Created attachment 22230 [details] poc Summary : AddressSanitizer: SEGV on unknown address 0x20005fff83f3 (pc 0x0000004ce306 bp 0x7ffc434aa090 sp 0x7ffc434a9a80 T0) - Version ``` ➜ jbig2dec git:(master) ✗ ./jbig2dec -V jbig2dec 0.19 ``` At branch `a5b9b7cd` - Steps to reproduce ``` git clone https://github.com/ArtifexSoftware/jbig2dec.git cd jbig2dec ./autogen.sh ./configure CC=gcc CXX=g++ CFLAGS="-g -fsanitize=address" --disable-shared make ./jbig2dec -d ./poc ``` - Asan ``` Sorry, segment dump not yet implemented ASAN:DEADLYSIGNAL ================================================================= ==12044==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5639ee9acb87 bp 0x7ffcbdfa7d70 sp 0x7ffcbdfa77d0 T0) ==12044==The signal is caused by a READ memory access. ==12044==Hint: address points to the zero page. #0 0x5639ee9acb86 in jbig2_error /home/lin/jbig2dec/jbig2.c:98 #1 0x5639ee9a9255 in main /home/lin/jbig2dec/jbig2dec.c:781 #2 0x7f6d77021c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86) #3 0x5639ee9a5719 in _start (/home/lin/jbig2dec/jbig2dec+0xc719) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/lin/jbig2dec/jbig2.c:98 in jbig2_error ==12044==ABORTING ```
*** Bug 707308 has been marked as a duplicate of this bug. ***
Fixed in commit 44ca5b9d023e1de33fcb8984c85bb29619c4db7e Author: Sebastian Rasmussen <sebras@gmail.com> Date: Sun Nov 5 12:21:52 2023 +0100 Bug 705041: jbig2dec: Avoid uninitialized allocator in command-line tool. This fixes CVE-2023-46361.