Exiv2

31 Oct 2016

12:25 Exiv2 Bug #1248: floating point exception / crash on malformed input

I'm not sure why you come to the conclusion these are not bugs....
You say these don't affect clang, I can't repro... Hanno Böck

22 Oct 2016

21:01 Exiv2 Bug #1248: floating point exception / crash on malformed input

Attached are two files causing (different) heap buffer overflows (one writing and one reading) in exiv2.
I have to... Hanno Böck

20:52 Exiv2 Bug #1248: floating point exception / crash on malformed input

Attached a file causing a different floating point exception (may be the same underlying bug).
Stack trace:
==156... Hanno Böck

11:02 Exiv2 Bug #1248: floating point exception / crash on malformed input

These files are actually a result of fuzzing. I'm using american fuzzy lop in combination with address sanitizer. See... Hanno Böck

21 Oct 2016

21:17 Exiv2 Bug #1248 (Closed): floating point exception / crash on malformed input

The attached file will cause a floating point exception with "exiv2 print".
Here's a stack trace:
==18792==ERROR:... Hanno Böck

11:40 Exiv2 Bug #1247: out of bounds read access in Exiv2::Image::setIccProfile

Even with a corrupted JPEG you shouldn't read beyond the bounds of the allocated memory.
I've looked into the code... Hanno Böck

01:17 Exiv2 Bug #1247 (Closed): out of bounds read access in Exiv2::Image::setIccProfile

The attached file will cause an out of bounds read access of one byte, visible with address sanitizer (add "-fsanitiz... Hanno Böck

13 May 2015

17:03 Exiv2 Bug #1080 (Closed): Division by zero / crash on malformed input file

The attached file will cause a crash / integer division by zero in exiv2.
Backtrace:
#0 0x00007ffff7a6886f in Ex... Hanno Böck