search

saitoha / libsixel

A SIXEL encoder/decoder implementation derived from kmiya's sixel (https://github.com/saitoha/sixel).
MIT License
2.46k stars 82 forks source link

SEGV in fromsixel.c:585 #97

Closed strongcourage closed 4 years ago

strongcourage commented 5 years ago

Hi,

I found a crash in sixel2png (the latest commit 2df6437 on master).

PoC: https://github.com/strongcourage/PoCs/blob/master/libsixel_2df6437/PoC_segv_sixel_decode_raw_impl Command: sixel2png $PoC

ASAN says:

=================================================================
==2647==ERROR: AddressSanitizer: SEGV on unknown address 0x61fff680f682 (pc 0x7fe2ec0d297f bp 0x7ffdac94d3f0 sp 0x7ffdac94d380 T0)
    #0 0x7fe2ec0d297e in sixel_decode_raw_impl ../../src/fromsixel.c:585
    #1 0x7fe2ec0d4e72 in sixel_decode_raw ../../src/fromsixel.c:881
    #2 0x7fe2ec135c0f in sixel_decoder_decode ../../src/decoder.c:305
    #3 0x401390 in main ../../converters/sixel2png.c:226
    #4 0x7fe2ebce982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #5 0x400d78 in _start (/home/dungnguyen/PoCs/libsixel_2df6437/.libs/lt-sixel2png+0x400d78)

Thanks, Manh Dung

saitoha commented 4 years ago

This problem is fixed with 1377517. Thanks!