You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
root@v22017125319057172:~# exrmakepreview -v ./poc 1
generating preview image
=================================================================
==11705==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb4a00531 at pc 0xb6c97854 bp 0xbf9ee4f8 sp 0xbf9ee4e8
READ of size 1 at 0xb4a00531 thread T0
#0 0xb6c97853 in Imf_2_2::CharPtrIO::readChars(char const*&, char*, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfIO.h:247
#1 0xb6c97853 in void Imf_2_2::Xdr::readUnsignedChars<Imf_2_2::CharPtrIO, char const*>(char const*&, unsigned char*, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfXdr.h:326
#2 0xb6c97853 in void Imf_2_2::Xdr::read<Imf_2_2::CharPtrIO, char const*>(char const*&, unsigned short&) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfXdr.h:663
#3 0xb6c97853 in Imf_2_2::PizCompressor::uncompress(char const*, int, Imath_2_2::Box<Imath_2_2::Vec2<int> >, char const*&) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfPizCompressor.cpp:551
#4 0xb6c97bf8 in Imf_2_2::PizCompressor::uncompress(char const*, int, int, char const*&) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfPizCompressor.cpp:288
#5 0xb6d61254 in execute /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfScanLineInputFile.cpp:541
#6 0xb67839fe in IlmThread_2_2::ThreadPool::addTask(IlmThread_2_2::Task*) (/usr/lib/i386-linux-gnu/libIlmThread-2_2.so.12+0x29fe)
#7 0xb6783e90 in IlmThread_2_2::ThreadPool::addGlobalTask(IlmThread_2_2::Task*) (/usr/lib/i386-linux-gnu/libIlmThread-2_2.so.12+0x2e90)
#8 0xb6d6f330 in Imf_2_2::ScanLineInputFile::readPixels(int, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfScanLineInputFile.cpp:1617
#9 0xb6c207ca in Imf_2_2::InputFile::readPixels(int, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfInputFile.cpp:815
#10 0xb6c6586f in Imf_2_2::RgbaInputFile::readPixels(int, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfRgbaFile.cpp:1302
#11 0x804a995 in generatePreview /opt/lib/openexr-2.2.1/OpenEXR/exrmakepreview/makePreview.cpp:114
#12 0x804a995 in makePreview(char const*, char const*, int, float, bool) /opt/lib/openexr-2.2.1/OpenEXR/exrmakepreview/makePreview.cpp:162
#13 0x8049cce in main /opt/lib/openexr-2.2.1/OpenEXR/exrmakepreview/main.cpp:185
#14 0xb67db636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#15 0x804a34b (/usr/bin/exrmakepreview+0x804a34b)
0xb4a00531 is located 0 bytes to the right of 1-byte region [0xb4a00530,0xb4a00531)
allocated by thread T0 here:
#0 0xb72b6dee in malloc (/usr/lib/i386-linux-gnu/libasan.so.2+0x96dee)
#1 0xb6d74f3b in EXRAllocAligned /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfSystemSpecific.h:139
#2 0xb6d74f3b in Imf_2_2::ScanLineInputFile::initialize(Imf_2_2::Header const&) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfScanLineInputFile.cpp:1132
#3 0xb6d76fdd in Imf_2_2::ScanLineInputFile::ScanLineInputFile(Imf_2_2::Header const&, Imf_2_2::IStream*, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfScanLineInputFile.cpp:1190
#4 0xb6c18af7 in Imf_2_2::InputFile::initialize() /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfInputFile.cpp:555
#5 0xb6c1b77c in Imf_2_2::InputFile::InputFile(char const*, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfInputFile.cpp:382
#6 0xb6c667ad in Imf_2_2::RgbaInputFile::RgbaInputFile(char const*, int) /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfRgbaFile.cpp:1166
#7 0x804a786 in generatePreview /opt/lib/openexr-2.2.1/OpenEXR/exrmakepreview/makePreview.cpp:105
#8 0x804a786 in makePreview(char const*, char const*, int, float, bool) /opt/lib/openexr-2.2.1/OpenEXR/exrmakepreview/makePreview.cpp:162
#9 0x8049cce in main /opt/lib/openexr-2.2.1/OpenEXR/exrmakepreview/main.cpp:185
#10 0xb67db636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
SUMMARY: AddressSanitizer: heap-buffer-overflow /opt/lib/openexr-2.2.1/OpenEXR/IlmImf/ImfIO.h:247 Imf_2_2::CharPtrIO::readChars(char const*&, char*, int)
Shadow bytes around the buggy address:
0x36940050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36940060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36940070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36940080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x36940090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x369400a0: fa fa 00 00 fa fa[01]fa fa fa 01 fa fa fa 01 fa
0x369400b0: fa fa 00 fa fa fa 00 04 fa fa 00 fa fa fa 00 fa
0x369400c0: fa fa 00 fa fa fa 00 fa fa fa 04 fa fa fa fd fa
0x369400d0: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fa
0x369400e0: fa fa 00 04 fa fa 00 fa fa fa 00 fa fa fa 00 fa
0x369400f0: fa fa 00 fa fa fa 00 04 fa fa 00 fa fa fa 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==11705==ABORTING
ASAN OUTPUT
POC
poc.zip
Version
openexr-2.2.1
Found by: Wang Yan
The text was updated successfully, but these errors were encountered: