AddressSanitizer report global-buffer-overflow when use the packJPG

[ConcoctionSec]

Version

packJPG v2.5k (01/22/2016)

Environment

Ubuntu 18.04，64 bit

Command

Compile test program:

$ make clean all

Compile test program with address sanitizer with this command:

• Update Makefile:

CC = afl-gcc
CPP = afl-g++ 
LDFLAGS  =  -static-libgcc -static-libstdc++ -lstdc++fs

• Compile program:

$ export AFL_USE_ASAN=1
$ make clean all

Result

The result of running without ASAN:

$ ./packJPG $poc

--> packJPG v2.5k (01/22/2016) by Matthias Stirner / Se <--
Copyright 2006-2016 HTW Aalen University & Matthias Stirner
All rights reserved

Processing file  1 of  1 [                                    ]

files with errors:
------------------
/docker/packJPG-master//test/id_000015,sig_06,src_000327,time_25184443,op_havoc,rep_8 (header information is incomplete)
Processed  1 of  1 files [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]

-> 1 file(s) processed, 1 error(s), 0 warning(s)

Information obtained by using ASAN:

$ ./packJPG_asan $poc

--> packJPG v2.5k (01/22/2016) by Matthias Stirner / Se <--
Copyright 2006-2016 HTW Aalen University & Matthias Stirner
All rights reserved

=================================================================
==51==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55eba9a81660 at pc 0x55eba9936fec bp 0x7ffd5c1aaa10 sp 0x7ffd5c1aaa00
READ of size 2 at 0x55eba9a81660 thread T0
    #0 0x55eba9936feb  (/docker/packJPG-master/source/packJPG_asan+0x98feb)
    #1 0x55eba995f4c5  (/docker/packJPG-master/source/packJPG_asan+0xc14c5)
    #2 0x55eba996db3a  (/docker/packJPG-master/source/packJPG_asan+0xcfb3a)
    #3 0x55eba98c26f4  (/docker/packJPG-master/source/packJPG_asan+0x246f4)
    #4 0x7f64852780b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #5 0x55eba98c4c7d  (/docker/packJPG-master/source/packJPG_asan+0x26c7d)

0x55eba9a81660 is located 0 bytes to the right of global variable 'qtables' defined in 'packjpg.cpp:547:23' (0x55eba9a81460) of size 512
SUMMARY: AddressSanitizer: global-buffer-overflow (/docker/packJPG-master/source/packJPG_asan+0x98feb) 
Shadow bytes around the buggy address:
  0x0abdf5348270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0abdf5348280: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0abdf5348290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0abdf53482a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0abdf53482b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0abdf53482c0: 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9 f9 f9
  0x0abdf53482d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0abdf53482e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0abdf53482f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0abdf5348300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0abdf5348310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==51==ABORTING
==========================================================================

Description

When we execute the command, asan reports the error: AddressSanitizer: global-buffer-overflow on address 0x55eba9a81660 at pc 0x55eba9936fec bp 0x7ffd5c1aaa10 sp 0x7ffd5c1aaa00.

Poc

Poc file is this.