Package: dcraw Version: 9.28-7 Found a memory leak in the latest version of dcraw.
Here is a transcript: osboxes@osboxes:~/Desktop$ dcraw -g 2.2 1.0 -b 1.2 -j leak fseek(0x5a1841ba9430, -2145648639,0): Invalid argument osboxes@osboxes:~/Desktop$ For reference: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=memory+leak Impact: Memory leaks can create vulnerabilities. Attackers might exploit them to degrade service (denial of service attacks) or infer information about memory layouts, aiding other exploits. These also affect the previous versions too. Tested machine and version: osboxes@osboxes:~/Desktop$ uname -a Linux osboxes 6.8.0-49-generic #49-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 4 02:06:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux osboxes@osboxes:~/Desktop$ cat /etc/os-release PRETTY_NAME="Ubuntu 24.04.1 LTS" NAME="Ubuntu" VERSION_ID="24.04" VERSION="24.04.1 LTS (Noble Numbat)" VERSION_CODENAME=noble ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/"; SUPPORT_URL="https://help.ubuntu.com/"; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; PRIVACY_POLICY_URL=" https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; UBUNTU_CODENAME=noble LOGO=ubuntu-logo osboxes@osboxes:~/Desktop$ sudo dpkg -l | grep -i dcraw ii dcraw 9.28-7 amd64 decode raw digital camera images osboxes@osboxes:~/Desktop$ How to reproduce: Use the file attached with dcraw dcraw -g 2.2 1.0 -b 1.2 -j leak Reproducing using msan and afl: Compiling using AFL and memory santizier ~/Desktop/AFL/AFLplusplus/afl-clang-lto -fsanitize=memory,undefined -o dcraw -O4 dcraw.c -lm -DNODEPS Fuzzing : /home/fuzzing-android/Desktop/AFL/AFLplusplus/afl-fuzz -m none -i in/ -o out/ -S slave3 -- ./dcraw -g 2.2 1.0 -b 1.2 -j @@ Reproducing: fuzzing-android@fuzzingandroid:~/Desktop/dcraw_latest/dcraw_9.28.orig$ ./dcraw out/master/crashes.2024-11-20-05\:00\:07/id\:000034\,sig\:06\,src\:000466\,time\:3816438\,execs\:137174\,op\:havoc\,rep\:17 dcraw.c:315:17: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior dcraw.c:315:17 in dcraw.c:313:49: runtime error: left shift of 128 by 24 places cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior dcraw.c:313:49 in Uninitialized bytes in __interceptor_strncmp at offset 0 inside [0x7ffcff567c80, 1) ==334245==WARNING: MemorySanitizer: use-of-uninitialized-value ==334245==WARNING: external symbolizer didn't start up correctly! fuzzing-android@fuzzingandroid:~/Desktop/dcraw_latest/dcraw_9.28.orig$ The compiled program and crashes are uploaded in tar file: dcraw.tar <https://drive.google.com/file/d/1KYsHpkPv6CUfnwxapPzxO4g3Gy8Eih_y/view?usp=drive_web>
leak
Description: Binary data
