VULNERABILITY DETAILS

Vulnerability : Memcpy-param-overlap

VERSION
Pdfium - git version from https://pdfium.googlesource.com/pdfium/ (today)
Compiled : GYP_DEFINES='asan=1 symbol_level=1' gclient runhooks ; ninja -C out/Debug
Operating System: Ubuntu 14.04 LTS x64

REPRODUCTION CASE
./pdf_codec_gif_fuzzer pdf_gif-memcpy-param-overlap:-1.gif

ASAN LOG (symbolized):

=================================================================
==10106==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x62100001b900,0x62100001c557) and [0x62100001bca9, 0x62100001c900) overlap
    #0 0x499403 in __asan_memcpy ??:?
    #1 0x5e6069 in GifReadMoreData /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcodec/codec/fx_codec_progress.cpp:579:7
    #2 0x5fa5ed in GetFrames /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcodec/codec/fx_codec_progress.cpp:1810:16
    #3 0x4de258 in Fuzz /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/xfa_codec_fuzzer.h:30:9
    #4 0x4ddf46 in LLVMFuzzerTestOneInput /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/pdf_codec_gif_fuzzer.cc:8:10
    #5 0x4e5f12 in main /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/unittest_main.cc:39:5
    #6 0x7f939ca58f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0
    #7 0x41bcde in _start ??:?

0x62100001b900 is located 0 bytes inside of 4096-byte region [0x62100001b900,0x62100001c900)
allocated by thread T0 here:
    #0 0x4b0511 in calloc ??:?
    #1 0x4f453f in FX_AllocOrDie /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcrt/include/fx_memory.h:39:22
    #2 0x5f2005 in DetectImageType /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcodec/codec/fx_codec_progress.cpp:1008:15
    #3 0x5f6bfb in LoadImageInfo /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcodec/codec/fx_codec_progress.cpp:1282:7
    #4 0x4de179 in Fuzz /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/xfa_codec_fuzzer.h:22:29
    #5 0x4ddf46 in LLVMFuzzerTestOneInput /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/pdf_codec_gif_fuzzer.cc:8:10
    #6 0x4e5f12 in main /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/unittest_main.cc:39:5
    #7 0x7f939ca58f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0

0x62100001bca9 is located 937 bytes inside of 4096-byte region [0x62100001b900,0x62100001c900)
allocated by thread T0 here:
    #0 0x4b0511 in calloc ??:?
    #1 0x4f453f in FX_AllocOrDie /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcrt/include/fx_memory.h:39:22
    #2 0x5f2005 in DetectImageType /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcodec/codec/fx_codec_progress.cpp:1008:15
    #3 0x5f6bfb in LoadImageInfo /home/mtowalski/git_pdfium/pdfium/out/Debug/../../core/fxcodec/codec/fx_codec_progress.cpp:1282:7
    #4 0x4de179 in Fuzz /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/xfa_codec_fuzzer.h:22:29
    #5 0x4ddf46 in LLVMFuzzerTestOneInput /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/pdf_codec_gif_fuzzer.cc:8:10
    #6 0x4e5f12 in main /home/mtowalski/git_pdfium/pdfium/out/Debug/../../testing/libfuzzer/unittest_main.cc:39:5
    #7 0x7f939ca58f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0

SUMMARY: AddressSanitizer: memcpy-param-overlap (/home/mtowalski/git_pdfium/pdfium/out/Debug/pdf_codec_gif_fuzzer+0x499403)
==10106==ABORTING
 

Deleted: pdf_gif-memcpy-param-overlap:-1.gif 7.2 KB

	pdf_gif-memcpy-param-overlap:-1.gif 7.2 KB View Download