Crash during parsing of malformed GIF #179

retpoline · 2022-01-06T04:19:55Z

Hi folks,

An interesting crash was found while fuzz testing of the gifsicle binary which can be triggered via a malformed GIF file. Although this malformed file only crashes the program as-is, it could potentially be crafted further and create a security issue where these kinds of files would be able compromise the process's memory through taking advantage of affordances given by memory corruption. It's recommend to harden the code to prevent these kinds of bugs as it could greatly mitigate such this issue and even future bugs.

crash.gif (base64 encoded due to file format)

echo -e "R0lGODlhPACEAPX/AJyMe1J7Oe+11q1arc6tlP/OjAAAAKV7Qvd7lPdChBgISq1Cxs6M56W11vecUgBrMWMAQs5CUkopa5xKxnOElGNSAHu1ObXGQv/WQvfv3udCSsYIhJQQrd4IrSEQrVoQ1s4I1mMQzoR7/1JSxox7lClaa2O1Y3O1Y+e9GPcIWq0AQucIhFJC/9Za/ykY97UQ/8YQ/4w5/zlKxkKElEq1Y///AFLnKVrvMaX3lK33GNb/SgAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQFMgAAACwAAAAAPACEAAAG/0CAcEgsGo/IpHLJbBYFiEQiRZUiBM6sVoiger/fBHZLNgqm4HR4XCZ31fAvor19x++pOb1px9/1e0l9fndsgU+EiSmHZoqJgIwAjoqRXJOJCZWXlIwCm4+Mn5iHnqKEh4OmcIeqp3ulrXeBaLFwmXu1d7dtqbleu2W0vmCQZMNwxVqwx1+GW8LMKcDG0WF0vcfTWtXEdNxf199e3uJU5OLaTsvczlnQ1efibevV6U3v0clO5eZl9PDB+C0qI9Dekn/R2t0T2EbgwC0ImRlUgi8fQYEKDzoMyJAav4lIsEUDecThw20b65gkU9HiFpMZBa18NhNlQZUO9VGsmcXkSf8+JkkW8akzCVEtLQH2DKpFZLWiR5K63OdTmU+hQ6Qyg2rE50+NVd1dtZkzS0R2YsNSZarOiwoIcOPCVaFiGFcibyDQBUP3bdxaMbs6ilvXFFlFbw3o3XSXiCm/hRUFNqLVD+RENGv5xYN1iNNNEBRH7pbZ12UwGTjGSaDBgQMNGqRYXgyuTdLWrnPDJkRb2p6kuYO7jo0HgpfJTM6owS08eNLIkZR/ad6cU/QoUqgLH1VpiIAC2nUnQt4GfHgHoLoTOe8as/r17AmRL8/eQVIx74mYD18ACrL8RdRXAIBO7BcegQXWh2ATAi64RAYKOqiEgdpJqESDFiIRYYZGUEiWHYdHeCjcgCAG6NoBFZao34kPOHAAisGpuKIDAQRwQI3CyThEbg/U+ACMrpGoI4sPFGljbjoKsd+NARTZomtJAmDeiyfi6ICQMhLZI5AORLmfj04imaSHTIo5pGs1lpkbliqi2WOTPZopo3k41mhll2O6tuWLd3rppp0/Bumnm0bKeeaJVBo6J39R7kgdm4Ou2eikRwQBACH5BAUKAAAALAEAAQA6AGQAAAb/QIBwSCwaj0gAIrFpbpLQqPTorFo3g6l2e+06V9tw0utdmcHiNIBcPj/VXHb3bH7Do826/Otu3qF5fVcrVnRVf1SBeoN0jYeIRFWOc42LTpBDkoJkm4+QhZ17XZiVoaJWn6WEp5Rof5qrrKB0iLKila+2coZ+d6ems7F3A3ulnLx2abfGbXq5bMgbsYzOvrvAlJdw2JO6d9HBur1qX8eWsnCs5+jk4rbb7u9q0/F76fV8bO340sCuYfwU0dOmLGA3T2KOqQO2j9rAPOFGFWz1sJ8qiWKINVsnEBxBgOYqwtI3UVpEfGk0djwYr+RKjgv/xWlVr1HDgMFkTsG5cdxM/1nY+FQDGdOj0Doul1UKmUyLrWgiDSVUVCwoKJ87mVEUSXKLqqhWu2ThApWpPK9G24gTw5InwqxhUYJMy3NqP5ww7fI0StStx7FO3XZE9fNa0St9ofk7+VHKL39frQB2/BjyUsKBlXKlinFKRXp0T6HdeNnd5CiW2wJFu9liTTOsBTeLLXvWaSgwK1fVmaS1YtUCC+u6ODuzuLJthHP+7TuPcK0Om2MdE51b3MbUYU0Dm7szoCYQwosfD8EwqzjiDZEPj9P40Svj5VJmXAXCkPLe3OeTE1/h2+/49KfdfwDyI96A2BUY0H0WDaWcFwmskAATbBwoSFJeCDHhhoPUJ0LEIveQcQSF2tXB3nRbINCVEdWtgF9TGMLIIiPgJZgSRDIWcR4merFxG494iAJkYiIO+SBiRurnXZKoFclkGOsgEgQAIfkEBQoAAQAsAQABADoAZAAABf9gII5kaZ7oMHAsuwwMKs/0ybR4zi1174s3nZDV2cR+yNJqKOw4O8ckcsnUPTucqLQWrFqv2W1t6fTiwCytuBREW7/Y1trWcueu+NxgXjrb/XhxOHwkgIJMT0NqYnBmZoQBgWWOXotJHJKHlHcdPHN+m4hXc1ShVYGfpl6Jcmubk6esHGsLjoGisq5mmbiCYl24d70uYppNsruCe1vInM2bllyYsHDGlIx1w6qzW6/W193bqsziptE03+VDW8Dq1Drh6kTPRPHyf3VS7eV5Oucysby9a3VpCD4ijYTYc/YtUzoptQwenHZLyD8UsQYmXJcEmDF645JEnCdJHsEf1Sb/evP0Y1+ddAI7SDG5KtFMmhJ9IXFpCybJOAVNVTyWaBlKoSVzYrnIBqmmdGCCTkumUSKLgkNTbttJsR9Rn0JY9qAoTKkqpoVUftna0itOhUfV0jQ6tutbjj66VFVVFcndlxr9/rWbQywNnvf+oBXhLSa8o1QbbjxJo1TGhrwKQ46MOSsLujQc1/y2uOrHveB6mM5czvAMkKzFgZYBElTiH7XvPsENluYT1yhy96SKO7HKUT0QU4rtzIfxskSdWx3dm7IMl54NVb9al+Fx4TmkA4JeLVTyFhJOSFhfM9TsE0vYX9mwPr2CABJwijcETwF7dfsB9k16Afi3zXsnTFcFhYH5iZLDYjQxWJ51MoxkkgT38UchCsqxZWA/i4lgoRcJlJiAFxiKIIsAUuFFgmUIoRfABrAs9FgJEajgnUyMbThGFSgAEMEG2jnRYBi/DAHADAAQycmNazAQEVCVpUbIAE505wVwfCBAQwSUhAhJj2YgOCZAjpzZootqqgZTm8wYI6YJIQAAIfkEBQoAAQAsAQABADoAZAAABv/AgHBILBqPR8ZiEmo6F8iodIocOK/Y0IRB7XqF2E/oQy43OSDQd31cOMXluDmdHrDv7rF8Tw7RQRx2d15WTXyHfyAhgoNSTH6KfG9lf06NU01/kop6H5piIZdITpV8iYlwWqJFhpB0m6cgcU2rQ4VkpYeZaZ1mtUOdn4ezkqGrDLFpw3KTs7/Jy3uGfXTHV3S90Xunoo+z2dpziaLTZuXhlK+0jQznfZ2u7rOa64Pew7HynpX1d/rip3TxM3bnFr5X1MDhwtZvDSCF1BC+E8gpBJRBDE0J09aKIEZlsHihM8fF3xg/EHONbPhl2j9IEIdZGhSTWU2ZHr9wGsnTDCP/hzfDvcy5picshUS9/Fu5cQ5NOEYBRvqmxmSxkai+0UQqUto5lb6sMmuaMJhEc3fahZwqJxlIrWz+ZR0bS9JPpSe/YsO51+tWMTsXvo2GlCWVSW5lCXU3c005V3MXA3xqs2/UcXFrLiX85y/OoBp5JcV083FGiqIz88ynMJFF1eggk42YZivofW9RIsKWOV5MyN8oGpYiW3TowYQbdxmApu7a230mOBam+zh0MXc2vuy6eHSUyMl5Kj/cnHvUZU2kt4R8XRfSkstJsT0PeD4ox3o2x246fJR+8SqNJ4VB6EEX2SLrcWSeOb3kIiBxpc2GklmD9WcEEwpaFkdicHXx/x9uyNEGnipKFdOghpUt2MRdUtgHWDmzSWKTd0YsKJhzHJ1jIRHIhFhfQCvBw0EHXqBIlY1YpQHfFGcVeJ4rOvlo4mW1RSkePKeFtGSL7W14ij6d4fUkNCHh9eE2ElWHZlWHNeObTNpB5MeWUejlWmsxekXnETqSKQ1YOImZTm4u3hjUg3yK4YECChDBqAQebFeoV+pN8YgEkP7BgQeYMqqABIXFFsKeRjjhgYi9hOBppE/SSIQ7gJIhQaMBnBqeGZVikspJNrq06Kdycufqq+B82MSsCtgq1TsJdleMEArkV8qORBD42RVe0XoqKgiudygHCyzRDChj/FreSWy0s3CZHQm0O8AE5JaFXQDN3WeSPiwCMAG805zCgQRoIErFIzomBQAAA4Dy4x+gUktaFlRABYpokTrcJhocDCsxMeT+EoASC4BAJGkmCuzxEQD8ZvLJFy6VHsveBgqzmSaSOnONFeXnhM03G9FjxlewuEYQACH5BAUyAAEALAEAAQA6AGQAAAb/wIBwSCwaj0iRiOVqulgipHRKTTqvWFe0yu0Ks+Bm7PXymo+icJj8gm3P5rQ6O4bZY294VT7Ptu0vWnp7LmOBYTExV3Z3TQ2DUnJsh1hjik4xMGRXkEhifzCXWJN1mqKCnURXoJRXhoyarU2pQ3wusKd0bExZLLQBp5mbfcS/bKUvucRgeXqvjMPLYIYxqZhkytKfsJ222mrIY53fy2ShTuPL1HOZjOiDvOygpmvQ73rE4W2ymNCKvnq8gTF3KtkaNk0AwjkHDparOdiaNPMCKJsLVuScTOxijp8YfxldwHNicCDCkIMeqomIEk6LkBkVmmEIU9rGKh5rqhlk8Zsh/3D4dJI8WQlGUKGlaF5pcVQoxix64lWKRucULjBNRxF1VfIjVU5wEIHKRupP1ysyu0gdZU/XvK8aw2KyyqhnoV075d4NFkvorDNSy1b0K/LM1Lc5pVHTe9huPlBw1hK+BqiM4ckmGZ5pEHJdQ3eFvUjuk5TeQHs3pZDTpwmRv0deOH8juMripLRVrp2l4xATRIOGS+8m2ZZcHNY525nWlvrIxTYFbW+VdkY5DJUHHWP1IuIp5u1qlQ//3txIk0nfwXPhw1LnT/VVRjud/rdL+rt1seCOdP9icYleKAbXXIvkB5Z95dC3lyt9YcGdOmOZhI1ZuezniTTecYVYFuURIf9fIgU2Ag5eHHbRgkeWMDjgNxQpNdSEg9VkoRECADKNOdAkpg5TXBgo1nja1CFAFw32R5lRRAL5nTk8VnGijo8pWQgjQ3LxgnwQwgIkZAjChJxrdqilE20kSYdkbjdKaR12AzVJhS5a2vZfMVys9eU0IFHHhR/Q1XbQimDMWMQ9RnjggV3tEdNhAHIo4IF/doRgqAcKVKrAZF32EyOhQmX6Yk4eqJLRogFk18cQj/6IBWxoChXqF1pRJRpmlF66jYihEaLNB3R+8RSpQmCJxQcTgLDACIhcUikIBkZGzAQBADDAAMe6wOs1olAaQDRRzTEBAERIOwGyqxzzAggBhHBDiaBTCHSgERNoqGWp9enRgFQgtqpbLr8wkaK+p/7CaAswLACwGuwKbN4yCptxbR/ANqxnw56GQfFMQCZ8sRG4AghJEAAh+QQFCgABACwBAAEAOgBkAAAG/8CAcEgsGo9I4WjJFDWS0KiUuJRZr9fldMsNVLHg7GLSLRtH4bR1MlkszHC0Ojxqu8lwrnweto9HeVN1bHMTezJudzKAgUlobIR9kWuKVoyNRWh1iRNpbGOfoFiYmVd+nXShd6hZpENYiWN8m4Zpl42sMna5fHO3gaChk72+T7iqosSFbb9mcoO8aodYyJjKdFVMa7tsjdPETOF7u5beyp+G4tSx5XnfkrED6dOn7XG9wp8D4et3moHv+rGaIE8bNUiLmm2pVYhdQlRfDnZSuAVUwHqLrlkyZgadmlMBZ7kzFW3bMI0UpYzjg1BjKzMMQrrslRLKApkzpeVZkDNnTf8oE3GyPEntXsKeJku2uWfQJ0YweMqI4+fy6UupCfm19HQoVrSfSJ4ZhKR0GDk6TPltqgS1DaRVtpxZsiTHahZkRBdx1GOJoRWvLAf80VmmQV2zbKVRRYuVZDC4vhYz7nJokNeSYCRvuyk3VV7Fh1R1Rpp5LLfRpLOEVgT2TE63vFYnWtRYI96LnGSgJpbP7UdOrUvZTvyZbPAhdZP9nm1qqCGpt5fLmnlcSO/pfYDPhE4cM1nqZfzwbL4Ms68uDeymJrxliXZbQolh/Q76qE/0hzFPDbkVS3Wc++FEn3+UgaPOLHb9p0wdTTWUmIK8CaaZX4jkllWBxAwgWFASCaT/WnXnCJaYY28lEw5f51iYGV7zMLFXFBd1paItbonFBBcMjNdWLmdRd2NF2B30mHIuNcHFiH2J95mBEzCwhYjmLdLfa0sBGeV6jr1R0ZJYmnLHFgxwyRuR2bnh5BQFxQfPe2VqKUhEVXHjmyeJtAdnVd39FhWM38DGkkNrsHSmShFFRyeS5wnS1ipz+rfWYAu2B1Wejo6w4ZUEKiqDBAp06qkCJZSgS2lLDEgTF1aEqktuoXoqKl0NRqqpl/6A0WkJEmSl5lUwSvKZBENIcKd8kvraC6eglpfprD2hUUKnue7IynG7EvOsAndZCKGBOL2yKmu1zUEBBXVoSC5XVnRaY091SvRCAQlCAADAAOOGNsmzc7Lb7hzwFgEACfWSCIkEEkAEEHtGAPwMXtHqm8k4aEhBwYrDOFyEYdDoFsXE4LgyhBsIqCSrx6h2TDKKvZyMoUgqF5toy1MgqgXMXbgxFSZBAAAh+QQFCgACACwBAAEAOgBkAAAG/0CBcEgsGo/HhpIya84oDaR0SkU2nNjsM1rtegXacJNCInG/aOJVHC6Xz+nvmq11kyhx9JyetTPheVZPd2wUTE5+TYFUTXZhZIdjbliLSJJukViYhmWGWICVmphidqNZlWqinXRkhGGgeZmtJHy1M6gCDZ2cd5m2Ybgzpau/j2+Vc62+jwBis2XIxVgAAIaQY8pkodJPFNTfkaa3gXusJN/otE7PTovLWs/o1FnsioG1vNYABOBYz4eLaonb10+VOjx5XDlz9ASAOoXrXMHqMmlhxWbSFt0pY5EjN3txwr0TVvHjvXXmRtbKU+7jL4Rpd097OUxvkfmnuMe2oiDvVpjbXUe3sJGw3yIDtv4JahaBFzCGQNxbbwo5s8Mpqws6Y9nuU+AQtejmNG4XWxo3vSCZxLmcJPfWn0dmcev59NAYCNMUDv7aj6VEDSHyc31yiwe3gBEcjSOCb1pEr+Yc91ywT5cM1FdtXBJtXicdfO0YkaRYVMSiZ78Zg2UcvXse/QgbnSDe5mv/c8GTtSv59lwLvzTmRMs6oB2GwsGqKhphWvc7n6Y02ldJmRl3uMTVh8qlroTnl2he0W5UvvereuyEEdihxQQ8eBS/TjfYRuqTssDjokcja/KGUtPe8v1M1SbE/cr4oJG4lDu8yD2uobUMCfGBvDoeprAbQgZuRc5nijPFhYGF7HmOco8TmtwmgTUVFb8fPTKUtItudGSNcdQchsYqxVu68eNxoXU2XhHHOxX8cbg2dAmm6B+CyuJjgANtbSG0mnRqZ69GN7SDdcaVEwvwLytxUI3c7DAMAoK3tk+RGTMlsuv3Hckw89sknh3jAQraks3dCJJHUQwBzabbz/D0d5vPR4gXqtcrErPkj620Pvz/K4fy1GTR278SzB8k1x+XkBOBvCVOnY1vlGxDcTbwkPhU55aZs5khZGs54I/HRs1gUSkZ9/+G3ywmVME07B7FhSc5wghIQ/PMnDktbtWBqg3R0bCPqFCd/HxzFVema+FgHShuS9xcj2ywGf+BzQ5j5RIEN3oLu0ff3brwyklaF8gpX0DU3Aggiv4fwaG7WKGyTn0IpaaYBRLgxMdghIlyNM6pb1U7vw9KWmlfzim721pW5z8lwjVod/BCt5AL0+poo/W7w7gpNpYaPe9qnHUaDmeD4aGk0Mg1RGQ8G6RhscIBGXyXkcedtUDyO2xjlnSwkR+fB9aqld/WxkLfNPFKlfqL/r2CRe1upLf1g1wfVEvuJYcuwHO1R+rBPbjnGzi0ESfGaN0GJoFEwIz0SfH0FFv4jm7uLvYwj8EIyMun81CMZZh42BMCs13CCgmf1Dscn1IY24rmid5FwZ8YscG+nxxxOXNgspPr7PVhHFCAz0E7VFkyopoB+ifVzqcO6AOJbT1JJJqTWBN0mxY4mEBexc0+sLjJ6r03PZSl6fzj/TV6q74k9+nYN/g2xlwtJWri5WcgnowulgBgqyA2Rak32gX6Wbx+Tr7UYHKj4VyDH/7gPqm3K4gai/iGDP6+yfUGeHe71LTayIJek+ysN4+uwRvbD9u2cDbbswScJitSZmVmN1jkHk0iJgIAKVdllXzoDUltCuIL+2EG99981S6MRA87aehxm5mUGdeGv3Oh+LQJUs4zQXXrwYtdw4kknIFfBPiVNyxoKaucS93G/O5rICzIrwm/m3ueoCGyG4jNsR13tPuwphcdecMnYNAvWFVKYTFtnFtX2TIlemPHDTpC7Mgc/VdADFYgG//75ADWqMWfHclfj6TQ12bQV8LRTXG2DV6IgWr1BH2c7jDuiWbGAt2RGF2KcezCsZd4hJd2KTaOHS0YpxgMO0YUPnGhavHK/LNDxQfMDrqOypZip6T9P4CQI2SSutxWRdaJqk8pVAaEifK7riLJtBik+PsweAGs8Kpx85nWg5Jan5ciIAd9LzFDachhyhLAqIEeWcLJmIUzBKxiiqS9FcEYXBk/lRt9IxrPMMvjQaLx8gy1AMpXRl9ONj8x3AKM+i8uARQX7eAGahE1pUnazb8Pyyq84M3G2TUvLBrBiycLVtXvg95kPaOo4L+yLl2ysgWj4Gp/OTnRdFvUvIqrZBlMG+CYtn9klzQhmB5qKkRTGtkA+noFXsW+jfS/l1eOi/q4VIrQ/hV5+LL50ht5zDKxq23tV6m9NRoTdls5rCyokyM4ul3rzTVF9LAhqIcIBMG1/A+upOsJD7Wxw0xxc5S7v1nEt2lWWFZ+sZ6sCLXcHuQu+K46AAf1vLZ3Eh1vbvErZ5N6nb4bk3Rti9bE/OfH6QPgt6l+8ol00bh21n80shCzipSq13GGJaDZfM97EWzdyVsCSevOHlRPHXBkuAYWLiuct64KPUW4Bc+/RSsC17kvvO6WYfKdRmHN+VvYl/SvqM4EDp1P/Euvv9fi52+15j/4jIX9RoDGPBKlb/VEVbkfVbixCcvbTZkuEJ0ZhX5FDhAQmMa0JaQWyypWNNAtXn2tjXLsfqHaURMh6wFbl133VtGWZ6DJg+h+mAYBDLaMdnysnbHhkLn1vlryAsgAKJjdn6vhnPc0mFrzeJzqAn6yu9VV9wU6ZBbwTQWgg9aLI3U12t+4fPigNFf6m040hmewa2JSoH/r5KLLzm9KIGm74XWbftGQk/HnLUTPslGclJYNG7KFBp59dt7mAPe/Z7Es0MUDhuigYG/Jy+zQXHyWxiEwQ4s9X5JdUHdJOcQ/48YVsmGTTKn2semSmYMCVfs2aFpycyYgai31getoa7jJB8BqOeFNHvgMzYnK5GkpYMO/aEXbHhzDR7xTQs7TL13BRO3+nWQtD8zkpykBr2OiBezplRstvj6Jk+HuebtOoj5wxIcnstRUUyubg11dtDJggJp90FcoJ8+PCFxh3BA7hagsEj7PlsELjcPpFDQXmsrmp1OB47a7GFob1LN8Jd4TbWwy142todwtfNgNK2gjUjbPx23bIXdxoOTkZyhvxHtoM1mG7D20K5pjn+f5dvoN9E22Q84chxJRUkRk6Wi8cIgmx3SDUrnSmNCDj34t31264eEYbAJw6F0dzoj4s6XuCaUyIC66Opid5F41k9Y8OSa9+hfwOJ86B9UCyVyvbTP8Hjlb0UI2wzRZKmzEDKh8Y8ZNibrvql05KBrSdwj/N9XBtJGBE8l1nVWwKfzCZaM7KK//PFFLZOoXZZCwVYI+CtnJ6A33awcgLtImC6TcL56xPu50pvvJ1rxPh2i58MTlJKmHRU8ZJZYUG3Z81OotH/r+62VwJtDrnR22i9yefzZ5nqfo3DFe+E8z3m/OlofVJ3H7nMnjsvHogDLEFo7BV+FesBIMoNxIvH16SWfed05ViIIsBWc4YQ6tKTnPowtv94ZjG6fJgR7zwSYB4TfafaWnj0RnQP0t+f3AiUexC5OMebYMvu+/YkfPWtUUqf0cjKYpHtE5VafyU3AolOs/Qz1SeO5/+GtX/j1baoGDwuRoHhtVY1i9znN7FmvHcYT6zqJsUdQ3jxf7Fp3zA+a6Jxy7FtOKfGfsmvbA5JBzEqRCB+W8t/Pfe/IL96/5cmNgFzVrACTi6ZhZLw5fQwvhODr+jY4AVFxSjZ6UjHtrYx8Nkd0+ShXiZzWystHAkXLin0x41mdIAc7rr6Ec2kTtgvr87KLC3TqZsvER4XAWDun/ehl/i9pmt5aFIX1PnRj5sspMGQFG4csfAUebtcjUwMg/9nO/0CTg18ts9PeaXBFK/sERlF08ZkHNZqoNDmNEkxJ17dGuQ2TrI3jiyBjlxh/wJMmnkqvYCMLcNzdVwYjZ2wHbKYXazv11vQ9WjxAxirTKedvkWzzRWfkwxbYxLXUdOqGaaWn6tbXWf2Afwo/hL3qIBSGPs4RvAVSlGpw9XMlmFss1zIH1kW11FotFe+I9rSNDmgzuhreWRN7JR9oOc/v121FMC9zx+rZQPV5kz4SYXZtkC3pPua93VL3//zGJl4g+AtO2/dbPkPmbU14q3+SS3t7qbb/+ggcCzqhI4tNHPaGXmSrjeIrtt13raOwfE91m9Ey85+L/s3+pRbLDEA2loTCRujIwTisHRQq6KnrR6abP7/XYH83rPHHOiTtYkxBncwSOUKUaOiE+PhELLBs7ezVwXC+q/521/CRZn2EISeixaDONl+3UBgf6zg/3jDMm1A2QC4jPTr0ew8AefjYOJ2XMimcUsHWEckJ6cG4lNsi+CEA286dIJ2AqJNRYcMDBVupBcihcn/d6bY9hXrclQmcw2RcoT3Bl0vqkMEVSh7bc/3GzDrdzjK7YPO0mHV92EJM4uAhWJXdobfpVDou5wYXiJOHhas9I/dZpyU3LQC3FNkHNqgmLAfBXD2Ilr+MmWi8M7b5q2Y5d5MmqLp3/L7+/DMOXkwd1H6zS4IRfODer/wVAn/TuKqPWhjKxrGHIhQZE51ammyR+L/pXWUAd8TE+98fLy1Yqnlp9ibKcQ2J0vAhA/ZvyFhUxwv6UFD6+DEuf/RcmZk2RxvS8xTwezcdiMJNWi2o8MyYAH5Qz9EYgyS+XfnzjJAI3gaNLQENFDhV3e9aVzwVFexcvHuApWWFvothk3BGU8va3mWvemMOIg3Jdbv0cAN6IgJNkh96omXtNNVKkiAQQuZsjEX0iYTySNgZyQ99p7wAkibGh130FLjXL5EzSNAuUA63vULkG+U6NR5rBJAvivRZ98Qc5D6mZvte6WwngrgcASM9hnxkJ3infUxL6DWWo0/TXwdjclMrtMNpNw0rsu+JODbxo4zL8iVzo9XFE+/fPovPgh4sDHkF5YkJm/8kCMqpgacaLRy3Zgrk/IlhSv+AnT+G723nQI+Xv1YxEiEb3/s/ieziT+2NJZuGfrs7JoWBvsfbS6woLDAR9j8Ez5dJU69D0WnpGG0oav0zY0AI4CVDq4cN87tY2pIh7uZo2TQs+ePAS8kBEJikDvQRX7DFIT7S2mD+QRgNLvsVSnWyLKLcKSXy3xsLATSzlAJbuxxtgKAyIWBU+inHKkFPBQnpVRJaaNifXnZq65yCJfErhDT96qCx4of8wQN8xddF5WHnK+Mp0Cz41jZHGdEEYU4EN4zhQHGX/V2qCJgSskyPp9Aabe++MhEpjNU9T1Qke1yOhRAa5Du/CBUKZfeAqFqNXhhf/Zd+n673K47u3zvK+yKG6nXaVGK3Y1hS0gpK9fqoo9z7Lm/U/wYQcRaKUb363YLdwZQDvAL5Cdv0vpyDKTtTBo6GGUXyRQd2DoOAF3p4FZ3UZf9YIFzBocu1GE9/m/4ZbWGcV1U+BZK1MYPSCEpb4D619g/wqFSvLx/7Nw+rb+pFP3FenEHJS5TiFw5Ip40yfUgA6n46crDZQ8dbCDg+2c7d0X4w0vGFNhgRQsD3X2oHDNxcOZ1KYWqlGMhJKtD0c8/H21vwsIiVJNzOOYiuQIKBVxjv2OJyGw8Hh25hr2QghD6cBbSQTW0jPsfe08x9Md/xBC5PXJ8ArZxg6X7VoidHSvanIeSN+9GOq05WRMJJaDl1eArdtrsGTNlByT69KlceETCTCm2YcLGfaWnzsHVxxVTlOj5h97r5VY95zeKl1j/KVRRK28xXvmZ54QtoOS8MdXg9zfONTECMLkH4y8Hq+Nlr/oovSHDj51o45poCKBYHb6kV+2hrXrBxqUiUEdNLlhG2wX6ugxQJlFdYCkJgbA9KvoTACUJxlG9TFvoXWLRywySi6gO+O8P3YQfU6U7XbISE5EQ8aP8ss5ONPW/+TXD+jzfjKccZcZ31V6cV3lD/cmmD28fcjtCDWzNRTuGlRakmBhTTrMGGRZmFC+Iz/i+RuUZDKDHJ/0XXmN99lsdUQ54Wi8k2g/Nt4pBVV8YhuNzB7PFe3JZSEsWfaIUb/Wz2fiqOien2VbnA7jbrw3k53W+yGBT7xaPvf8wgZ01LMolkJvZfDUBlM431PfPkGaAqGr4CHEMmGPlnQ1i1cBjhAL3hUynWi5l/HSyny7m9INghfdn9ihi6BI77WQ4KFIgwkIx88l+bQGXUh+KiIOXsSk5Hdo43jWdo6+B02bo50Jeghq+JyRHhOFzqyLYn9Pi0ogkSsCedA9mTO+V8Z2gSD77zBtrXw1I2EjxOU57zCSoInMoyBN0vx6dchgwbSq7Yxsjah+CSleBNJhpbr3/RN/angnzzf0mxh0XPh7GVuhGCRwCfVSnGXfVA92dk1EryFKCx6nEl849NQ3V6dg8HdpejJbEClHLtywUwY/1OAJyOh/tRrdPgJAYYfjEGRcxWeOTLqJKF8LR/Vrx3LsVeusJhY2mXYQpALMr+e9/deTETKhRK4Z5Vccg8eHFhJCXdZ0l44nuEQa0PCCw7B3DxvYGLS9J5atPKpChAwzyxR7wp05i+TZRsmFw3BDTjZHgLSPCUg4pxtP8iuYpq5aHLitck3YsyZvvsQ0JBVp6UprT8R+pNdSOx2TRJ6mFTvpsj0E+dnIfNLzmB/mzX9v+0J5qtZwb2i4G3wJp2d5wLBwK7ePWynMV9HXS8X9gUUyl4m4BR9JZ5OnK6s5ZAKEuLHacKiZt+IDVq1x5viVnolySKcaeDWA6q6ov95ILq0NZGKupnFakppwIQMzv9rzvI4mTeTIT0SsQwRdZmoThye8qipJCXuU0hh8gap9ISoars4Q6U2KukP4iwxT8f0+9dmV7ZHV4U1OtS0zjmHxLQIxdbHax9+U/dqLeuxUEFgaTJtesvmrli0aeyWmtrwMWGYXlpeojxt6SA3cXF2roatE9LIorOQ7uoK7Edlqgl7RC3tWWF4jnQe4ZaPV8c7rotVlcmaFm3YhYw+STnuy2flR8kW09O71e+PuouQhEh87O1fiZVPBZoRTanUttDw+l4WfXYi3m9qEevT5fshEd8pRbe1e/Mu+EQlX1vs/VeFLd6gI5BXmFGhWRsK8lFXE/eBgSAB/FjGV3GHeFL/4S8E0bKaJLKURJocCFKTlyrWmKaWIc6B6Fd8m8iDRiGKzRiRQglSI8eAJMrmUo9frMhai70MqaIXDBhZnI61VHMaRU5e9tNGRRaIHj2tFMnVlo2B1gUBWr5U5Y5TVpEhRrwNkxw0XTTwzZDZWGcMnFWcwxlV3I0kZhWebWYOWVOZEecMI9oG5HL1/PIePHWy502j6QHYV599OKTiomx44UQJUpTgi2N47UnhoTOUoOozoGqnloaOWprqJd+1KkAJlZlKiawGiWFrAIHWct9ClJVQgRDJ+RIjTgDYiuul8n2hKx+2GhQJisUUOwSuTVUoAGf6wLoOE612SxsbPg7hUdCXg9ljp4FeTAXAEdXk2AsZq44RUKdIOGRQJ8/Ce243AhcxICTkfoVKT4TkCR4uuehyzoEIQhwcHxYnRlPGN1bKsafCfpzlSFCIHJNM3hoRBAAh+QQFCgADACwBAAEAOgBkAAAG/8CBcEgsGo/IAW3JpCWf0KixSaVKr9iqdmnqYr/I7bZ7MoHPQrGWfCqjv+pxu+x8Q7ldcZ45p9ftYTRsa3tcbSZNgEd4c4hVJodshX+KaUyQh4R9ZY6JlZZLfZ2ao1aVo5ilcVufkF2pqqtVp5iNsU23hicUipevqxYXsWxudrJaFxcWwcqMnGbGx4Imy8nWFo6pTIDHXczWyZ21J9tvssTf4biN5Wirkl3gzZe2S9Fq2oLyF1SR7WAAcgnqsySYBX0HqfyiBCbfI3YmhOGK86YBmVu1XgnUYs7XFn/SPJ2ZqGdSyI4hU/7DYlKlrDeIWroUA5NGsJnTckEDwyQZzv9Bj3Z+OVFN2MJuGTmiSXctZdJZIyPK01iyiSilPPUlSwhU4SSHprJ+O0hsWCRYrKJKnPfUK7ULIKFmdTUtFDsxBmXaG4kHVSY16Whmpfcs7iN5CbFmwTWOU5yxD0+4I6T3sE9fh/jixNV0WiTNm7ko25MPtDSwEcURZBhFJbG/gtZlMv0OFt01tmjHQX3L32CwkduQHJOH52s/wTemZWkbucJ6KeHcxfPRcfQv44ZTVtlwemg1cDLeuhk6q2HOo4MpVyzFVylv+7ARvwXn8T6JJYXLbQ9M3u62ey22ylS7ecfaE8ecgJhXVt21zIFJHJMMJ/P0JVsnzdRn3zOxXSj/CTZvHSTgbtjAxtgm8IFDwIgM8mGgV8ilI8AVBJATlF/OSfMNSznq8sp5xzCzohQW9eiZKOsdZsEJBVwBnFtJarGMF04a+R2MQkFx1JVySHaFA0B2Y2JkJjRwBQbWRInZVbiVYWYUAqTpWnMYZSYFARU6ZaJewl2hzoX4rMYFPkNGEVFix6kC4ovg8UcanVWoh9YxV5DJGBVTqVnpEgE84OmnngYQACqIVbbfHTQ8EMBAh4ja6adcQHZda8+d98AAqtq0FXf89WNdFZ0aYMABf1K66Y1xBDCAqBiZxKJT/Ly6Kow2LvEmrUgp1EQABjywJnIa1rbRA92u+tRgahzSY8aSwyDy6rnobrEkEd4d1WkA4Opm1RHT2WYCsys9i0sSRGXT2L8Bx1scFIn1VconhiDiwMQUVzxxtRR9IgQBAJxg8ccOrKfxGSKPjAXGjZosRckqr7xKy8zlAjMWDVjkLCBBAAAh+QQFMgAAACwBAAEAOgBkAAAG/0CAcEgsGo9IHO7GZCpxyKh0elw2r1godcsFZLDgsLZLJlrD6Oa43D2n32v21P2Gy6n0uv2e1PubfEdff39xgYSIgWaIhIZyjImKeZBpjmSUjYqUOTV/gZN6NTU5pKNph4iknKKiOW+of6usrXV8oGmytLV3m7Ouu2y3b62sdZZUvb+me2yUy4W8mJHN0tNl1dZt2ISP237HUk2/3mFyVpzkaN03ounlbKq04+ngSBmzvu439UdM+M/pusma504gK4IBy1gxBdAPKT38jIibmKohmHXVBp5SuA0fQkDXtmnceMmbrEohyR1Ul9KbqY83OJJD96pkOphOWuoTQ0bYTv+dOy/aDPqOi099EYcQJcllKUujTotuIUSzWlIhhFqVwlkTap14+SgNRZNrJaaxZPFZ1eYwLKWrsTxCeogWjTyLoVyx/YpXz0NOOeA65PqmbIEuUZnkOrzl6ExWiBMrFqXDa2LAOSJLfrivqWQsXAp8vpJUx2g1XNxGDW1Wcuq+S18TRrolA2BGnMVOvZE7rjTPzlpz223DxoPjyB8ECGADjFxEEa0sb96keBHmk3Vli1Jdj3HlxVfNFooMko0AAB6g0P4NuHkbQiyMR70bE6fix6nr2buJiXUh+j2FhzvnAYjGVQA4xsh3ATJBTR0XYHDBhH7gV9wVGIUR4RASUlhCx3n6IbgIUxx6+AZ2MdmCxgVSXPAhdYoIQccUGAwXY4JWTOFiezeSseN+PdbFU5CaAUNkfW9kcGSRaCi5JH+kBRIEACH5BAUKAAAALAEAAQA6AGQAAAb/QIBwSCwaj0jA6WRpWk7JqHRqdFqvT6p2i+1et2Ckd+wMm4XktOUMVqvZVLcbHpXL6Uf7HU/U2/lDfnJQfIJ/hYZzeImDi4IXKHtwhiiVkCgXY3R+F5eVlmSbdp6fmGlwTHqkkW9shqSZZIRnlKWsY7NhqXqgFqahroK/kmaMemy7xq3FysRtzWq5XNDLYU6x1FjBkNldtE2V3dpmnZfY4tJaq73ZZ0y2w+3MpOJl85/n2elTqabxbp2qTbOQT9W/cdaa2dKkS2GpgvaeKaPnZZ8UaCY8MQSTTBk+L8yomYK4BgyBbNyAbek4UeXAet4Swoz5cuYXiTZv1syZZSdP/5k8I2oJqpMKSy8pjQFNY8mcoaVdOsEjKVDKUSvrDh4aqmaVMYti3NiiWrUOwLHCMuEkAwoSWS+m1iLV2jXTJbBV5Lwds0ouTFIrifr65HPmJwyF67m9kFhxrMY2IcPESwSDYCtbHgrOzC6oFgx0Z1Ie0tmzutBI9268SFDYLUFca5VWNMVJgCIGAujugvYY190IAzXxpLqo2a0BCH6CHUfQbQAGPm6tzShAhQoBijeRTIabbgDJafMzdk64S+ryAKw2WpdguTfhjTfvPuRAube3gwdeL8R+QDLA9WTGVdshYV8a8Tmi3xHFAdLRFA0CIgQTjLEWjYRQgYThFqpt6BAXTR6id16Ix1VEYoYlwREEACH5BAUKAAIALAEAAQA6AGQAAAX/oCCOZGmeKEEAR3sAKirPNOre+EvUfC8QuSBu5yuWgMJki2gsIpXKphNKPTClsmdVecWWCtut96QNc8clcxg9KquTALbgvUa76UI2fhsf78Ved1UOgFh4DoiIUH5qiYpUXixvjlVeh4lUfVJ0j4RQmkaSjWaWf4VNpqdFoqlRm62QTYKwLqA+tFBdPbiuRrO8r7x5qC2ewi22PECUxri6NZKUx8GYxwfUB824ydDWOcGm2kGysOLfoa3Sw0W0j0LcM7+N5i7PM6zhi0a49C7E3jjQAbxhT8bAgFMO+mOncOGthi0SNix4AmJEhhD3WVxlkaIJM/3qPByk7g1HKo5C1VYaidIdHnhkwpQ0yRKKIpc0d21RKbKGPH4vag4khHFoIh/4AB7V2XApD4vFmG6UmpGqQpgleArzOEIrsB44D4L1SgsribADuf6AuuQp22tuD+1R5iJABQMG7uatUEHIzCpqkfANwrdwXxfV1FiFcrdCgGJkbyymYhdvBDpq5/wZoSZzq8KPV/JIuqdxrMml84bOkVkE6VR5x2k8HYbv6osCk1Ss4rgWll8zqBy2EmidQVVSViAMjjyQpBp85PzTJ12okNbVNZ/OHrcX9+5BzH7ffc5LCAAh+QQFCgADACwBAAEAOgBkAAAF/+AgjmRpnugARCybvnB8tnQdyXg+2Hyt/6aesAUsDo+3Yg6JVMZWzKYzFY1OZ1Um4ErKVrkj75crHl/L1nNZwySLNey2E+qF2+HCafbOj/f0VX12R4CBfVJGb3yIPwSKi0NOa3gRlHlKj1lKAmtemGieiaBmP6OaQKakOi1+qTyflq42orGyNEWCtalKua2uiYK2RKiVd8K3xJDHSaXFznu+PATJftFHg5HEpsqz2qCHf83bxperruSv4qncyObn6D7q44TustbD9cvd+frtOP3l/gFMt2RgjS0FDfqToTAeDkcN8TGMokuMPCG5yuiAiLEXGn42PH5MOATcSJIl2dSdEogkWB02IHkMwgaN2RMmNGvaiRnyXks+PIUBRQnwDtGicHJwNGiUpUJKRxVGHZgjjs9lVeFRxaF1q4yKXmHklPoPbEdQAs32UEsvxreujF7QgEC3bt2eKtu6jRAAQg+6A+iyMKmKSpa7xdgShIEGQuDEWRDuBSU41EQ0lCrLcfpmruaAk2U53hEu6GA2cGt8lshZpgYReVXvM/26ROoWfhfmoLPY9tUIuW2KcpjiN2tJuk0YdwEmTG25m5tzTSO9dQ/J1UNny355O3ftvb+DZ+4kBAA7" | base64 -d > crash.gif

debug log

(requires the electric fence malloc debugger library to instrument the memory manager to find the subtle crash: sudo apt-get install electric-fence)

ccmdline ['gifsicle', 'crash.gif'] exited with invalid memory access (SIGSEGV)

-> LD_PRELOAD=/usr/lib/libefence.so gifsicle crash.gif

Reading symbols from gifsicle...

Starting program: gifsicle crash.gif

  Electric Fence 2.2 Copyright (C) 1987-1999 Bruce Perens <[email protected]>
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

  Electric Fence 2.2 Copyright (C) 1987-1999 Bruce Perens <[email protected]>
gifsicle:crash.gif:#7: read error: unknown block type 0 at file offset 11721
gifsicle:crash.gif:#6: read error: image corrupted, code out of range (20 times)
gifsicle:crash.gif:#6: read error: (not reporting more errors)
gifsicle:crash.gif:#6: read error: missing 4005 pixels of image data

ElectricFence Exiting: mmap() failed: 
Program received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
65	../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1  0x00007ffff7dc462f in EF_Printv () from /usr/lib/libefence.so
#2  0x00007ffff7dc4845 in EF_Exitv () from /usr/lib/libefence.so
#3  0x00007ffff7dc48f9 in EF_Exit () from /usr/lib/libefence.so
#4  0x00007ffff7dc4226 in Page_Create () from /usr/lib/libefence.so
#5  0x00007ffff7dc380c in ?? () from /usr/lib/libefence.so
#6  0x00007ffff7dc3fbe in realloc () from /usr/lib/libefence.so
#7  0x000055555555d652 in Gif_Realloc (p=p@entry=0x0, s=s@entry=1, 
    n=<optimized out>, file=file@entry=0x5555555796f0 "giffunc.c", 
    line=line@entry=811) at fmalloc.c:19
#8  0x000055555555eef2 in Gif_CreateUncompressedImage (
    gfi=gfi@entry=0x7ffff7996f80, data_interlaced=0) at giffunc.c:811
#9  0x000055555555fb2f in uncompress_image (gfc=0x7fffffffe040, 
    gfi=0x7ffff7996f80, grr=0x7fffffffe000) at gifread.c:515
#10 0x0000555555560c8d in Gif_FullUncompressImage (gfs=<optimized out>, 
    gfi=gfi@entry=0x7ffff7996f80, h=h@entry=0x0) at gifread.c:555
#11 0x00005555555618da in mark_used_colors (gfs=<optimized out>, 
    gfi=gfi@entry=0x7ffff7996f80, crop=0x0, 
    compress_immediately=compress_immediately@entry=1) at merge.c:81
#12 0x000055555556f1e7 in merge_frame_interval (fset=<optimized out>, 
    f1=<optimized out>, f2=<optimized out>, 
    output_data=0x5555555858a0 <active_output_data>, compress_immediately=1, 
    huge_stream=<optimized out>) at support.c:1550
#13 0x00005555555746f9 in merge_and_write_frames (outfile=0x0, f1=0, f2=-1)
    at gifsicle.c:1015
#14 0x0000555555575adf in output_frames () at gifsicle.c:1107
#15 0x0000555555558f8b in main (argc=<optimized out>, argv=<optimized out>)
    at gifsicle.c:2182

rax            0x7fffffffde48      140737488346696
rbx            0x0                 0
rcx            0x0                 0
rdx            0x0                 0
rsi            0x73                115
rdi            0x0                 0
rbp            0x7fffffffddb6      0x7fffffffddb6
rsp            0x7fffffffdda8      0x7fffffffdda8
r8             0x7ffff7c2c660      140737350125152
r9             0x0                 0
r10            0x7ffff7dc2a50      140737351789136
r11            0x7ffff7bca660      140737349723744
r12            0x7fffffffddb7      140737488346551
r13            0x7ffff7dc4c60      140737351797856
r14            0x7fffffffde20      140737488346656
r15            0x7ffff7dc4bc0      140737351797696
rip            0x7ffff7bca675      0x7ffff7bca675 <__strlen_avx2+21>
eflags         0x10283             [ CF SF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0

=> 0x7ffff7bca675 <__strlen_avx2+21>:	vpcmpeqb (%rdi),%ymm0,%ymm1
   0x7ffff7bca679 <__strlen_avx2+25>:	vpmovmskb %ymm1,%eax
   0x7ffff7bca67d <__strlen_avx2+29>:	test   %eax,%eax
   0x7ffff7bca67f <__strlen_avx2+31>:	
    jne    0x7ffff7bca770 <__strlen_avx2+272>

'exploitable' version 1.32
Linux ubuntu 5.11.0-43-generic #47~20.04.2-Ubuntu SMP Mon Dec 13 11:06:56 UTC 2021 x86_64
Signal si_signo: 11 Signal si_addr: 0
Nearby code:
   0x00007ffff7bca666 <+6>:	mov    rdx,rdi
   0x00007ffff7bca669 <+9>:	vpxor  xmm0,xmm0,xmm0
   0x00007ffff7bca66d <+13>:	and    ecx,0x3f
   0x00007ffff7bca670 <+16>:	cmp    ecx,0x20
   0x00007ffff7bca673 <+19>:	ja     0x7ffff7bca6a0 <__strlen_avx2+64>
=> 0x00007ffff7bca675 <+21>:	vpcmpeqb ymm1,ymm0,YMMWORD PTR [rdi]
   0x00007ffff7bca679 <+25>:	vpmovmskb eax,ymm1
   0x00007ffff7bca67d <+29>:	test   eax,eax
   0x00007ffff7bca67f <+31>:	jne    0x7ffff7bca770 <__strlen_avx2+272>
   0x00007ffff7bca685 <+37>:	add    rdi,0x20

Stack trace:
#  0 __strlen_avx2 at 0x7ffff7bca675 in /usr/lib/x86_64-linux-gnu/libc-2.31.so (BL)
#  1 EF_Printv at 0x7ffff7dc462f in /usr/lib/libefence.so.0.0
#  2 EF_Exitv at 0x7ffff7dc4845 in /usr/lib/libefence.so.0.0
#  3 EF_Exit at 0x7ffff7dc48f9 in /usr/lib/libefence.so.0.0
#  4 Page_Create at 0x7ffff7dc4226 in /usr/lib/libefence.so.0.0
#  5 None at 0x7ffff7dc380c in /usr/lib/libefence.so.0.0
#  6 realloc at 0x7ffff7dc3fbe in /usr/lib/libefence.so.0.0
#  7 Gif_Realloc at 0x55555555d652 in gifsicle
#  8 Gif_CreateUncompressedImage at 0x55555555eef2 in gifsicle
#  9 uncompress_image at 0x55555555fb2f in gifsicle
# 10 Gif_FullUncompressImage at 0x555555560c8d in gifsicle
# 11 mark_used_colors at 0x5555555618da in gifsicle
# 12 merge_frame_interval at 0x55555556f1e7 in gifsicle
# 13 merge_and_write_frames at 0x5555555746f9 in gifsicle
# 14 output_frames at 0x555555575adf in gifsicle
# 15 main at 0x555555558f8b in gifsicle

Faulting frame: #  1 EF_Printv at 0x7ffff7dc462f in /usr/lib/libefence.so.0.0
Description: Access violation
Short description: AccessViolation (21/22)
Hash: c462e0259d99ca6f6f03acfb38e184b9.d3f79409a37e77a7b365fc4abefed96a
Exploitability Classification: UNKNOWN
Explanation: The target crashed due to an access violation but there is not enough additional information available to determine exploitability.

Thanks!

The text was updated successfully, but these errors were encountered:

UB!!! Found while looking at #179.

kohler · 2022-01-24T18:05:41Z

I don't know that this is actually a problem; anyway I'd like to see more explanation. What's happening is that the realloc call is failing, likely because this bogus GIF claims to be ~40000x50000px, and an allocation attempt of that size fails. But Gifsicle is prepared for the allocation to fail.

When I run this gif with sanitizers, no access problems are reported. There was an UB related to integer overflow, but I've fixed that in a commit (and I doubt it was exploitable).

retpoline · 2022-01-24T18:31:11Z

Hmm integer overflow somewhere along the way makes sense.

Regardless, thanks for the fix!

kohler · 2022-01-24T21:08:42Z

To be clear, I believe you will still get a report like the above.

retpoline · 2022-01-24T22:08:17Z

I see. Perhaps a check or warning for a less-than-sane pixel size?

kohler added a commit that referenced this issue Jan 24, 2022

Try to ensure that width * y computations are unsigned.

b89757f

UB!!! Found while looking at #179.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Crash during parsing of malformed GIF #179

Crash during parsing of malformed GIF #179

retpoline commented Jan 6, 2022

kohler commented Jan 24, 2022

retpoline commented Jan 24, 2022

kohler commented Jan 24, 2022

retpoline commented Jan 24, 2022

Crash during parsing of malformed GIF #179

Crash during parsing of malformed GIF #179

Comments

retpoline commented Jan 6, 2022

kohler commented Jan 24, 2022

retpoline commented Jan 24, 2022

kohler commented Jan 24, 2022

retpoline commented Jan 24, 2022