alco
Out-of-memory in Function psd_malloc()
Description
A Out-of-memory was discovered in psdump. The issue is being triggered in function psd_malloc()
Environment
Ubuntu 18.04, 64bit
Reproduce
Command git clone the Lastest Version firstly. make && make install ./psdump poc
With ASAN
Note: You can use ASAN for more direct verification. Compile program with address sanitizer with this command:
obj-files = build/main.o build/Document.o build/Layer.o build/Record.o build/LayerGroup.o build/TextFormatter.o build/XmlFormatter.o build/PlistFormatter.o build/PsdParser.o build/JsonFormatter.o build/lodepng.o libpsd-objects = adjustment.o bevel_emboss.o bitmap.o blend.o boundary.o brightness_contrast.o channel_image.o channel_mixer.o color.o color_balance.o color_mode.o color_overlay.o curves.o descriptor.o drop_shadow.o effects.o file_header.o fixed.o gaussian_blur.o gradient_blend.o gradient_fill.o gradient_map.o gradient_overlay.o hue_saturation.o image_data.o image_resource.o inner_glow.o inner_shadow.o invert.o layer_mask.o levels.o outer_glow.o path.o pattern.o pattern_fill.o pattern_overlay.o photo_filter.o posterize.o psd.o psd_system.o psd_zip.o rect.o satin.o selective_color.o solid_color.o stream.o stroke.o threshold.o thumbnail.o type_tool.o
psdump: build_dir build/libpsd-0.9 $(obj-files) g++ -fsanitize=address $(obj-files) $(libpsd-objects) -o build/psdump
build/libpsd-0.9: gcc -fsanitize=address -Ilibpsd-0.9/include -c libpsd-0.9/src/*.c touch build/libpsd-0.9
build_dir: mkdir -p build
build/main.o: src/main.cpp src/Document.h src/formatter/TextFormatter.h src/formatter/XmlFormatter.h src/formatter/JsonFormatter.h src/parser/PsdParser.h g++ -fsanitize=address -c -Wno-write-strings -Ilibpsd-0.9/include src/main.cpp -o build/main.o build/Document.o: src/Document.cpp src/Document.h g++ -fsanitize=address -c src/Document.cpp -o build/Document.o build/Layer.o: src/Layer.cpp src/Layer.h g++ -fsanitize=address -c src/Layer.cpp -o build/Layer.o build/Record.o: src/Record.cpp src/Record.h g++ -fsanitize=address -c src/Record.cpp -o build/Record.o build/LayerGroup.o: src/LayerGroup.cpp src/LayerGroup.h g++ -fsanitize=address -c src/LayerGroup.cpp -o build/LayerGroup.o build/TextFormatter.o: src/formatter/TextFormatter.cpp src/formatter/TextFormatter.h g++ -fsanitize=address -c src/formatter/TextFormatter.cpp -o build/TextFormatter.o build/PlistFormatter.o: src/formatter/PlistFormatter.cpp src/formatter/PlistFormatter.h g++ -fsanitize=address -c src/formatter/PlistFormatter.cpp -o build/PlistFormatter.o build/XmlFormatter.o: src/formatter/XmlFormatter.cpp src/formatter/XmlFormatter.h g++ -fsanitize=address -c src/formatter/XmlFormatter.cpp -o build/XmlFormatter.o build/JsonFormatter.o: src/formatter/JsonFormatter.cpp src/formatter/JsonFormatter.h g++ -fsanitize=address -c src/formatter/JsonFormatter.cpp -o build/JsonFormatter.o build/PsdParser.o: src/parser/PsdParser.cpp src/parser/PsdParser.h g++ -fsanitize=address -c -Ilibpsd-0.9/include src/parser/PsdParser.cpp -o build/PsdParser.o
build/lodepng.o: src/lodepng/lodepng.cpp src/lodepng/lodepng.h g++ -fsanitize=address-c src/lodepng/lodepng.cpp -o build/lodepng.o
.PHONY: clean, tidyup, shtest, test test: python test/test.py shtest: test/test.sh tidyup: rm -f build/*.o rm -f build/libpsd-0.9 rm -f *.o clean: rm -rf build rm -f *.o
ASAN:
=================================================================
==31941==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x7d7d7d7c bytes
#0 0x7f41f96b3c47 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x5574cfc64ee1 in psd_malloc libpsd-0.9/src/psd_system.c:10
#2 0x5574cfc4b264 in psd_get_image_resource libpsd-0.9/src/image_resource.c:320
#3 0x5574cfc64d17 in psd_main_loop libpsd-0.9/src/psd.c:186
#4 0x5574cfc64903 in psd_image_load_tag libpsd-0.9/src/psd.c:81
#5 0x5574cfc6498b in psd_image_load libpsd-0.9/src/psd.c:100
#6 0x5574cfbb813f in PsdParser::parse() src/parser/PsdParser.cpp:45
#7 0x5574cfbb35b3 in main src/main.cpp:163
#8 0x7f41f90ad0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
==31941==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 in __interceptor_malloc
==31941==ABORTING
