Segmentation fault of incomplete fix issue
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
jhead (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
There is a segmentation fault related to the incomplete fix of CVE-2018-16554 in jhead 3.03.
The system information is:
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
gcc: 5.4
To reproduce the crash, just run:
./jhead Poc
Here is the trace reported by ASAN:
ASAN:SIGSEGV
=======
==134520==ERROR: AddressSanitizer: SEGV on unknown address 0x6130fa00dfa9 (pc 0x00000042cae0 bp 0x000000000001 sp 0x7ffdf0897270 T0)
#0 0x42cadf in ProcessGpsInfo /mnt/data/
#1 0x423e6a in ProcessExifDir /mnt/data/
#2 0x423c62 in ProcessExifDir /mnt/data/
#3 0x423c62 in ProcessExifDir /mnt/data/
#4 0x423c62 in ProcessExifDir /mnt/data/
#5 0x41fc8f in ProcessExifDir /mnt/data/
#6 0x4252bd in process_EXIF /mnt/data/
#7 0x4107ec in ReadJpegSections /mnt/data/
#8 0x411b25 in ReadJpegSections /mnt/data/
#9 0x411b25 in ReadJpegFile /mnt/data/
#10 0x408dd7 in ProcessFile /mnt/data/
#11 0x402f74 in main /mnt/data/
#12 0x7f9616ba182f in __libc_start_main (/lib/x86_
#13 0x406d58 in _start (/mnt/data/
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/data/
==134520==ABORTING
Hi Doudou,
Thanks for reporting this. Have you reported this to the upstream developer yet? Additionally, is it possible that this is related to https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1679952? That bug has been assigned CVE-2019-1010301.