Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security]Multiple Memory error #663

Closed
hellok opened this issue Nov 24, 2015 · 4 comments
Closed

[Security]Multiple Memory error #663

hellok opened this issue Nov 24, 2015 · 4 comments
Milestone
OPJ v2.1.1

Comments

@hellok
Copy link

hellok commented Nov 24, 2015

1.software:
openjpeg-version.2.1latest
found by alphafuzzer http://blog.topsec.com.cn/ad_lab/alphafuzzer/

2.reproduce:
3 different type error.
openjpeg-version.2.1/bin/opj_decompress -o 1.pgm -i input1

download:
input1 file:http://166.111.132.158:8000/
input2 file:http://166.111.132.158:8000/
input3 file:http://166.111.132.158:8000/

3.stack:
gdb-peda$ r -o 1.pgm -i input1

Starting program: /home/openjpeg-version.2.1/bin/opj_decompress -o 1.pgm -i input1

The extension of this file is incorrect.

FOUND s:15. SHOULD BE .jp2

[INFO] Start to read j2k main header (85).

Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
EAX: 0x83bdb77 --> 0x8
EBX: 0xb7e93000 --> 0x1b6da4
ECX: 0x980b3b
EDX: 0xb7258842 --> 0x0
ESI: 0x83bdb77 --> 0x8
EDI: 0xfffefdf1
EBP: 0x83ac290 --> 0x1
ESP: 0xbfffba38 --> 0xb7fd839c --> 0xdc1a8
EIP: 0xb7e060e9 (movdqu xmm4,XMMWORD PTR [eax+ecx_1-0x40])
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0xb7e060da: movdqu xmm1,XMMWORD PTR [eax+0x10]
0xb7e060df: movdqu xmm2,XMMWORD PTR [eax+0x20]
0xb7e060e4: movdqu xmm3,XMMWORD PTR [eax+0x30]
=> 0xb7e060e9: movdqu xmm4,XMMWORD PTR [eax+ecx_1-0x40]
0xb7e060ef: movdqu xmm5,XMMWORD PTR [eax+ecx_1-0x30]
0xb7e060f5: movdqu xmm6,XMMWORD PTR [eax+ecx_1-0x20]
0xb7e060fb: movdqu xmm7,XMMWORD PTR [eax+ecx*1-0x10]
0xb7e06101: movdqu XMMWORD PTR [edx],xmm0
[------------------------------------stack-------------------------------------]
0000| 0xbfffba38 --> 0xb7fd839c --> 0xdc1a8
0004| 0xbfffba3c --> 0xb7f41086 (<j2k_read_ppm_v3+1350>: mov eax,DWORD PTR [esp+0x38])
0008| 0xbfffba40 --> 0xb7258842 --> 0x0
0012| 0xbfffba44 --> 0x83bdb77 --> 0x8
0016| 0xbfffba48 --> 0x980b3b
0020| 0xbfffba4c --> 0x8
0024| 0xbfffba50 --> 0x83ad960 --> 0x0
0028| 0xbfffba54 --> 0xb7bda0cf --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0xb7e060e9 in ?? () from /lib/i386-linux-gnu/libc.so.6
gdb-peda$
@mayeut
Copy link
Collaborator

mayeut commented Jan 6, 2016

@hellok
Thanks for reporting this. I'm having trouble to download the input images. Are the links still OK ?

@stweil
Copy link
Contributor

stweil commented Jan 6, 2016

@hellok, the download links don't work for normal internet users like me.

@hellok
Copy link
Author

hellok commented Jan 20, 2016

@mayeut @stweil try this, : )
sample.zip

@mayeut mayeut added this to the OPJ v2.1.1 milestone Jan 27, 2016
@mayeut
Copy link
Collaborator

mayeut commented Jan 27, 2016

All those images are failing gracefully with master.

@mayeut mayeut closed this as completed Jan 27, 2016
@detonin detonin changed the title [Security]Multiple Memory error [Security]Multiple Memory error Jan 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
OPJ v2.1.1
Development

No branches or pull requests
3 participants
@hellok @stweil @mayeut