subject:"Bug#854441\: Can not reproduce in wheezy, jessie or sid \(CVE\-2017\-6961\) or\?"

Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?

2017-03-21 Thread Ola Lundqvist

Hi

I'm quite sure I do not have as much as 4 GB ram on my machine. It is an
amd64 but I do not think I have more than 4 GB in total. I have to check
that.
Also it aborts with an error much earlier than I expect if it really tries
to allocate that size.

Best regards

// Ola

On 21 March 2017 at 07:02, Dileep Kumar  wrote:

> Hey,
>
> The way you built the binary should not be a problem for reproducing for
> this bug. What is the machine config that you are using to reproduce?? As
> mentioned in the analysis, this input.png will try to allocate 0xff8c
> bytes of memory which should be around 4GB, so try testing it in a machine
> with lower RAM or try limiting the process memory using ulimit or something
> similar. Hope it helps.
>
> Best Regards
>
> On Tue, Mar 21, 2017 at 3:32 AM, Ola Lundqvist  wrote:
>
>> Hi
>>
>> I have tried to reproduce this problem in wheezy, jessie and sid.
>>
>> Wheezy:
>> (wheezy_chroot)root@tigereye:/# apng2gif bugreport.png
>> apng2gif 1.5
>> Reading 'bugreport.png'...
>> Error: can't load 'bugreport.png'
>>
>> Jessie looks the same.
>>
>> Sid looks a little different:
>> (sid_chroot)root@tigereye:/# apng2gif bugreport.png
>> apng2gif 1.7
>> Reading 'bugreport.png'...
>> load_apng() failed: 'bugreport.png'
>>
>> But I can not find an indication of a core dump. Or is it so that I just
>> do not see that due to how the binary is built?
>>
>> Best regards
>>
>> // Ola
>> --
>>  --- Inguza Technology AB --- MSc in Information Technology 
>> /  o...@inguza.comFolkebogatan 26\
>> |  o...@debian.org   654 68 KARLSTAD|
>> |  http://inguza.com/Mobile: +46 (0)70-332 1551
>> <+46%2070%20332%2015%2051> |
>> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>>  ---
>>
>>
>


-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?

2017-03-21 Thread Dileep Kumar

Hey,

The way you built the binary should not be a problem for reproducing for
this bug. What is the machine config that you are using to reproduce?? As
mentioned in the analysis, this input.png will try to allocate 0xff8c
bytes of memory which should be around 4GB, so try testing it in a machine
with lower RAM or try limiting the process memory using ulimit or something
similar. Hope it helps.

Best Regards

On Tue, Mar 21, 2017 at 3:32 AM, Ola Lundqvist  wrote:

> Hi
>
> I have tried to reproduce this problem in wheezy, jessie and sid.
>
> Wheezy:
> (wheezy_chroot)root@tigereye:/# apng2gif bugreport.png
> apng2gif 1.5
> Reading 'bugreport.png'...
> Error: can't load 'bugreport.png'
>
> Jessie looks the same.
>
> Sid looks a little different:
> (sid_chroot)root@tigereye:/# apng2gif bugreport.png
> apng2gif 1.7
> Reading 'bugreport.png'...
> load_apng() failed: 'bugreport.png'
>
> But I can not find an indication of a core dump. Or is it so that I just
> do not see that due to how the binary is built?
>
> Best regards
>
> // Ola
> --
>  --- Inguza Technology AB --- MSc in Information Technology 
> /  o...@inguza.comFolkebogatan 26\
> |  o...@debian.org   654 68 KARLSTAD|
> |  http://inguza.com/Mobile: +46 (0)70-332 1551
> <+46%2070%20332%2015%2051> |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---
>
>

Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?

2017-03-20 Thread Ola Lundqvist

Hi

I have tried to reproduce this problem in wheezy, jessie and sid.

Wheezy:
(wheezy_chroot)root@tigereye:/# apng2gif bugreport.png
apng2gif 1.5
Reading 'bugreport.png'...
Error: can't load 'bugreport.png'

Jessie looks the same.

Sid looks a little different:
(sid_chroot)root@tigereye:/# apng2gif bugreport.png
apng2gif 1.7
Reading 'bugreport.png'...
load_apng() failed: 'bugreport.png'

But I can not find an indication of a core dump. Or is it so that I just do
not see that due to how the binary is built?

Best regards

// Ola
-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---

Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?

Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?

Bug#854441: Can not reproduce in wheezy, jessie or sid (CVE-2017-6961) or?

3 matches

Site Navigation

Mail list logo

Footer information