Re: CVE-2019-2201: libjpeg-turbo: code execution

[pgajdos <pgajdos () suse cz>]

On Mon, Nov 11, 2019 at 05:49:45PM +0100, Wolfgang Frisch wrote:
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > (gdb) bt
> > #0  0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > #1  0x0000555555558f7a in memset (__len=18446744071562074395, __ch=127, __dest=<optimized out>) at 
> > /usr/include/bits/string_fortified.h:71
> > #2  decomp (srcBuf=0x0, jpegBuf=0x7fffffffd8e0, jpegSize=0x7fffffffd8e8, dstBuf=<optimized out>, w=26755, h=26755, 
> > subsamp=2, jpegQual=0, 
> >     fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755", tilew=26755, tileh=26755) at 
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:174
> > #3  0x0000555555557103 in decompTest (fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755") at 
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:712
> > #4  main (argc=<optimized out>, argv=<optimized out>) at 
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:1003
>
> We identified that it crashed on writing to a libc.so mapping.

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

Petr