Bug 1652609 - There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:515) in libLAS while will cause dos attack.
Summary: There is a Segmentation fault triggered by illegal address access at liblas:...
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: liblas   
(Show other bugs)
Version: rawhide
Hardware: All All
unspecified
urgent
Target Milestone: ---
Assignee: Devrim Gündüz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-22 13:14 UTC by shuitao gan
Modified: 2018-11-22 13:14 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
./las2pg POC0 (440 bytes, application/octet-stream)
2018-11-22 13:14 UTC, shuitao gan
no flags Details

Description shuitao gan 2018-11-22 13:14:54 UTC
Created attachment 1507935 [details]
./las2pg POC0

version: libLAS2.4
Summary: 

There is a Segmentation fault triggered by illegal address access at  liblas::SpatialReference::GetGTIF()(src/spatialreference.cpp:515) in libLAS while will cause dos attack.

Description:

The gdb debug is as follows:

$./las2pg POC0 


ASAN:SIGSEGV
=================================================================
==40199==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000006 (pc 0x7fee87f63433 bp 0x7ffc88ac0560 sp 0x7ffc88ac0310 T0)
    #0 0x7fee87f63432 in liblas::SpatialReference::GetGTIF() /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:515
    #1 0x7fee87f65681 in liblas::SpatialReference::SpatialReference(std::vector<liblas::VariableRecord, std::allocator<liblas::VariableRecord> > const&) /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:102
    #2 0x7fee87fbbd58 in liblas::detail::reader::Header::ReadVLRs() /home/company/real_sanitize/libLAS-master/src/detail/reader/header.cpp:389
    #3 0x7fee87fbf53d in liblas::detail::reader::Header::ReadHeader() /home/company/real_sanitize/libLAS-master/src/detail/reader/header.cpp:272
    #4 0x7fee87f091f6 in liblas::ReaderFactory::CreateWithStream(std::istream&) /home/company/real_sanitize/libLAS-master/src/factory.cpp:92
    #5 0x7fee89187d4f in LASReader_Create /home/company/real_sanitize/libLAS-master/src/c_api.cpp:248
    #6 0x403701 in main /home/company/real_sanitize/libLAS-master/apps/las2pg.c:424
    #7 0x7fee88b75a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #8 0x404b88 in _start (/home/company/real_sanitize/libLAS-master/build/install/bin/las2pg+0x404b88)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/company/real_sanitize/libLAS-master/src/spatialreference.cpp:515 liblas::SpatialReference::GetGTIF()
==40199==ABORTING


Note You need to log in before you can comment on or make changes to this bug.