Issue 280 in webp: use of uninitialized memory
12 views
Skip to first unread message
john.regehr@gmail.com via Monorail
Dec 15, 2015, 4:59:49 AM12/15/15
to webp-d...@webmproject.org
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 280 by john.reg...@gmail.com: use of uninitialized memory
https://bugs.chromium.org/p/webp/issues/detail?id=280
What steps will reproduce the problem?
1. run dwebp on this file: http://www.cs.utah.edu/~regehr/4.webp
What is the expected output? What do you see instead?
expect no use of uninitialized memory
next->bits at src/dec/vp8l.c:434 reads uninitialized memory that was just
malloced at line 405
confirm by (1) initializing huffman_tables to known bytes, (2) printing the
value of next->bits at line 434, and (3) running dwebp on the file linked
above.
for example if we initialize huffman_tables to 0xa we get:
Johns-MacBook-Pro:libwebp regehr$ ./examples/dwebp 4.webp
next->bits = 1
next->bits = 1
next->bits = 0
next->bits = 0
next->bits = a
The final 'a' is the one that came from storage that was not being
initialized. change the initializer and the value printed changes too.
What version of the product are you using? On what operating system?
d6dad5d05f735953bbaa41a7e2e936595d8fe277 on x86-64 Ubuntu 14.04
Please provide any additional information below.
easy fix: change that malloc to a calloc
--
You received this message because:
1. The project was configured to send all issue notifications to this
address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 280 by john.reg...@gmail.com: use of uninitialized memory
https://bugs.chromium.org/p/webp/issues/detail?id=280
What steps will reproduce the problem?
1. run dwebp on this file: http://www.cs.utah.edu/~regehr/4.webp
What is the expected output? What do you see instead?
expect no use of uninitialized memory
next->bits at src/dec/vp8l.c:434 reads uninitialized memory that was just
malloced at line 405
confirm by (1) initializing huffman_tables to known bytes, (2) printing the
value of next->bits at line 434, and (3) running dwebp on the file linked
above.
for example if we initialize huffman_tables to 0xa we get:
Johns-MacBook-Pro:libwebp regehr$ ./examples/dwebp 4.webp
next->bits = 1
next->bits = 1
next->bits = 0
next->bits = 0
next->bits = a
The final 'a' is the one that came from storage that was not being
initialized. change the initializer and the value printed changes too.
What version of the product are you using? On what operating system?
d6dad5d05f735953bbaa41a7e2e936595d8fe277 on x86-64 Ubuntu 14.04
Please provide any additional information below.
easy fix: change that malloc to a calloc
--
You received this message because:
1. The project was configured to send all issue notifications to this
address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
pascal.massimino@gmail.com via Monorail
Dec 15, 2015, 8:06:17 AM12/15/15
to webp-d...@webmproject.org
Updates:
Status: Accepted
Owner: pascal.m...@gmail.com
Comment #1 on issue 280 by pascal.m...@gmail.com: use of uninitialized
memory
https://bugs.chromium.org/p/webp/issues/detail?id=280#c1
thanks for the report, i could reproduce it.
The fix will likely be: https://chromium-review.googlesource.com/317793
Status: Accepted
Owner: pascal.m...@gmail.com
Comment #1 on issue 280 by pascal.m...@gmail.com: use of uninitialized
memory
https://bugs.chromium.org/p/webp/issues/detail?id=280#c1
thanks for the report, i could reproduce it.
The fix will likely be: https://chromium-review.googlesource.com/317793
pascal.massimino@gmail.com via Monorail
Feb 1, 2016, 10:48:59 PM2/1/16
to webp-d...@webmproject.org
Updates: Status: Verified Comment #2 on issue 280 by pascal.m...@gmail.com: use of uninitialized memory https://bugs.chromium.org/p/webp/issues/detail?id=280#c2 closing. -- You received this message because: 1. The project was configured to send all issue notifications to this address You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings
Reply all
Reply to author
Forward
0 new messages