oss-sec mailing list archives
Re: Heapoverflow in giflib5.1.4
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 13 Sep 2016 21:53:03 +0200
On Tue, 13 Sep 2016 12:24:23 -0700 Seth Arnold <seth.arnold () canonical com> wrote:
Hanno, can you still reproduce this issue? I followed your excellent reproducer script and I don't get any ASAN warnings. If you still get ASAN warnings this may indicate the source of the confusion.
Ok, interesting: I can't reproduce it any more with my poc or the poc from bug 102 with the git code. I can however easily generate another sample that causes the same bug. See attachment. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Heapoverflow in giflib5.1.4 vul (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Seth Arnold (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Hanno Böck (Sep 13)
- Re: Heapoverflow in giflib5.1.4 Solar Designer (Sep 13)