SEGV caused by a READ memory access in jpegoptim.c

[yangfar]

With the help of AFL, I found some crashes. Are they new bugs?

• Crashes1

================================================================= ==3914==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7f92addb01f7 bp 0x7ffce101b640 sp 0x7ffce101a2e0 T0) ==3914==The signal is caused by a READ memory access. ==3914==Hint: this fault was caused by a dereference of a high value address (see register values below). Dissassemble the provided pc to learn which register was used.

0 0x7f92addb01f7 (/lib/x86_64-linux-gnu/libjpeg.so.8+0x201f7)

#1 0x7f92addb0c06  (/lib/x86_64-linux-gnu/libjpeg.so.8+0x20c06)
#2 0x7f92addaef1e  (/lib/x86_64-linux-gnu/libjpeg.so.8+0x1ef1e)
#3 0x7f92addb779d in jpeg_read_coefficients (/lib/x86_64-linux-gnu/libjpeg.so.8+0x2779d)
#4 0x4c7cbc in optimize /home/hjsz/jpegoptim/jpegoptim.c:709:17
#5 0x4cdbcf in main /home/hjsz/jpegoptim/jpegoptim.c:1309:10
#6 0x7f92adb72082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x41c5ed in _start (/home/hjsz/jpegoptim/jpegoptim+0x41c5ed)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libjpeg.so.8+0x201f7) ==3914==ABORTING

[tjko]

What makes you think this is issue with jpegoptim? Stack trace clearly shows it was (code in) libjpeg.so that seems to have made out-of-bounds read....

[yangfar]

This should not be the problem of jpegoptim, but how to avoid these crashes when libjpeg. so is called.

[tjko]

Finally got around to look into this further. AddressSanitizer was 'hiding' what was happening, when compiled withouth it NULL pointer dereference was apparent.

Bug was indeed in jpegoptim, this change should fix this: 3401f250ace692a5b23eac1617dc429eb3566f9f