Describe the issue
When i test the test_tinyexr with afl++, some crashes arose in tinyexr.h:5779.
To Reproduce
Steps to reproduce the behavior:
$ git clone https://github.com/syoyo/tinyexr.git
$ cd tinyext
$ export CFLAGS="-fsanitize=address"
$ export CXXFLAGS="-fsanitize=address"
$ export CC=afl-clang-fast
$ export CXX=afl-clang-fast++
$ export AFL_USE_ASAN=1
$ mkdir build
$ cd build
$ make -j8
Compile TinyEXR with Address Sanitizer
run
./test_tinyexr ./poc
Environment
OS: Ubuntu 20.04.2 LTS
gcc: 9.4.0
Error
`AddressSanitizer:DEADLYSIGNAL
==1365598==ERROR: AddressSanitizer: SEGV on unknown address 0x7fb24cfa130a (pc 0x0000004e5c2b bp 0x7ffc47299350 sp 0x7ffc47298b60 T0)
==1365598==The signal is caused by a READ memory access.
Describe the issue When i test the test_tinyexr with afl++, some crashes arose in tinyexr.h:5779.
To Reproduce Steps to reproduce the behavior: $ git clone https://github.com/syoyo/tinyexr.git $ cd tinyext $ export CFLAGS="-fsanitize=address" $ export CXXFLAGS="-fsanitize=address" $ export CC=afl-clang-fast $ export CXX=afl-clang-fast++ $ export AFL_USE_ASAN=1 $ mkdir build $ cd build $ make -j8 Compile TinyEXR with Address Sanitizer
run ./test_tinyexr ./poc
Environment OS: Ubuntu 20.04.2 LTS gcc: 9.4.0
Error
`AddressSanitizer:DEADLYSIGNAL
==1365598==ERROR: AddressSanitizer: SEGV on unknown address 0x7fb24cfa130a (pc 0x0000004e5c2b bp 0x7ffc47299350 sp 0x7ffc47298b60 T0) ==1365598==The signal is caused by a READ memory access.
0 0x4e5c2b in tinyexr::ReconstructTileOffsets(tinyexr::OffsetData&, TEXRHeader const, unsigned char const, unsigned char const*, unsigned long, bool, bool) /home/yzy/fuzzsoftware/tinyexr-release/./tinyexr.h:5779:9
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/yzy/fuzzsoftware/tinyexr-release/./tinyexr.h:5779:9 in tinyexr::ReconstructTileOffsets(tinyexr::OffsetData&, TEXRHeader const, unsigned char const, unsigned char const*, unsigned long, bool, bool) ==1365598==ABORTING`
Poc Poc.zip