There is a segmentation fault related to the incomplete fix of CVE-2018-16554 in jhead 3.03.
The system information is:
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
gcc: 5.4
To reproduce the crash, just run:
./jhead Poc
Here is the trace reported by ASAN:
ASAN:SIGSEGV
=================================================================
==134520==ERROR: AddressSanitizer: SEGV on unknown address 0x6130fa00dfa9 (pc 0x00000042cae0 bp 0x000000000001 sp 0x7ffdf0897270 T0)
#0 0x42cadf in ProcessGpsInfo /mnt/data/playground/jhead-3.03-a/gpsinfo.c:121
#1 0x423e6a in ProcessExifDir /mnt/data/playground/jhead-3.03-a/exif.c:866
#2 0x423c62 in ProcessExifDir /mnt/data/playground/jhead-3.03-a/exif.c:852
#3 0x423c62 in ProcessExifDir /mnt/data/playground/jhead-3.03-a/exif.c:852
#4 0x423c62 in ProcessExifDir /mnt/data/playground/jhead-3.03-a/exif.c:852
#5 0x41fc8f in ProcessExifDir /mnt/data/playground/jhead-3.03-a/exif.c:936
#6 0x4252bd in process_EXIF /mnt/data/playground/jhead-3.03-a/exif.c:1041
#7 0x4107ec in ReadJpegSections /mnt/data/playground/jhead-3.03-a/jpgfile.c:287
#8 0x411b25 in ReadJpegSections /mnt/data/playground/jhead-3.03-a/jpgfile.c:126
#9 0x411b25 in ReadJpegFile /mnt/data/playground/jhead-3.03-a/jpgfile.c:375
#10 0x408dd7 in ProcessFile /mnt/data/playground/jhead-3.03-a/jhead.c:905
#11 0x402f74 in main /mnt/data/playground/jhead-3.03-a/jhead.c:1757
#12 0x7f9616ba182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#13 0x406d58 in _start (/mnt/data/playground/jhead-3.03-a/jhead+0x406d58)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/data/playground/jhead-3.03-a/gpsinfo.c:121 ProcessGpsInfo
==134520==ABORTING
Hi Doudou,
Thanks for reporting this. Have you reported this to the upstream developer yet? Additionally, is it possible that this is related to https:/