View Issue Details

IDProjectCategoryView StatusLast Update
0001445libextractorpluginspublic2009-02-20 11:54
ReporterChristian Grothoff Assigned ToChristian Grothoff  
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionfixed 
Product VersionGit master 
Summary0001445: crash on file generated by fuzzing
Description extract -n -l libextractor_thumbnail:libextractor_mime extractortmp.Q19807
Additional Information Invalid read of size 1
==20372== at 0x4026438: strlen (mc_replace_strmem.c:242)
==20372== by 0x42818CD: g_strdup (in /usr/lib/libglib-2.0.so.0.1800.2)
==20372== by 0x4E3C691: (within /usr/lib/libgdk_pixbuf-2.0.so.0.1400.4)
==20372== by 0x4E3F718: gdk_pixbuf_save_to_buffer (in /usr/lib/libgdk_pixbuf-2.0.so.0.1400.4)
==20372== by 0x4042D88: libextractor_thumbnailgtk_extract (thumbnailextractor.c:151)
==20372== by 0x4042E3F: libextractor_thumbnail_extract (thumbnailextractor.c:175)
==20372== by 0x402D453: getKeywords (extractor.c:1276)
==20372== by 0x402D5F9: EXTRACTOR_getKeywords (extractor.c:1343)
==20372== by 0x804A563: main (extract.c:666)
==20372== Address 0x9 is not stack'd, malloc'd or (recently) free'd
==20372==
==20372== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==20372== Access not within mapped region at address 0x9
==20372== at 0x4026438: strlen (mc_replace_strmem.c:242)
==20372== by 0x42818CD: g_strdup (in /usr/lib/libglib-2.0.so.0.1800.2)
==20372== by 0x4E3C691: (within /usr/lib/libgdk_pixbuf-2.0.so.0.1400.4)
==20372== by 0x4E3F718: gdk_pixbuf_save_to_buffer (in /usr/lib/libgdk_pixbuf-2.0.so.0.1400.4)
==20372== by 0x4042D88: libextractor_thumbnailgtk_extract (thumbnailextractor.c:151)
==20372== by 0x4042E3F: libextractor_thumbnail_extract (thumbnailextractor.c:175)
==20372== by 0x402D453: getKeywords (extractor.c:1276)
==20372== by 0x402D5F9: EXTRACTOR_getKeywords (extractor.c:1343)
==20372== by 0x804A563: main (extract.c:666)
TagsNo tags attached.
Attached Files
extractortmp.Q19807 (82,098 bytes)   
extractortmp.Q19807 (82,098 bytes)   

Activities

NDurner

2009-02-10 13:19

reporter   ~0003794

Last edited: 2009-02-10 13:23

Can't reproduce with GTK & GDK 2.12.1 and LE 0.5.18

NDurner

2009-02-10 14:40

reporter   ~0003795

OK, it's reproducible with 0.5.21

Christian Grothoff

2009-02-10 22:41

manager   ~0003801

With valgrind:

==29720== Invalid read of size 1
==29720== at 0x4026438: strlen (mc_replace_strmem.c:242)
==29720== by 0x4289A02: g_strdup (gstrfuncs.c:91)
==29720== by 0x4EE91E3: collect_save_options (gdk-pixbuf-io.c:1632)
==29720== by 0x4EE9E43: gdk_pixbuf_save_to_buffer (gdk-pixbuf-io.c:2217)
==29720== by 0x4042D88: libextractor_thumbnailgtk_extract (thumbnailextractor.c:151)
==29720== by 0x4042E3F: libextractor_thumbnail_extract (thumbnailextractor.c:175)
==29720== by 0x402D453: getKeywords (extractor.c:1270)
==29720== by 0x402D628: EXTRACTOR_getKeywords (extractor.c:1337)
==29720== by 0x804A563: main (extract.c:666)
==29720== Address 0x9 is not stack'd, malloc'd or (recently) free'd
==29720==
==29720== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==29720== Access not within mapped region at address 0x9
==29720== at 0x4026438: strlen (mc_replace_strmem.c:242)
==29720== by 0x4289A02: g_strdup (gstrfuncs.c:91)
==29720== by 0x4EE91E3: collect_save_options (gdk-pixbuf-io.c:1632)
==29720== by 0x4EE9E43: gdk_pixbuf_save_to_buffer (gdk-pixbuf-io.c:2217)
==29720== by 0x4042D88: libextractor_thumbnailgtk_extract (thumbnailextractor.c:151)
==29720== by 0x4042E3F: libextractor_thumbnail_extract (thumbnailextractor.c:175)
==29720== by 0x402D453: getKeywords (extractor.c:1270)
==29720== by 0x402D628: EXTRACTOR_getKeywords (extractor.c:1337)
==29720== by 0x804A563: main (extract.c:666)
=

Christian Grothoff

2009-02-10 22:44

manager   ~0003802

Compression needs the argument as a string, not as an int (bug in LE). Fixed in SVN 8216.

Issue History

Date Modified Username Field Change
2009-02-02 08:47 Christian Grothoff New Issue
2009-02-02 08:47 Christian Grothoff File Added: extractortmp.Q19807
2009-02-10 13:19 NDurner Note Added: 0003794
2009-02-10 13:23 NDurner Note Edited: 0003794
2009-02-10 14:40 NDurner Note Added: 0003795
2009-02-10 22:41 Christian Grothoff Note Added: 0003801
2009-02-10 22:44 Christian Grothoff Status new => assigned
2009-02-10 22:44 Christian Grothoff Assigned To => Christian Grothoff
2009-02-10 22:44 Christian Grothoff Status assigned => resolved
2009-02-10 22:44 Christian Grothoff Resolution open => fixed
2009-02-10 22:44 Christian Grothoff Note Added: 0003802
2009-02-20 11:54 Christian Grothoff Status resolved => closed