[Bug 1023071] New: VUL-1: podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp)
http://bugzilla.opensuse.org/show_bug.cgi?id=1023071
Bug ID: 1023071
Summary: VUL-1: podofo: NULL pointer dereference in
PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp)
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@suse.de
Reporter: mikhail.kasimov@gmail.com
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
Ref: http://seclists.org/oss-sec/2017/q1/266
============================================================
Description:
podofo is a C++ library to work with the PDF file format.
A fuzz on it discovered a NULL pointer access. The upstream project denies me
to open a new ticket. So, I’m unable to communicate with them.
The complete ASan output:
# podofopdfinfo $FILE
==9418==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000d8 (pc
0x7f496cb0ab76 bp 0x7ffff028f9d0 sp 0x7ffff028f148 T0)
==9418==The signal is caused by a WRITE memory access.
==9418==Hint: address points to the zero page.
#0 0x7f496cb0ab75 /var/tmp/portage/sys-libs/glibc-2.22-
r4/work/glibc-2.22/string/../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:1989
#1 0x4c063e in __asan_memcpy /tmp/portage/sys-devel/llvm-3.9.0-
r1/work/llvm-3.9.0.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:413
#2 0x7f496dde143c in void std::_Construct(PoDoFo::PdfParser::TXRefEntry*,
PoDoFo::PdfParser::TXRefEntry const&) /usr/lib/gcc/x86_64-pc-linux-
gnu/4.9.3/include/g++-v4/bits/stl_construct.h:83:38
#3 0x7f496dde143c in void
std::__uninitialized_fill_n::__uninit_fill_n(PoDoFo::PdfParser::TXRefEntry*,
unsigned long, PoDoFo::PdfParser::TXRefEntry const&) /usr/lib/gcc/x86_64-pc-
linux-gnu/4.9.3/include/g++-v4/bits/stl_uninitialized.h:202
#4 0x7f496dde143c in void
std::uninitialized_fill_n(PoDoFo::PdfParser::TXRefEntry*, unsigned long,
PoDoFo::PdfParser::TXRefEntry const&) /usr/lib/gcc/x86_64-pc-linux-
gnu/4.9.3/include/g++-v4/bits/stl_uninitialized.h:244
#5 0x7f496dde143c in void
std::__uninitialized_fill_n_a(PoDoFo::PdfParser::TXRefEntry*, unsigned long,
PoDoFo::PdfParser::TXRefEntry const&, std::allocator&) /usr/lib/gcc/x86_64-pc-
linux-gnu/4.9.3/include/g++-v4/bits/stl_uninitialized.h:355
#6 0x7f496dde143c in std::vector
participants (1)
-
bugzilla_noreply@novell.com