Bug 106981

Summary: There is a null-pointer-dereference bug in WEBP_Support.hpp:45
Product: exempi Reporter: xiao <teamSeri0us360>
Component: ProblemsAssignee: Hubert Figuiere <hub>
Status: RESOLVED MOVED QA Contact: Hubert Figuiere <hub>
Severity: normal    
Priority: medium CC: tayyabali3139
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: poc file

Description xiao 2018-06-21 07:06:17 UTC 
Created attachment 140255 [details]
poc file

Reading symbols from aflbuild/installed/bin/exempi...done.
[New LWP 18]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `aflbuild/installed/bin/exempi -x -o out 1-poc-data-null-pointer'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  WEBP::GetLE32 (data=<optimized out>) at ../../../../exempi-2.4.5/XMPFiles/source/FormatSupport/WEBP_Support.hpp:45
45	    return (XMP_Uns32)GetLE16(data) | (GetLE16(data + 2) << 16);
gdb-peda$ bt
#0  WEBP::GetLE32 (data=<optimized out>) at ../../../../exempi-2.4.5/XMPFiles/source/FormatSupport/WEBP_Support.hpp:45
#1  WEBP::VP8XChunk::xmp (this=0x155f850, hasXMP=hasXMP@entry=0x1) at ../../../../exempi-2.4.5/XMPFiles/source/FormatSupport/WEBP_Support.cpp:163
#2  0x00007f4f100cb484 in WEBP::Container::Container (this=0x155f450, handler=0x155f230) at ../../../../exempi-2.4.5/XMPFiles/source/FormatSupport/WEBP_Support.cpp:210
#3  0x00007f4f0ff05598 in WEBP_MetaHandler::CacheFileData (this=0x155f230) at ../../../../exempi-2.4.5/XMPFiles/source/FileHandlers/WEBP_Handler.cpp:89
#4  0x00007f4f0fdd72e3 in DoOpenFile (openFlags=<optimized out>, format=0x20202020, clientPath=0x7fffe9c928fc "1-poc-data-null-pointer", clientIO=0x0, thiz=0x155f020) at ../../../exempi-2.4.5/XMPFiles/source/XMPFiles.cpp:908
#5  XMPFiles::OpenFile (this=0x155f020, clientPath=0x7fffe9c928fc "1-poc-data-null-pointer", format=0x20202020, openFlags=<optimized out>) at ../../../exempi-2.4.5/XMPFiles/source/XMPFiles.cpp:1011
#6  0x00007f4f0fdc5961 in WXMPFiles_OpenFile_1 (xmpObjRef=0x155f020, filePath=0x7fffe9c928fc "1-poc-data-null-pointer", format=0x20202020, openFlags=0x1, wResult=0x7fffe9c913e0)
    at ../../../exempi-2.4.5/XMPFiles/source/WXMPFiles.cpp:234
#7  0x00007f4f0fb0fb84 in TXMPFiles<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::OpenFile (this=this@entry=0x1559fd0, filePath=filePath@entry=0x7fffe9c928fc "1-poc-data-null-pointer", 
    format=format@entry=0x20202020, openFlags=openFlags@entry=0x1) at ../../exempi-2.4.5/public/include/client-glue/TXMPFiles.incl_cpp:313
#8  0x00007f4f0faf1154 in xmp_files_open_new (path=path@entry=0x7fffe9c928fc "1-poc-data-null-pointer", options=options@entry=XMP_OPEN_READ) at ../../exempi-2.4.5/exempi/exempi.cpp:280
#9  0x000000000040577d in get_xmp_from_file (filename=filename@entry=0x7fffe9c928fc "1-poc-data-null-pointer", no_reconcile=no_reconcile@entry=0x0, is_an_xmp=is_an_xmp@entry=0x0) at ../../exempi-2.4.5/exempi/main.cpp:235
#10 0x00000000004030e9 in dump_xmp (outio=0x155edf0, is_an_xmp=<optimized out>, no_reconcile=<optimized out>, filename=0x7fffe9c928fc "1-poc-data-null-pointer") at ../../exempi-2.4.5/exempi/main.cpp:250
#11 process_file (output="out", prop_value="", value_name="", action=<optimized out>, dump_xml=<optimized out>, write_in_place=<optimized out>, is_an_xmp=<optimized out>, no_reconcile=<optimized out>, 
    filename=0x7fffe9c928fc "1-poc-data-null-pointer") at ../../exempi-2.4.5/exempi/main.cpp:340
#12 main (argc=<optimized out>, argc@entry=0x5, argv=0x7fffe9c917f8, argv@entry=0x7fffe9c917d8) at ../../exempi-2.4.5/exempi/main.cpp:187
#13 0x00007f4f0f149830 in __libc_start_main (main=0x401880 <main(int, char**)>, argc=0x5, argv=0x7fffe9c917d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffe9c917c8)
    at ../csu/libc-start.c:291
#14 0x0000000000405489 in _start ()
Comment 1 GitLab Migration User 2018-08-20 21:31:18 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/libopenraw/exempi/issues/9.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.