Bug 1649197 - There is an illegal address access at function sixel_helper_set_additional_message(status.c:71) in libsixel that will cause serious impact.
Summary: There is an illegal address access at function sixel_helper_set_additional_me...
Status: CLOSED NOTABUG
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-13 06:13 UTC by shuitao gan
Modified: 2018-11-13 14:45 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-11-13 14:45:13 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
./img2sixel POC1 (28 bytes, application/octet-stream)
2018-11-13 06:13 UTC, shuitao gan
no flags Details

Description shuitao gan 2018-11-13 06:13:50 UTC
Created attachment 1505138 [details]
./img2sixel   POC1

version: libsixel latest version(v1.8.2)

Summary: 

There is an illegal address access at function sixel_helper_set_additional_message(status.c:71)  in libsixel  that will cause serious impact.

Description:

The asan debug is as follows:

$./img2sixel   POC1
=================================================================
=================================================================
==593==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f0f56c196fa bp 0x7ffeebf12280 sp 0x7ffeebf11a08 T0)
    #0 0x7f0f56c196f9 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b6f9)
    #1 0x7f0f574b3605 in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x70605)
    #2 0x7f0f571fd908 in sixel_helper_set_additional_message /home/company/real_sanitize/libsixel-master/src/status.c:71
    #3 0x7f0f571e6c62 in load_with_builtin /home/company/real_sanitize/libsixel-master/src/loader.c:884
    #4 0x7f0f571ea3d9 in sixel_helper_load_image_file /home/company/real_sanitize/libsixel-master/src/loader.c:1352
    #5 0x7f0f571f5283 in sixel_encoder_encode /home/company/real_sanitize/libsixel-master/src/encoder.c:1737
    #6 0x4017f8 in main /home/company/real_sanitize/libsixel-master/converters/img2sixel.c:457
    #7 0x7f0f56baea3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #8 0x401918 in _start (/home/company/real_sanitize/poc_check/libsixel/img2sixel+0x401918)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 strlen
==593==ABORTING

Comment 1 Andrej Nemec 2018-11-13 14:45:13 UTC
Hello,

Red Hat does not ship libsixel in any of our supported products. Please, report these issues upstream at:

https://github.com/saitoha/libsixel/issues

Thanks!


Note You need to log in before you can comment on or make changes to this bug.