==16689==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f8b2a0fc000 at pc 0x0000004d947c bp 0x7fff65fd9340 sp 0x7fff65fd8af0
WRITE of size 1275068416 at 0x7f8b2a0fc000 thread T0
#0 0x4d947b in __asan_memset (/home/tmp/img2sixel+0x4d947b)
#1 0x7f8e7448fd93 in image_buffer_resize /home/tmp/libsixel/src/fromsixel.c:391:9
#2 0x7f8e74478b29 in sixel_decode_raw_impl /home/tmp/libsixel/src/fromsixel.c:643:34
#3 0x7f8e74490edb in sixel_decode_raw /home/tmp/libsixel/src/fromsixel.c:976:14
#4 0x7f8e7459baa2 in load_sixel /home/tmp/libsixel/src/loader.c:643:14
#5 0x7f8e7459baa2 in load_with_builtin /home/tmp/libsixel/src/loader.c:812
#6 0x7f8e7459baa2 in sixel_helper_load_image_file /home/tmp/libsixel/src/loader.c:1392
#7 0x7f8e747dd16f in sixel_encoder_encode /home/tmp/libsixel/src/encoder.c:1737:14
#8 0x51787f in main /home/tmp/libsixel/converters/img2sixel.c:457:22
#9 0x7f8e72b43b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#10 0x41a379 in _start (/home/tmp/img2sixel+0x41a379)
0x7f8b2a0fc000 is located 6144 bytes to the left of 13153337344-byte region [0x7f8b2a0fd800,0x7f8e3a0fd800)
allocated by thread T0 here:
#0 0x4da230 in __interceptor_malloc (/home/tmp/img2sixel+0x4da230)
#1 0x7f8e7448ec68 in image_buffer_resize /home/tmp/libsixel/src/fromsixel.c:357:35
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/tmp/img2sixel+0x4d947b) in __asan_memset
Shadow bytes around the buggy address:
0x0ff1e54177b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff1e54177c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff1e54177d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff1e54177e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff1e54177f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff1e5417800:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff1e5417810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff1e5417820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff1e5417830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff1e5417840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff1e5417850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==16689==ABORTING
img2sixel 1.8.3 (git commit 41f6be4540b5fbb7d171fdcc21ac2fc2300b13b4)
There is a heap-buffer-overflow in image_buffer_resize at fromsixel.c:391 please run following cmd to reproduce it.
poc ASAN LOG