0 0x55de6e864ae6 in rwpng_write_image24 (/docker/mp/posterize+0xcae6)
    #1 0x55de6e85c11f in main (/docker/mp/posterize+0x411f)
    #2 0x7f7a1ae090b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #3 0x55de6e85c6ed in _start (/docker/mp/posterize+0x46ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/docker/mp/posterize+0xcae6) in rwpng_write_image24
==18674==ABORTING

Description

When we execute the command, asan reports the error LeakSanitizer: SEGV.

Poc

Poc file is this.

commented

Hi @NISL-SecurityGroup .

Maybe?:

CFLAGS ?= -g ...

and

> gdb ./posterize
(gdb): r SEGV.png
commented

Hello, thank you for your reply, we refer to your comments and added CFLAGS ?= -g ... when compiling. The following are the normal operation results and the operation results using gdb:

The result of running without ASAN:

normal operation:

$ ./posterize -Q 95 SEGV.png

error: gamma value does not match sRGB

libpng warning: Image width exceeds user limit in IHDR

error: Invalid IHDR data

Segmentation fault (core dumped)

using gdb:

(gdb) r -Q 95 crash01.png

Starting program: /docker/mp/posterize -Q 95 crash01.png

warning: Error disabling address space randomization: Operation not permitted

 error: gamma value does not match sRGB

libpng warning: Invalid image width in IHDR

libpng warning: Image width exceeds user limit in IHDR

 error: Invalid IHDR data

 

Program received signal SIGSEGV, Segmentation fault.

0x00007f2a7be16153 in ?? () from /lib/x86_64-linux-gnu/libpng16.so.16

The result of running with ASAN:

normal operation:

$ ./posterize-asan -Q 95 SEGV.png

error: gamma value does not match sRGB

AddressSanitizer:DEADLYSIGNAL

=================================================================

==563==ERROR: AddressSanitizer: SEGV on unknown address 0x020072988bb5 (pc 0x55b63da426d0 bp 0x0fff94c85cde sp 0x7ffca642e6c0 T0)

==563==The signal is caused by a READ memory access.

  \#0 0x55b63da426d0 in rwpng_write_image24 /docker/mp/rwpng.c:556

  \#1 0x55b63da31666 in main /docker/mp/posterize.c:526

  \#2 0x7fbfdd8590b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

  \#3 0x55b63da3230d in _start (/docker/mp/posterize+0x530d)

 

AddressSanitizer can not provide additional info.

SUMMARY: AddressSanitizer: SEGV /docker/mp/rwpng.c:556 in rwpng_write_image24

==563==ABORTING

using gdb:

(gdb) r -Q 95 crash01.png

Starting program: /docker/mp/posterize -Q 95 crash01.png

warning: Error disabling address space randomization: Operation not permitted

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

 error: gamma value does not match sRGB

 

Program received signal SIGSEGV, Segmentation fault.

0x0000557f92da56d0 in rwpng_write_image24 (outfile=outfile@entry=0x7fdc9282e6a0 <_IO_2_1_stdout_>, mainprog_ptr=0xfffdacdf528, mainprog_ptr@entry=0x7ffed66faa90, filter=<optimized out>) at rwpng.c:556

556	  png_set_IHDR(png_ptr, info_ptr, mainprog_ptr->width, mainprog_ptr->height,
commented

Hi @NISL-SecurityGroup .

Maybe?:

CFLAGS ?= -g ...

and

> gdb ./posterize
(gdb): r SEGV.png