Public bug reported: Package: sam2p Version: 0.49.2 - 0.49.4 Source code:https://github.com/pts/sam2p
Details: In function Image::RGB::RGB at image.cpp (Line 1239,sam2p version:0.49.4): Key code that causes crashes: Image::RGB::RGB(Image::Sampled::dimen_t wd_, Image::Sampled::dimen_t ht_, unsigned char bpc_) { init(0,0,wd_,ht_,bpc_,TY_RGB,3); Crash Information: The output with address sanitizer enabled: > ./sam2p 007-unknown-add-refer EPS: /dev/null > This is sam2p 0.49.4. > Available Loaders: PS PDF JAI PNG JPEG TIFF PNM BMP GIF LBM XPM PCX TGA. > Available Appliers: XWD Meta Empty BMP PNG TIFF6 TIFF6-JAI JPEG-JAI JPEG PNM > GIF89a+LZW XPM PSL1C PSL23+PDF PSL2+PDF-JAI P-TrOpBb. > ASAN:SIGSEGV > ==10156==ERROR: AddressSanitizer: SEGV on unknown address 0x10009e757d03 (pc > 0x7ffff6ef6b73 bp 0x7fffffffd6b0 sp 0x7fffffffce40 T0) > #0 0x7ffff6ef6b72 in __asan_memset > (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8cb72) > #1 0x474210 in Image::RGB::RGB(unsigned int, unsigned int, unsigned char) > /root/sam2p_ASAN2/sam2p/image.cpp:1239 > #2 0x431fe6 in LoadPCX /root/sam2p_ASAN2/sam2p/in_pcx.cpp:213 > #3 0x431fe6 in in_pcx_reader /root/sam2p_ASAN2/sam2p/in_pcx.cpp:533 > #4 0x475999 in Image::load(Image::Loader::UFD*, SimBuffer::Flat const&, > char const*) /root/sam2p_ASAN2/sam2p/image.cpp:1427 > #5 0x40384a in run_sam2p_engine(Files::FILEW&, Files::FILEW&, char const* > const*, bool) /root/sam2p_ASAN2/sam2p/sam2p_main.cpp:1055 > #6 0x402463 in main /root/sam2p_ASAN2/sam2p/sam2p_main.cpp:1148 > #7 0x7ffff6ac082f in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) > #8 0x402d38 in _start (/usr/local/sam2p-asan2/bin/sam2p+0x402d38) > > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV ??:0 __asan_memset > ==10156==ABORTING reference link:https://github.com/pts/sam2p/issues/19 ** Affects: sam2p (Ubuntu) Importance: Undecided Status: New ** Tags: security ** Attachment added: "PoC File" https://bugs.launchpad.net/bugs/1751738/+attachment/5063359/+files/007-unknown-add-refer ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751738 Title: Invalid memory address dereference in Image::RGB::RGB (in image.cpp) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sam2p/+bug/1751738/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs