Bug 1652609

Summary: There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:515) in libLAS while will cause dos attack.
Product: [Fedora] Fedora Reporter: shuitao gan <ganshuitao>
Component: liblasAssignee: Sandro Mani <manisandro>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 31CC: devrim
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: liblas-1.8.1-5.fc32 liblas-1.8.1-5.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-25 02:22:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
./las2pg POC0 none

Description shuitao gan 2018-11-22 13:14:54 UTC 
Created attachment 1507935 [details]
./las2pg POC0

version: libLAS2.4
Summary: 

There is a Segmentation fault triggered by illegal address access at  liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:515) in libLAS while will cause dos attack.

Description:

The gdb debug is as follows:

$./las2pg POC0 


ASAN:SIGSEGV
=================================================================
==40199==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000006 (pc 0x7fee87f63433 bp 0x7ffc88ac0560 sp 0x7ffc88ac0310 T0)
    #0 0x7fee87f63432 in liblas::SpatialReference::GetGTIF() /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:515
    #1 0x7fee87f65681 in liblas::SpatialReference::SpatialReference(std::vector<liblas::VariableRecord, std::allocator<liblas::VariableRecord> > const&) /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:102
    #2 0x7fee87fbbd58 in liblas::detail::reader::Header::ReadVLRs() /home/company/real_sanitize/libLAS-master/src/detail/reader/header.cpp:389
    #3 0x7fee87fbf53d in liblas::detail::reader::Header::ReadHeader() /home/company/real_sanitize/libLAS-master/src/detail/reader/header.cpp:272
    #4 0x7fee87f091f6 in liblas::ReaderFactory::CreateWithStream(std::istream&) /home/company/real_sanitize/libLAS-master/src/factory.cpp:92
    #5 0x7fee89187d4f in LASReader_Create /home/company/real_sanitize/libLAS-master/src/c_api.cpp:248
    #6 0x403701 in main /home/company/real_sanitize/libLAS-master/apps/las2pg.c:424
    #7 0x7fee88b75a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #8 0x404b88 in _start (/home/company/real_sanitize/libLAS-master/build/install/bin/las2pg+0x404b88)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:515 liblas::SpatialReference::GetGTIF()
==40199==ABORTING
Comment 1 Ben Cotton 2019-08-13 16:49:37 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.
Comment 2 Fedora Admin XMLRPC Client 2020-03-04 04:18:55 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 3 Fedora Admin XMLRPC Client 2020-04-14 16:43:14 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 4 Fedora Update System 2020-04-14 20:14:12 UTC 
FEDORA-2020-b0695fcdf7 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0695fcdf7
Comment 5 Fedora Update System 2020-04-15 19:57:51 UTC 
FEDORA-2020-b0695fcdf7 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b0695fcdf7`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b0695fcdf7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2020-04-16 19:27:53 UTC 
FEDORA-2020-6dbbecb893 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-6dbbecb893`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6dbbecb893

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2020-04-25 02:22:28 UTC 
FEDORA-2020-6dbbecb893 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2020-04-25 03:00:42 UTC 
FEDORA-2020-b0695fcdf7 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.