View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005494 | libextractor | extract | public | 2018-12-04 09:16 | 2019-02-14 10:30 |
| Reporter | Jin | Assigned To | Christian Grothoff | ||
| Priority | high | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Linux | OS | Ubuntu | OS Version | 16.04 x64 |
| Product Version | 1.8 | ||||
| Target Version | 1.9 | Fixed in Version | 1.9 | ||
| Summary | 0005494: Null Pointer Dereference in function process_metadata | ||||
| Description | Description: Function process_metadata() in ole2_extractor.c has a null pointer dereference bug while extracting a malformed file. Details with asan output is as below: ** (process:5022): WARNING **: error: Invalid byte sequence in conversion input AddressSanitizer:DEADLYSIGNAL ================================================================= ==5022==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fcd10b84746 bp 0x7ffc08e0bee0 sp 0x7ffc08e0b668 T0) ==5022==The signal is caused by a READ memory access. ==5022==Hint: address points to the zero page. #0 0x7fcd10b84745 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b745) #1 0x44369f in __strdup /src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:459 #2 0x7fcd0cdf7d7c in process_metadata /src/libextractor/src/plugins/ole2_extractor.c:216:18 #3 0x7fcd0c9b0459 in gsf_doc_meta_data_foreach (/usr/lib/x86_64-linux-gnu/libgsf-1.so.114+0x13459) #4 0x7fcd0cdf6b0d in process /src/libextractor/src/plugins/ole2_extractor.c:310:7 #5 0x7fcd0cdf59c8 in EXTRACTOR_ole2_extract_method /src/libextractor/src/plugins/ole2_extractor.c:967:8 #6 0x7fcd11a2e475 in handle_start_message /src/libextractor/src/main/extractor_plugin_main.c:481:3 #7 0x7fcd11a2db38 in process_requests /src/libextractor/src/main/extractor_plugin_main.c:532:13 #8 0x7fcd11a2d753 in EXTRACTOR_plugin_main_ /src/libextractor/src/main/extractor_plugin_main.c:633:3 #9 0x7fcd11a28c18 in EXTRACTOR_IPC_channel_create_ /src/libextractor/src/main/extractor_ipc_gnu.c:355:7 #10 0x7fcd11a2fce6 in EXTRACTOR_extract /src/libextractor/src/main/extractor.c:658:17 #11 0x52aaf4 in main /src/libextractor/src/main/extract.c:983:2 #12 0x7fcd10b1982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #13 0x41acf8 in _start (/usr/local/bin/extract+0x41acf8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x8b745) in strlen ==5022==ABORTING credit:ADLab of Venustech | ||||
| Steps To Reproduce | extract ole2-crash-ole2_extractor.c_216 | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-12-04 09:16 | Jin | New Issue | |
| 2018-12-04 09:16 | Jin | File Added: ole2-crash-ole2_extractor.c_216 | |
| 2018-12-20 21:40 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2018-12-20 21:40 | Christian Grothoff | Status | new => assigned |
| 2018-12-20 23:02 | Christian Grothoff | Note Added: 0013430 | |
| 2018-12-20 23:02 | Christian Grothoff | Status | assigned => resolved |
| 2018-12-20 23:02 | Christian Grothoff | Resolution | open => fixed |
| 2018-12-20 23:02 | Christian Grothoff | Fixed in Version | => 1.9 |
| 2018-12-20 23:02 | Christian Grothoff | Target Version | => 1.9 |
| 2019-02-14 10:30 | Christian Grothoff | Status | resolved => closed |
