ilyakurdyukov
commented
11 months ago How did you get these files? The quantization tables don't look valid.
Even libjpeg says it's broken:
Corrupt JPEG data: 5 extraneous bytes before marker 0xdb
Closed Ruanxingzhi closed 11 months ago
ilyakurdyukov
commented
11 months ago How did you get these files? The quantization tables don't look valid.
Even libjpeg says it's broken:
Corrupt JPEG data: 5 extraneous bytes before marker 0xdb
ilyakurdyukov
commented
11 months ago And I can't reproduce the crash, although the result is garbage (but this is ok, since the file is damaged anyway). What options are you calling jpegqs with and what version of libjpeg did you use?
ilyakurdyukov
commented
11 months ago I see, for some reason this is only on AVX2.
Ruanxingzhi
commented
11 months ago This file was discovered by fuzzing. (Seems #25 is discovered by fuzzing too)
Reproduce(Tested on Debian sid, AMD R5-2400G):
apt install jpegqs
jpegqs ./case/crash0 /dev/nullFixed in https://github.com/ilyakurdyukov/jpeg-quantsmooth/commit/045e30082fe7e9159f7f9e1a10ffbcf703a23d64 What are you trying to achieve with your fuzzing? If it's not code execution, then it can't harm anything. The only thing I might worry about is buffer overflow.
Ruanxingzhi
commented
11 months ago Thank you for the fix!
Indeed I want to obtain vulnerabilities that can lead to command execution, such as stack overflow, heap overflow, and arbitrary address writing, but I haven't found any in jpegqs :)
A division by zero differs from https://github.com/ilyakurdyukov/jpeg-quantsmooth/issues/25 .
sample file crashes.zip
reproduce
fix Maybe add a check, I guess.