Package: dcraw Version: 9.27-1+b1 Severity: normal Dear Maintainer,
Running dcraw-9.27 the attached input file raises a crash caused by invalid memory write in kodak_radc_load_raw(). First, below is the GDB log that shows crash from dcraw-9.27 binary downloaded with 'apt-get'. ---------------------------------------------------------------------------------------- jason@debian-amd64-stretch:~/dcraw-crashes$ gdb -q dcraw Reading symbols from dcraw...(no debugging symbols found)...done. (gdb) run ./crash-1_00000009 Starting program: /usr/bin/dcraw ./crash-1_00000009 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". ./crash-1_00000009: Unexpected end of file Program received signal SIGBUS, Bus error. 0x000055555555e677 in ?? () (gdb) x/i $rip => 0x55555555e677: mov %di,0x6f8(%rsp,%rdx,2) (gdb) info reg rsp rdx rsp 0x7fffffffa120 0x7fffffffa120 rdx 0x7fff 32767 ------------------------------------------------------------------------------------- Since the downloaded binary did not have any symbol information, we downloaded its code and compiled it with AddressSanitizer. While AddressSanitizer failed to identify the root cause of the bug, it reported an invalid memory access error in kodak_radc_load_raw(), as below. ------------------------------------------------------------------------------------- ==4934==ERROR: AddressSanitizer: SEGV on unknown address 0x10007fff97ec (pc 0x00000051920b bp 0x7fffffffda90 sp 0x7fffffff9200 T0) #0 0x51920a in kodak_radc_load_raw /home/jason/packages-sanitize/dcraw-9.27/dcraw.c:2240:42 #1 0x5bc6e6 in main /home/jason/packages-sanitize/dcraw-9.27/dcraw.c:10150:10 #2 0x7ffff6a3582f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #3 0x4196c8 in _start (/home/jason/Chatkey/replay_box/dcraw+0x4196c8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/jason/packages-sanitize/dcraw-9.27/dcraw.c:2240:42 in kodak_radc_load_raw ==4934==ABORTING ------------------------------------------------------------------------------------- -- System Information: Debian Release: 9.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE=en_US:en (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dcraw depends on: ii libc6 2.24-11+deb9u3 ii libjpeg62-turbo 1:1.5.1-2 ii liblcms2-2 2.8-4 dcraw recommends no packages. Versions of packages dcraw suggests: pn gphoto2 <none> ii netpbm 2:10.0-15.3+b2 -- debconf information excluded
crash-1_00000009
Description: Binary data