hi, with the help of fuzzing ,I found some crash sample in this repo.
crash sample will be offered, and to reproduce the crash info please use command ./linux/jpegdec crash_sample
--11053-- ERROR: AddressSanitizer: negative-size-param: (size=-555)
#0 0x4ad750 in __asan_memcpy /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22
#1 0x5138a0 in JPEGParseInfo /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:1381:17
#2 0x512866 in main /home/bupt/Desktop/JPEGDEC/linux/main.c:42:14
#3 0x7f1585cabc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#4 0x41c109 in _start (/home/bupt/Desktop/JPEGDEC/linux/jpegdec+0x41c109)
0x0000010136aa is located 6602 bytes inside of global variable 'jpg' defined in 'main.c:14:11' (0x1011ce0) of size 17864
SUMMARY: AddressSanitizer: negative-size-param /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22 in __asan_memcpy
==11053==ABORTING
AddressSanitizer:DEADLYSIGNAL
--16536-- ERROR: AddressSanitizer: SEGV on unknown address 0x000050538315 (pc 0x000000519856 bp 0x000000000001 sp 0x7ffda97ee2f0 T0)
--16536-- The signal is caused by a READ memory access.
#0 0x519856 in TIFFSHORT /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl
#1 0x519856 in GetTIFFInfo /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:1191:17
#2 0x516242 in JPEGParseInfo /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:1425:29
#3 0x512866 in main /home/bupt/Desktop/JPEGDEC/linux/main.c:42:14
#4 0x7ff45c6c4c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#5 0x41c109 in _start (/home/bupt/Desktop/JPEGDEC/linux/jpegdec+0x41c109)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl in TIFFSHORT
==16536==ABORTING
AddressSanitizer:DEADLYSIGNAL
==53466==ERROR: AddressSanitizer: SEGV on unknown address 0x000700000080 (pc 0x7f9ea1731c01 bp 0x000000014538 sp 0x7ffefc49da70 T0)
==53466==The signal is caused by a READ memory access.
#0 0x7f9ea1731c01 in fseek /build/glibc-CVJwZb/glibc-2.27/libio/fseek.c:35
#1 0x4f49d4 in seekFile /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:645:5
#2 0x51381a in JPEGParseInfo /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:1375:17
#3 0x512866 in main /home/bupt/Desktop/JPEGDEC/linux/main.c:42:14
#4 0x7f9ea16cbc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#5 0x41c109 in _start (/home/bupt/Desktop/JPEGDEC/linux/jpegdec+0x41c109)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-CVJwZb/glibc-2.27/libio/fseek.c:35 in fseek
==53466==ABORTING
AddressSanitizer:DEADLYSIGNAL
==53478==ERROR: AddressSanitizer: FPE on unknown address 0x0000004f6aa6 (pc 0x0000004f6aa6 bp 0x7ffd10d4a3d0 sp 0x7ffd10d49c40 T0)
#0 0x4f6aa6 in DecodeJPEG /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:3285:37
#1 0x51298c in JPEG_decode /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:577:12
#2 0x51298c in main /home/bupt/Desktop/JPEGDEC/linux/main.c:50:6
#3 0x7f92f93acc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#4 0x41c109 in _start (/home/bupt/Desktop/JPEGDEC/linux/jpegdec+0x41c109)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:3285:37 in DecodeJPEG
==53478==ABORTING
AddressSanitizer:DEADLYSIGNAL
==53482==ERROR: AddressSanitizer: SEGV on unknown address 0x00004f4a7e15 (pc 0x000000519856 bp 0x000000000001 sp 0x7ffed5dd5f70 T0)
==53482==The signal is caused by a READ memory access.
#0 0x519856 in TIFFSHORT /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl
#1 0x519856 in GetTIFFInfo /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:1191:17
#2 0x516242 in JPEGParseInfo /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl:1425:29
#3 0x512866 in main /home/bupt/Desktop/JPEGDEC/linux/main.c:42:14
#4 0x7f5efd945c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#5 0x41c109 in _start (/home/bupt/Desktop/JPEGDEC/linux/jpegdec+0x41c109)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/JPEGDEC/linux/./../src/jpeg.inl in TIFFSHORT
==53482==ABORTING
hi, with the help of fuzzing ,I found some crash sample in this repo. crash sample will be offered, and to reproduce the crash info please use command
./linux/jpegdec crash_sample
negative-size-param
sample here:
negative-size-param-crash-sample.zip
crash info:
SEGV on unknown address
sample1:
SEGV on unknown address sample1.zip
crash info:
sample2:
SEGV on unknown address sample2.zip
crash info:
global-buffer-overflow
crash sample1:
global-buffer-overflow-crash-sample1.zip
crash info:
crash sample2:
global-buffer-overflow-crash-sample2.zip
crash info:
FPE
crash sample1:
FPE-sample1.zip
crash info:
crash sample2:
FPE-sample2.zip
crash info: