View Issue Details

IDProjectCategoryView StatusLast Update
0005494libextractorextractpublic2019-02-14 10:30
ReporterJinAssigned ToChristian Grothoff 
PriorityhighSeveritycrashReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSUbuntuOS Version16.04 x64
Product Version1.8 
Target Version1.9Fixed in Version1.9 
Summary0005494: Null Pointer Dereference in function process_metadata
DescriptionDescription:
Function process_metadata() in ole2_extractor.c has a null pointer dereference
bug while extracting a malformed file.

Details with asan output is as below:

** (process:5022): WARNING **: error: Invalid byte sequence in conversion input
AddressSanitizer:DEADLYSIGNAL
=================================================================
==5022==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fcd10b84746 bp 0x7ffc08e0bee0 sp 0x7ffc08e0b668 T0)
==5022==The signal is caused by a READ memory access.
==5022==Hint: address points to the zero page.
    #0 0x7fcd10b84745 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b745)
    #1 0x44369f in __strdup /src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:459
    #2 0x7fcd0cdf7d7c in process_metadata /src/libextractor/src/plugins/ole2_extractor.c:216:18
    #3 0x7fcd0c9b0459 in gsf_doc_meta_data_foreach (/usr/lib/x86_64-linux-gnu/libgsf-1.so.114+0x13459)
    #4 0x7fcd0cdf6b0d in process /src/libextractor/src/plugins/ole2_extractor.c:310:7
    #5 0x7fcd0cdf59c8 in EXTRACTOR_ole2_extract_method /src/libextractor/src/plugins/ole2_extractor.c:967:8
    #6 0x7fcd11a2e475 in handle_start_message /src/libextractor/src/main/extractor_plugin_main.c:481:3
    #7 0x7fcd11a2db38 in process_requests /src/libextractor/src/main/extractor_plugin_main.c:532:13
    #8 0x7fcd11a2d753 in EXTRACTOR_plugin_main_ /src/libextractor/src/main/extractor_plugin_main.c:633:3
    #9 0x7fcd11a28c18 in EXTRACTOR_IPC_channel_create_ /src/libextractor/src/main/extractor_ipc_gnu.c:355:7
    #10 0x7fcd11a2fce6 in EXTRACTOR_extract /src/libextractor/src/main/extractor.c:658:17
    #11 0x52aaf4 in main /src/libextractor/src/main/extract.c:983:2
    #12 0x7fcd10b1982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x41acf8 in _start (/usr/local/bin/extract+0x41acf8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x8b745) in strlen
==5022==ABORTING

credit:ADLab of Venustech
Steps To Reproduceextract ole2-crash-ole2_extractor.c_216
TagsNo tags attached.

Activities

Jin

2018-12-04 09:16

reporter  

ole2-crash-ole2_extractor.c_216 (8,192 bytes)

Christian Grothoff

2018-12-20 23:02

manager   ~0013430

Thanks for reporting, fixed in fc79fba..489c4a5

Issue History

Date Modified Username Field Change
2018-12-04 09:16 Jin New Issue
2018-12-04 09:16 Jin File Added: ole2-crash-ole2_extractor.c_216
2018-12-20 21:40 Christian Grothoff Assigned To => Christian Grothoff
2018-12-20 21:40 Christian Grothoff Status new => assigned
2018-12-20 23:02 Christian Grothoff Note Added: 0013430
2018-12-20 23:02 Christian Grothoff Status assigned => resolved
2018-12-20 23:02 Christian Grothoff Resolution open => fixed
2018-12-20 23:02 Christian Grothoff Fixed in Version => 1.9
2018-12-20 23:02 Christian Grothoff Target Version => 1.9
2019-02-14 10:30 Christian Grothoff Status resolved => closed