2018-12-13 07:58 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0005494libextractorextractpublic2018-12-04 09:16
ReporterJin 
Assigned To 
PriorityhighSeveritycrashReproducibilityalways
StatusnewResolutionopen 
PlatformLinuxOSUbuntuOS Version16.04 x64
Product Version1.8 
Target VersionFixed in Version 
Summary0005494: Null Pointer Dereference in function process_metadata
DescriptionDescription:
Function process_metadata() in ole2_extractor.c has a null pointer dereference
bug while extracting a malformed file.

Details with asan output is as below:

** (process:5022): WARNING **: error: Invalid byte sequence in conversion input
AddressSanitizer:DEADLYSIGNAL
=================================================================
==5022==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fcd10b84746 bp 0x7ffc08e0bee0 sp 0x7ffc08e0b668 T0)
==5022==The signal is caused by a READ memory access.
==5022==Hint: address points to the zero page.
    #0 0x7fcd10b84745 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b745)
    #1 0x44369f in __strdup /src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:459
    #2 0x7fcd0cdf7d7c in process_metadata /src/libextractor/src/plugins/ole2_extractor.c:216:18
    #3 0x7fcd0c9b0459 in gsf_doc_meta_data_foreach (/usr/lib/x86_64-linux-gnu/libgsf-1.so.114+0x13459)
    #4 0x7fcd0cdf6b0d in process /src/libextractor/src/plugins/ole2_extractor.c:310:7
    #5 0x7fcd0cdf59c8 in EXTRACTOR_ole2_extract_method /src/libextractor/src/plugins/ole2_extractor.c:967:8
    #6 0x7fcd11a2e475 in handle_start_message /src/libextractor/src/main/extractor_plugin_main.c:481:3
    #7 0x7fcd11a2db38 in process_requests /src/libextractor/src/main/extractor_plugin_main.c:532:13
    #8 0x7fcd11a2d753 in EXTRACTOR_plugin_main_ /src/libextractor/src/main/extractor_plugin_main.c:633:3
    #9 0x7fcd11a28c18 in EXTRACTOR_IPC_channel_create_ /src/libextractor/src/main/extractor_ipc_gnu.c:355:7
    #10 0x7fcd11a2fce6 in EXTRACTOR_extract /src/libextractor/src/main/extractor.c:658:17
    #11 0x52aaf4 in main /src/libextractor/src/main/extract.c:983:2
    #12 0x7fcd10b1982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x41acf8 in _start (/usr/local/bin/extract+0x41acf8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x8b745) in strlen
==5022==ABORTING

credit:ADLab of Venustech
Steps To Reproduceextract ole2-crash-ole2_extractor.c_216
TagsNo tags attached.
Attached Files

-Relationships Relation Graph ] Dependency Graph ]
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2018-12-04 09:16 Jin New Issue
2018-12-04 09:16 Jin File Added: ole2-crash-ole2_extractor.c_216
+Issue History