You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Following sample file crashes libdevil. The bug was found using examples/simple_example/simple.c with the sample file as input. Sample pnm input file is fuzzed with american fuzzy lop http://lcamtuf.coredump.cx/afl/.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff732aa14 in free () from /usr/lib/libc.so.6
(gdb) bt
#0 0x00007ffff732aa14 in free () from /usr/lib/libc.so.6
#1 0x00007ffff78792d0 in DefaultFreeFunc(void const*) () from build/lib/x64/libIL.so
#2 0x00007ffff78791e9 in ifree () from build/lib/x64/libIL.so
#3 0x00007ffff78ce3a8 in ilCloseImage () from build/lib/x64/libIL.so
#4 0x00007ffff78cf01e in ilShutDown () from build/lib/x64/libIL.so
#5 0x00007ffff78cef59 in ilShutDownInternal() () from build/lib/x64/libIL.so
#6 0x00007ffff72e46c0 in __run_exit_handlers () from /usr/lib/libc.so.6
#7 0x00007ffff72e471a in exit () from /usr/lib/libc.so.6
#8 0x00007ffff72ce518 in __libc_start_main () from /usr/lib/libc.so.6
#9 0x0000000000400f1a in _start ()
valgrind:
==15537== Memcheck, a memory error detector
==15537== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==15537== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==15537== Command: build/lib/x64/simple findings/crashes/id:000000,sig:11,src:000009,op:flip1,pos:3
==15537==
==15537== Invalid read of size 1
==15537== at 0x50BC526: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Address 0xa18ff6c is 12 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid write of size 4
==15537== at 0x50BC53E: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Address 0xa18ff88 is 40 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
Could not open file...exiting.
==15537== Invalid read of size 8
==15537== at 0x50CA390: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ff78 is 24 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA3B8: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ff98 is 56 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA3FF: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ffb8 is 88 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA427: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ffc0 is 96 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA44F: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ffb0 is 80 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA477: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ffc8 is 104 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA49F: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ffd0 is 112 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA4D8: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ffe0 is 128 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid read of size 8
==15537== at 0x50CA528: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18fff8 is 152 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537== Invalid free() / delete / delete[] / realloc()
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CB01D: ilShutDown (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CAF58: ilShutDownInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x55F56BF: __run_exit_handlers (in /usr/lib/libc-2.25.so)
==15537== by 0x55F5719: exit (in /usr/lib/libc-2.25.so)
==15537== by 0x55DF517: (below main) (in /usr/lib/libc-2.25.so)
==15537== Address 0xa18ff60 is 0 bytes inside a block of size 168 free'd
==15537== at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752CF: DefaultFreeFunc(void const*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50751E8: ifree (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50CA590: ilCloseImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BD54E: ilReadBinaryPpm(PPMINFO*) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC4FE: iLoadPnmInternal() (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC1C5: ilLoadPnmF (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50BC16C: ilLoadPnm (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A7665: ilLoad (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50A8314: ilLoadImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010C8: main (simple.c:64)
==15537== Block was alloc'd at
==15537== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x50752A4: DefaultAllocFunc(unsigned long) (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5075193: ialloc (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x5091C20: ilNewImage (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x50C9FAD: ilGenImages (in /tmp/DevIL/build/lib/x64/libIL.so.1)
==15537== by 0x4010B7: main (simple.c:58)
==15537==
==15537==
==15537== HEAP SUMMARY:
==15537== in use at exit: 32 bytes in 1 blocks
==15537== total heap usage: 102 allocs, 102 frees, 110,192 bytes allocated
==15537==
==15537== LEAK SUMMARY:
==15537== definitely lost: 0 bytes in 0 blocks
==15537== indirectly lost: 0 bytes in 0 blocks
==15537== possibly lost: 0 bytes in 0 blocks
==15537== still reachable: 32 bytes in 1 blocks
==15537== suppressed: 0 bytes in 0 blocks
==15537== Rerun with --leak-check=full to see details of leaked memory
==15537==
==15537== For counts of detected and suppressed errors, rerun with: -v
==15537== ERROR SUMMARY: 12 errors from 12 contexts (suppressed: 0 from 0)
The text was updated successfully, but these errors were encountered:
Following sample file crashes
libdevil
. The bug was found usingexamples/simple_example/simple.c
with the sample file as input. Samplepnm
input file is fuzzed with american fuzzy lop http://lcamtuf.coredump.cx/afl/.sample file hexdump:
How to reproduce:
gdb:
valgrind:
The text was updated successfully, but these errors were encountered: