Package: dcraw Version: 9.27-1+b1 Severity: normal Dear Maintainer,
Running 'dcparse' program of 'dcraw-9.27' package with the attached input file raises a crash caused by stack-overflow in parse_mos(). First, below is the GDB log that shows crash from dcparse binary downloaded with 'apt-get'. ---------------------------------------------------------------------------------------- jason@debian-amd64-stretch:~/dcparse-crashes$ ulimit -c unlimited jason@debian-amd64-stretch:~/dcparse-crashes$ dcparse ./crash-0_00025607 > /dev/null Segmentation fault (core dumped) jason@debian-amd64-stretch:~/dcparse-crashes$ gdb -q dcparse core Reading symbols from dcparse...(no debugging symbols found)...done. [New LWP 1372] Core was generated by `dcparse ./crash-0_00025607'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007ffff753389b in __GI__IO_padn (fp=fp@entry=0x7ffff7865600 <_IO_2_1_stdout_>, pad=pad@entry=32, count=count@entry=47362) at iopadn.c:56 56 iopadn.c: No such file or directory. (gdb) where #0 0x00007ffff753389b in __GI__IO_padn (fp=fp@entry=0x7ffff7865600 <_IO_2_1_stdout_>, pad=pad@entry=32, count=count@entry=47362) at iopadn.c:56 #1 0x00007ffff7512e3b in _IO_vfprintf_internal (s=0x7ffff7865600 <_IO_2_1_stdout_>, format=<optimized out>, ap=ap@entry=0x7fffff80af08) at vfprintf.c:1637 #2 0x00007ffff75c1c0f in ___printf_chk (flag=1, format=<optimized out>) at printf_chk.c:35 #3 0x00005555555562f6 in ?? () #4 0x00005555555564a6 in ?? () #5 0x00005555555564a6 in ?? () #6 0x00005555555564a6 in ?? () ------------------------------------------------------------------------------------- Since the downloaded binary did not have any symbol information, we downloaded its code and compiled it with AddressSanitizer. AddressSanitizer reported a stack overflow in parse_mos(), as below. ------------------------------------------------------------------------------------- ================================================================= ==16203==ERROR: AddressSanitizer: stack-overflow on address 0x7fffff7feff8 (pc 0x7ffff6ce4bfa bp 0x62100001cd00 sp 0x7fffff7ff000 T0) #0 0x7ffff6ce4bf9 in _IO_file_write /build/glibc-Cl5G7W/glibc-2.23/libio/fileops.c:1263 #1 0x7ffff6ce6408 in new_do_write /build/glibc-Cl5G7W/glibc-2.23/libio/fileops.c:518 #2 0x7ffff6ce6408 in _IO_do_write /build/glibc-Cl5G7W/glibc-2.23/libio/fileops.c:494 #3 0x7ffff6ce547c in _IO_file_xsputn /build/glibc-Cl5G7W/glibc-2.23/libio/fileops.c:1331 #4 0x7ffff6cdafbd in _IO_padn /build/glibc-Cl5G7W/glibc-2.23/libio/iopadn.c:56 #5 0x7ffff6cbab1b in _IO_vfprintf /build/glibc-Cl5G7W/glibc-2.23/stdio-common/vfprintf.c:1632 #6 0x460f07 in __interceptor_vprintf (/home/jason/Chatkey/replay_box/dcparse+0x460f07) #7 0x460fd7 in printf (/home/jason/Chatkey/replay_box/dcparse+0x460fd7) #8 0x4ef0be in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:670:5 #9 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #10 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #11 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #12 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #13 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #14 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #15 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #16 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #17 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #18 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #19 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 #20 0x4ef377 in parse_mos /home/jason/packages-sanitize/dcraw-9.27/parse.c:690:5 ... ... ... SUMMARY: AddressSanitizer: stack-overflow /build/glibc-Cl5G7W/glibc-2.23/libio/fileops.c:1263 in _IO_file_write ==16203==ABORTING ------------------------------------------------------------------------------------- -- System Information: Debian Release: 9.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE=en_US:en (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dcraw depends on: ii libc6 2.24-11+deb9u3 ii libjpeg62-turbo 1:1.5.1-2 ii liblcms2-2 2.8-4 dcraw recommends no packages. Versions of packages dcraw suggests: pn gphoto2 <none> ii netpbm 2:10.0-15.3+b2 -- debconf information excluded
crash-0_00025607
Description: Binary data