You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, there is an incomplete fix of CVE-2019-6129 in the newest release version of libpng-1.6.39 even though it is reported to be fixed in this issue #269.
To reproduce, run
pngimage poc
Here is the report from ASAN:
==4026201==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1264 byte(s) in 1 object(s) allocated from:
#0 0x4c263f in malloc /dependence/llvm11/llvm-11.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x51eb97 in png_malloc_base /benchmark/libpng-1.6.39/build-a/../pngmem.c:95:17
#2 0x51eb97 in png_malloc_warn /benchmark/libpng-1.6.39/build-a/../pngmem.c:217:23
#3 0x51ee00 in png_create_read_struct_2 /benchmark/libpng-1.6.39/build-a/../pngread.c:45:26
#4 0x51ee00 in png_create_read_struct /benchmark/libpng-1.6.39/build-a/../pngread.c:33:11
Direct leak of 360 byte(s) in 1 object(s) allocated from:
#0 0x4c263f in malloc /dependence/llvm11/llvm-11.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x4ff989 in png_create_info_struct /benchmark/libpng-1.6.39/build-a/../png.c:368:15
Indirect leak of 768 byte(s) in 1 object(s) allocated from:
#0 0x4c263f in malloc /dependence/llvm11/llvm-11.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x51e4c3 in png_malloc_base /benchmark/libpng-1.6.39/build-a/../pngmem.c:95:17
#2 0x51e4c3 in png_malloc /benchmark/libpng-1.6.39/build-a/../pngmem.c:179:10
#3 0x51e4c3 in png_calloc /benchmark/libpng-1.6.39/build-a/../pngmem.c:54:10
#4 0x51f5d0 in png_read_info /benchmark/libpng-1.6.39/build-a/../pngread.c:160:10
Indirect leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x4c263f in malloc /dependence/llvm11/llvm-11.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x51e5ed in png_malloc_base /benchmark/libpng-1.6.39/build-a/../pngmem.c:95:17
#2 0x51e5ed in png_malloc /benchmark/libpng-1.6.39/build-a/../pngmem.c:179:10
#3 0x51f6b6 in png_read_info /benchmark/libpng-1.6.39/build-a/../pngread.c:245:10
SUMMARY: AddressSanitizer: 2648 byte(s) leaked in 4 allocation(s).
pngimage is not a released program; it's only used for testing with a defined list of files that are required to be well formed. Anyway the behavior is correct. The error message is clear enough (I added the emphasis):
incomplete_fix_png_CVE-2019-6129: error(user): original read: file truncated (101 bytes)
The program immediately exits with an error code of 99 on detecting the error:
Hi, there is an incomplete fix of CVE-2019-6129 in the newest release version of libpng-1.6.39 even though it is reported to be fixed in this issue #269.
To reproduce, run
Here is the report from ASAN:
(unzip first)
incomplete_fix_png_CVE-2019-6129.zip
The text was updated successfully, but these errors were encountered: