View Issue Details

IDProjectCategoryView StatusLast Update
0000398filegeneralpublic2014-11-11 17:50
Reporterhanno 
Assigned ToChristos Zoulas 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version5.20 
Target VersionFixed in Version5.21 
Summary0000398: file out-of-bounds memory access
DescriptionThe attached file will cause an out of bounds read memory access in file / libmagick. This will usually not result in a crash. This could cause security issues, however it would require further analysis to identify the exact impact.

The bug can be seen with either address sanitizer enabled or running file through valgrind. Valgrind output:

==25598== Invalid read of size 1
==25598== at 0x4E42FF8: mconvert (softmagic.c:952)
==25598== by 0x4E42FF8: mget (softmagic.c:1704)
==25598== by 0x4E43809: match (softmagic.c:262)
==25598== by 0x4E428B8: mget (softmagic.c:1688)
==25598== by 0x4E43809: match (softmagic.c:262)
==25598== by 0x4E42321: file_softmagic (softmagic.c:79)
==25598== by 0x4E476DF: file_buffer (funcs.c:230)
==25598== by 0x4E3B7B4: file_or_fd (magic.c:474)
==25598== by 0x402089: process (file.c:435)
==25598== by 0x4015BF: main (file.c:343)
==25598== Address 0x56073e0 is 0 bytes after a block of size 176 alloc'd
==25598== at 0x4C2C050: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25598== by 0x4E3D2D6: file_ms_alloc (apprentice.c:498)
==25598== by 0x401E6F: load (file.c:356)
==25598== by 0x401BCA: main (file.c:319)
TagsNo tags attached.

Relationships

Activities

hanno

hanno

2014-11-10 18:38

reporter  

file-oob-read.jpg (24 bytes)
file-oob-read.jpg (24 bytes)
CVS Commit

CVS Commit

2014-11-11 17:48

developer   ~0000785


Module Name: file
Committed By: christos
Date: Tue Nov 11 17:48:23 UTC 2014

Modified Files:
    file/src: softmagic.c

Log Message:
PR/398: Correctly truncate pascal strings (fixes out of bounds read of 1, 2,
or 4 bytes).


Christos Zoulas

Christos Zoulas

2014-11-11 17:50

manager   ~0000786

Fixed, thanks!

Issue History

Date Modified Username Field Change
2014-11-10 18:38 hanno New Issue
2014-11-10 18:38 hanno File Added: file-oob-read.jpg
2014-11-11 17:48 CVS Commit
2014-11-11 17:48 CVS Commit Note Added: 0000785
2014-11-11 17:48 CVS Commit Status new => confirmed
2014-11-11 17:48 CVS Commit Resolution open => fixed
2014-11-11 17:49 Christos Zoulas Assigned To => Christos Zoulas
2014-11-11 17:49 Christos Zoulas Status confirmed => assigned
2014-11-11 17:50 Christos Zoulas Note Added: 0000786
2014-11-11 17:50 Christos Zoulas Status assigned => resolved
2014-11-11 17:50 Christos Zoulas Fixed in Version => 5.21