You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
./bin/img2sixel -o test libsixel-heap-buffer-overflow-stb_image.h-3508-stbi__YCbCr_to_RGB_simd.png
==15521==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fca13dfec0f at pc 0x7fca1c185c58 bp 0x7fff752b84d0 sp 0x7fff752b84c8
READ of size 1 at 0x7fca13dfec0f thread T0
#0 0x7fca1c185c57 in stbi__YCbCr_to_RGB_simd /home/hsalo/src/libsixel/src/stb_image.h:3508
#1 0x7fca1c1d5829 in load_jpeg_image /home/hsalo/src/libsixel/src/stb_image.h:3660
#2 0x7fca1c1d5829 in stbi__jpeg_load /home/hsalo/src/libsixel/src/stb_image.h:3741
#3 0x7fca1c1d5829 in stbi__load_main /home/hsalo/src/libsixel/src/stb_image.h:980
#4 0x7fca1c1f235c in stbi__load_and_postprocess_8bit /home/hsalo/src/libsixel/src/stb_image.h:1090
#5 0x7fca1c1f6663 in load_with_builtin /home/hsalo/src/libsixel/src/loader.c:882
#6 0x7fca1c2037f8 in sixel_helper_load_image_file /home/hsalo/src/libsixel/src/loader.c:1352
#7 0x7fca1c2247de in sixel_encoder_encode /home/hsalo/src/libsixel/src/encoder.c:1734
#8 0x5571dcea8bab in main /home/hsalo/src/libsixel/converters/img2sixel.c:457
#9 0x7fca1b3ab2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#10 0x5571dcea8de9 in _start (/home/hsalo/builds/libsixel/5db717dfef6fa327cd4025e7352550f63d20699c/bin/img2sixel+0x2de9)
0x7fca13dfec0f is located 0 bytes to the right of 1971215-byte region [0x7fca13c1d800,0x7fca13dfec0f)
allocated by thread T0 here:
#0 0x7fca1c542d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x7fca1c1c14d0 in stbi__process_frame_header /home/hsalo/src/libsixel/src/stb_image.h:3066
#2 0x7fca1c1c14d0 in stbi__decode_jpeg_header /home/hsalo/src/libsixel/src/stb_image.h:3114
#3 0x7fff00000002 (<unknown module>)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hsalo/src/libsixel/src/stb_image.h:3508 in stbi__YCbCr_to_RGB_simd
Shadow bytes around the buggy address:
0x0ff9c27b7d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff9c27b7d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff9c27b7d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff9c27b7d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff9c27b7d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff9c27b7d80: 00[07]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff9c27b7d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff9c27b7da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff9c27b7db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff9c27b7dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff9c27b7dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15521==ABORTING
The text was updated successfully, but these errors were encountered:
libsixel-heap-buffer-overflow-stb_image.h-3508-stbi__YCbCr_to_RGB_simd.png.zip (SHA1: e652bdff6e901ca105bcc4363c2bd58ff868df0c)
Tested commit: 5db717d
Credit: Henri Salo
The text was updated successfully, but these errors were encountered: