Skip to content
GitLab
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
    Projects Groups Topics Snippets
  • Register
  • Sign in
  • JPEG XL Reference Software JPEG XL Reference Software
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 65
    • Issues 65
    • List
    • Boards
    • Service Desk
    • Milestones
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • JPEGJPEG
  • JPEG XL Reference SoftwareJPEG XL Reference Software
  • Issues
  • #163
Closed
Open
Issue created Mar 05, 2021 by 5n1p3r0010@5n1p3r0010

[Security]Heap-buffer-overflow issue with djxl decode routine

This is the copy of confidential issue-159,since the matainer said it has been fixed in their 'internal master branch',I make it public it here.

There is a heap buffer overflow issue with jpeg-xl decode routine,this can reproduce on the lattest commit,aka:5175d117.

Steps to reproduce:

The flags and compiler I use was:

mkdir asan

cd asan

cmake .. -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"

make

Or just build without asan was OKAY. Run as: /path/to/djxl /path/to/poc ./t.png

What went wrong:

The djxl build with asan shows follow:

Read 1103 compressed bytes [v0.3.2 | SIMD supported: AVX2,SSE4,Scalar]

==729079==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000004a00 at pc 0x55a7acd8e9ed bp 0x7fff875a8430 sp 0x7fff875a8428

Reporter:

5n1p3r0010 from Topsec Alpha Lab

heap-buffer-overflow1

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking