Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?
Hi I'm quite sure I do not have as much as 4 GB ram on my machine. It is an amd64 but I do not think I have more than 4 GB in total. I have to check that. Also it aborts with an error much earlier than I expect if it really tries to allocate that size. Best regards // Ola On 21 March 2017 at 07:02, Dileep Kumarwrote: > Hey, > > The way you built the binary should not be a problem for reproducing for > this bug. What is the machine config that you are using to reproduce?? As > mentioned in the analysis, this input.png will try to allocate 0xff8c > bytes of memory which should be around 4GB, so try testing it in a machine > with lower RAM or try limiting the process memory using ulimit or something > similar. Hope it helps. > > Best Regards > > On Tue, Mar 21, 2017 at 3:32 AM, Ola Lundqvist wrote: > >> Hi >> >> I have tried to reproduce this problem in wheezy, jessie and sid. >> >> Wheezy: >> (wheezy_chroot)root@tigereye:/# apng2gif bugreport.png >> apng2gif 1.5 >> Reading 'bugreport.png'... >> Error: can't load 'bugreport.png' >> >> Jessie looks the same. >> >> Sid looks a little different: >> (sid_chroot)root@tigereye:/# apng2gif bugreport.png >> apng2gif 1.7 >> Reading 'bugreport.png'... >> load_apng() failed: 'bugreport.png' >> >> But I can not find an indication of a core dump. Or is it so that I just >> do not see that due to how the binary is built? >> >> Best regards >> >> // Ola >> -- >> --- Inguza Technology AB --- MSc in Information Technology >> / o...@inguza.comFolkebogatan 26\ >> | o...@debian.org 654 68 KARLSTAD| >> | http://inguza.com/Mobile: +46 (0)70-332 1551 >> <+46%2070%20332%2015%2051> | >> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / >> --- >> >> > -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?
Hey, The way you built the binary should not be a problem for reproducing for this bug. What is the machine config that you are using to reproduce?? As mentioned in the analysis, this input.png will try to allocate 0xff8c bytes of memory which should be around 4GB, so try testing it in a machine with lower RAM or try limiting the process memory using ulimit or something similar. Hope it helps. Best Regards On Tue, Mar 21, 2017 at 3:32 AM, Ola Lundqvistwrote: > Hi > > I have tried to reproduce this problem in wheezy, jessie and sid. > > Wheezy: > (wheezy_chroot)root@tigereye:/# apng2gif bugreport.png > apng2gif 1.5 > Reading 'bugreport.png'... > Error: can't load 'bugreport.png' > > Jessie looks the same. > > Sid looks a little different: > (sid_chroot)root@tigereye:/# apng2gif bugreport.png > apng2gif 1.7 > Reading 'bugreport.png'... > load_apng() failed: 'bugreport.png' > > But I can not find an indication of a core dump. Or is it so that I just > do not see that due to how the binary is built? > > Best regards > > // Ola > -- > --- Inguza Technology AB --- MSc in Information Technology > / o...@inguza.comFolkebogatan 26\ > | o...@debian.org 654 68 KARLSTAD| > | http://inguza.com/Mobile: +46 (0)70-332 1551 > <+46%2070%20332%2015%2051> | > \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / > --- > >
Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?
Hi I have tried to reproduce this problem in wheezy, jessie and sid. Wheezy: (wheezy_chroot)root@tigereye:/# apng2gif bugreport.png apng2gif 1.5 Reading 'bugreport.png'... Error: can't load 'bugreport.png' Jessie looks the same. Sid looks a little different: (sid_chroot)root@tigereye:/# apng2gif bugreport.png apng2gif 1.7 Reading 'bugreport.png'... load_apng() failed: 'bugreport.png' But I can not find an indication of a core dump. Or is it so that I just do not see that due to how the binary is built? Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---