-
Notifications
You must be signed in to change notification settings - Fork 456
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security]Multiple Memory error #663
Milestone
Comments
@hellok |
@hellok, the download links don't work for normal internet users like me. |
@mayeut @stweil try this, : ) |
All those images are failing gracefully with master. |
detonin
changed the title
[Security]Multiple Memory error
[Security]Multiple Memory error
Jan 27, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1.software:
openjpeg-version.2.1latest
found by alphafuzzer http://blog.topsec.com.cn/ad_lab/alphafuzzer/
2.reproduce:
3 different type error.
openjpeg-version.2.1/bin/opj_decompress -o 1.pgm -i input1
download:
input1 file:http://166.111.132.158:8000/
input2 file:http://166.111.132.158:8000/
input3 file:http://166.111.132.158:8000/
3.stack:
gdb-peda$ r -o 1.pgm -i input1
Starting program: /home/openjpeg-version.2.1/bin/opj_decompress -o 1.pgm -i input1
The extension of this file is incorrect.
FOUND s:15. SHOULD BE .jp2
[INFO] Start to read j2k main header (85).
Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
EAX: 0x83bdb77 --> 0x8
EBX: 0xb7e93000 --> 0x1b6da4
ECX: 0x980b3b
EDX: 0xb7258842 --> 0x0
ESI: 0x83bdb77 --> 0x8
EDI: 0xfffefdf1
EBP: 0x83ac290 --> 0x1
ESP: 0xbfffba38 --> 0xb7fd839c --> 0xdc1a8
EIP: 0xb7e060e9 (movdqu xmm4,XMMWORD PTR [eax+ecx_1-0x40])
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0xb7e060da: movdqu xmm1,XMMWORD PTR [eax+0x10]
0xb7e060df: movdqu xmm2,XMMWORD PTR [eax+0x20]
0xb7e060e4: movdqu xmm3,XMMWORD PTR [eax+0x30]
=> 0xb7e060e9: movdqu xmm4,XMMWORD PTR [eax+ecx_1-0x40]
0xb7e060ef: movdqu xmm5,XMMWORD PTR [eax+ecx_1-0x30]
0xb7e060f5: movdqu xmm6,XMMWORD PTR [eax+ecx_1-0x20]
0xb7e060fb: movdqu xmm7,XMMWORD PTR [eax+ecx*1-0x10]
0xb7e06101: movdqu XMMWORD PTR [edx],xmm0
[------------------------------------stack-------------------------------------]
0000| 0xbfffba38 --> 0xb7fd839c --> 0xdc1a8
0004| 0xbfffba3c --> 0xb7f41086 (<j2k_read_ppm_v3+1350>: mov eax,DWORD PTR [esp+0x38])
0008| 0xbfffba40 --> 0xb7258842 --> 0x0
0012| 0xbfffba44 --> 0x83bdb77 --> 0x8
0016| 0xbfffba48 --> 0x980b3b
0020| 0xbfffba4c --> 0x8
0024| 0xbfffba50 --> 0x83ad960 --> 0x0
0028| 0xbfffba54 --> 0xb7bda0cf --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0xb7e060e9 in ?? () from /lib/i386-linux-gnu/libc.so.6
gdb-peda$
The text was updated successfully, but these errors were encountered: