oss-sec mailing list archives
Re: Heapoverflow in giflib5.1.4
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 13 Sep 2016 12:24:23 -0700
On Tue, Sep 13, 2016 at 06:55:08PM +0200, Hanno Böck wrote:
Two notes: * This is a bug *only* in the gif2rgb command line tool, not in giflib itself. * I reported this before. The giflib maintainer claimed multiple times that he has fixed it, yet he hasn't. See: https://sourceforge.net/p/giflib/bugs/79/
Hanno, can you still reproduce this issue? I followed your excellent reproducer script and I don't get any ASAN warnings. If you still get ASAN warnings this may indicate the source of the confusion. Thanks ubuntu@x1:~$ git clone --depth=1 git://git.code.sf.net/p/giflib/code giflib-code Cloning into 'giflib-code'... remote: Counting objects: 149, done. remote: Compressing objects: 100% (147/147), done. remote: Total 149 (delta 22), reused 10 (delta 0) Receiving objects: 100% (149/149), 389.03 KiB | 0 bytes/s, done. Resolving deltas: 100% (22/22), done. Checking connectivity... done. ubuntu@x1:~$ cd giflib-code/ ubuntu@x1:~/giflib-code$ CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address" ./autogen.sh Warning: This script will run configure for you -- if you need to pass arguments to configure, please give them as arguments to this script. aclocal: warning: couldn't open directory 'm4': No such file or directory configure.ac:14: installing './ar-lib' configure.ac:14: installing './compile' configure.ac:15: installing './config.guess' configure.ac:15: installing './config.sub' configure.ac:5: installing './install-sh' configure.ac:5: installing './missing' Makefile.am: installing './INSTALL' parallel-tests: installing './test-driver' lib/Makefile.am: installing './depcomp' checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk [...] configure: creating ./config.status config.status: creating util/Makefile config.status: creating lib/Makefile config.status: creating Makefile config.status: creating doc/Makefile config.status: creating pic/Makefile config.status: creating config.h config.status: executing depfiles commands config.status: executing libtool commands ubuntu@x1:~/giflib-code$ make -j make all-recursive make[1]: Entering directory '/home/ubuntu/giflib-code' Making all in lib make[2]: Entering directory '/home/ubuntu/giflib-code/lib' CC dgif_lib.lo CC gif_font.lo CC egif_lib.lo CC gif_hash.lo CC gifalloc.lo CC openbsd-reallocarray.lo CC gif_err.lo CC quantize.lo CCLD libgif.la ar: `u' modifier ignored since `D' is the default (see `U') make[2]: Leaving directory '/home/ubuntu/giflib-code/lib' Making all in util make[2]: Entering directory '/home/ubuntu/giflib-code/util' CC getarg.o CC gif2rgb.o CC qprintf.o CC gifbuild.o CC gifecho.o CC gifinto.o CC giftext.o CC giftool.o CC gifclrmp.o CC giffix.o CC gifbg.o CC gifcolor.o CC giffilter.o CC gifsponge.o CC gifhisto.o CC gifwedge.o AR libgetarg.a ar: `u' modifier ignored since `D' is the default (see `U') CCLD gif2rgb CCLD gifecho CCLD giffix CCLD giftext CCLD gifinto CCLD giftool CCLD gifbg CCLD gifclrmp CCLD gifcolor CCLD giffilter CCLD gifsponge CCLD gifwedge CCLD gifhisto CCLD gifbuild make[2]: Leaving directory '/home/ubuntu/giflib-code/util' Making all in pic make[2]: Entering directory '/home/ubuntu/giflib-code/pic' make[2]: Nothing to be done for 'all'. make[2]: Leaving directory '/home/ubuntu/giflib-code/pic' make[2]: Entering directory '/home/ubuntu/giflib-code' make[2]: Leaving directory '/home/ubuntu/giflib-code' make[1]: Leaving directory '/home/ubuntu/giflib-code' ubuntu@x1:~/giflib-code$ wget https://sourceforge.net/p/giflib/bugs/79/attachment/gif2rgb-oob-heap-read.gif --2016-09-13 19:19:27-- https://sourceforge.net/p/giflib/bugs/79/attachment/gif2rgb-oob-heap-read.gif Resolving sourceforge.net (sourceforge.net)... 216.34.181.60 Connecting to sourceforge.net (sourceforge.net)|216.34.181.60|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 20 [image/gif] Saving to: ‘gif2rgb-oob-heap-read.gif’ gif2rgb-oob-heap-read.gif 100%[=============================================>] 20 --.-KB/s in 0s 2016-09-13 19:19:27 (2.73 MB/s) - ‘gif2rgb-oob-heap-read.gif’ saved [20/20] ubuntu@x1:~/giflib-code$ util/gif2rgb gif2rgb-oob-heap-read.gif Background color out of range for colormap ubuntu@x1:~/giflib-code$
Attachment:
signature.asc
Description:
Current thread:
- Heapoverflow in giflib5.1.4 vul (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Solar Designer (Sep 13)