Your message dated Mon, 03 Mar 2025 23:06:14 +0000
with message-id <[email protected]>
and subject line Bug#1087911: fixed in dcraw 9.28-8
has caused the Debian Bug report #1087911,
regarding Memory leaks in dcraw
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1087911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087911
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dcraw
Version: 9.28-7
Found a memory leak in the latest version of dcraw.
Here is a transcript:
osboxes@osboxes:~/Desktop$ dcraw -g 2.2 1.0 -b 1.2 -j leak
fseek(0x5a1841ba9430, -2145648639,0): Invalid argument
osboxes@osboxes:~/Desktop$
For reference:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=memory+leak
Impact:
Memory leaks can create vulnerabilities. Attackers might exploit them
to degrade service (denial of service attacks) or infer information
about memory layouts, aiding other exploits.
These also affect the previous versions too.
Tested machine and version:
osboxes@osboxes:~/Desktop$ uname -a
Linux osboxes 6.8.0-49-generic #49-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 4
02:06:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
osboxes@osboxes:~/Desktop$ cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.1 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.com/";
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/";
PRIVACY_POLICY_URL="
https://www.ubuntu.com/legal/terms-and-policies/privacy-policy";
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
osboxes@osboxes:~/Desktop$ sudo dpkg -l | grep -i dcraw
ii dcraw 9.28-7 amd64 decode raw digital camera images
osboxes@osboxes:~/Desktop$
How to reproduce:
Use the file attached with dcraw
dcraw -g 2.2 1.0 -b 1.2 -j leak
Reproducing using msan and afl:
Compiling using AFL and memory santizier
~/Desktop/AFL/AFLplusplus/afl-clang-lto -fsanitize=memory,undefined -o
dcraw -O4 dcraw.c -lm -DNODEPS
Fuzzing :
/home/fuzzing-android/Desktop/AFL/AFLplusplus/afl-fuzz -m none -i in/
-o out/ -S slave3 -- ./dcraw -g 2.2 1.0 -b 1.2 -j @@
Reproducing:
fuzzing-android@fuzzingandroid:~/Desktop/dcraw_latest/dcraw_9.28.orig$
./dcraw
out/master/crashes.2024-11-20-05\:00\:07/id\:000034\,sig\:06\,src\:000466\,time\:3816438\,execs\:137174\,op\:havoc\,rep\:17
dcraw.c:315:17: runtime error: left shift of 255 by 24 places cannot
be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior dcraw.c:315:17 in
dcraw.c:313:49: runtime error: left shift of 128 by 24 places cannot
be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior dcraw.c:313:49 in
Uninitialized bytes in __interceptor_strncmp at offset 0 inside
[0x7ffcff567c80, 1)
==334245==WARNING: MemorySanitizer: use-of-uninitialized-value
==334245==WARNING: external symbolizer didn't start up correctly!
fuzzing-android@fuzzingandroid:~/Desktop/dcraw_latest/dcraw_9.28.orig$
The compiled program and crashes are uploaded in tar file:
dcraw.tar
<https://drive.google.com/file/d/1KYsHpkPv6CUfnwxapPzxO4g3Gy8Eih_y/view?usp=drive_web>
leak
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: dcraw
Source-Version: 9.28-8
Done: Filip Hroch <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcraw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Filip Hroch <[email protected]> (supplier of updated dcraw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 03 Mar 2025 23:01:29 +0100
Source: dcraw
Architecture: source
Version: 9.28-8
Distribution: unstable
Urgency: low
Maintainer: Debian Astronomy Team
<[email protected]>
Changed-By: Filip Hroch <[email protected]>
Closes: 1087911
Changes:
dcraw (9.28-8) unstable; urgency=low
.
* Bugfix related to unsigned int (Closes: #1087911)
* Updated to the latest policy, copyright, and removed lintian for Optio.
Checksums-Sha1:
3308ecdf0d3cd47fe62368698779094ac3edbec9 2009 dcraw_9.28-8.dsc
24fd340f58ebdf93a11306f7ebb0e2b987283161 6867696 dcraw_9.28-8.debian.tar.xz
a2e56d01d322dd9c2c07d5beda790b7aeb8b28c0 6180 dcraw_9.28-8_source.buildinfo
Checksums-Sha256:
f4fdc794a12ab7e960341b45c92bab94448a927ddd9f79b9ec03bcccabd28ff6 2009
dcraw_9.28-8.dsc
68f648807e970af43301097c45abab2d7a73ee2c0b6a7eb33edba9be728b9aef 6867696
dcraw_9.28-8.debian.tar.xz
1c06679dce39cb9031e2d32dad8f1573d7f6be09be0e39e47466a36cbcacf0e9 6180
dcraw_9.28-8_source.buildinfo
Files:
08b9faab3099d9ed7433dda5d21be6f8 2009 graphics optional dcraw_9.28-8.dsc
6ac2322472b5276837b52626a8ab7faf 6867696 graphics optional
dcraw_9.28-8.debian.tar.xz
e1c81f210937a61992de081c6a70a1d8 6180 graphics optional
dcraw_9.28-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEEUDKf13MuKrCBYUNfHmJd9kly/5oFAmfGLSkWHGhyb2NoQHBo
eXNpY3MubXVuaS5jegAKCRAeYl32SXL/mgY8D/9ar9h5rtqKMw0rqymsXBWsD+t+
B21CCm25CZ2fq20IgggHHoAoGkb/kr7qxb3DM9FHs5OzT6L1IUbZoaWzRHpZDNSf
+aPkPYZ5B3eWvJ7uO3GKvYHtOKmJWXT7Qg5aI40qHyfqxieH5SuqdFiZ8KNCt1Dc
joybYfuutgeX8WEYMnzqoXRbJLYKYzGt6tk3ynkyphcFqLqRbnLVfZE5wLuj+Wxn
DXLRY03cxyP+lFJIFcFrPISRPVGNLm/hIGLr4r268NAe/KYIy/lRGrUxOV+LNyzx
D6iv1cA5BkXTkC0ZypvsIyi3E4JmXV7WhODJq3s0rZ4yByOHmRYY/Tek2yqEJLma
1LjNzrTPgkHrQ6UJ2QM/heFTzjGso2AWQZdSE+stf4fIRVykFd6oZsdMHv/5ETWp
WI9k6QOSYv4QwdMEiNFnD7jf4p5KO11D6xFq+X8tuZiAbBPs5hcad1/hN09oj9nG
PUHOtrwtKUMJIrNsiZ5tbdLidGHxqqjKRGETBe2ylwm7WPixDU1gMbwoxmsr/XVh
9zAaDlxE6zAmA5ZIiFM6SM+c7ucxt1SZzc7uCunOvO2++j7dabi0DvqiyP+/QkaQ
0wdH/J54VvtCyMPWa2M29/n3eISa2Q67T89+1BdymyUvdYDhN72chd4SnrnWGObC
SDzRiSIhp+JywlY0sQ==
=a720
-----END PGP SIGNATURE-----
pgpb1AaBlhkxl.pgp
Description: PGP signature
--- End Message ---
