dbohdan / hicolor Goto Github PK
View Code? Open in Web Editor NEW๐จ Convert images to 15/16-bit RGB color with dithering
License: MIT License
๐จ Convert images to 15/16-bit RGB color with dithering
License: MIT License
Hi~๏ผI did some fuzzy testing and found some bugs/vulnerabilities on hicolor v0.5.0. I hope these findings will help improve software quality.
These bugs/vulnerabilities are mainly caused by unsafe component cute_png.h v1.05. According to my analysis, Because the compilation environment of hicolor is inconsistent with the official compilation environment of cute_png.h v1.05, not all bugs in cute_png.h affect hicolor. The bugs/vulnerabilities listed below can truly affect hicolor v0.5.0.
All of the bugs/vulnerablities are triggered with no assertion raised. This means that these bugs/vulnerabilities are unexpected behaviors of the program.
hicolor: https://github.com/dbohdan/hicolor
cute_headers: https://github.com/RandyGaul/cute_headers
See also https://github.com/Helson-S/FuzzyTesting/tree/master/hicolor
Heap-buffer-flow bug/vulnerability caused by read access found in function cp_unfilter() at line 1019 of vendor/cute_png.h v1.05.
Affected version: hicolor v0.5.0
Environment:
Operating system version: Ubuntu 22.04
Linux kernel version: Linux pc 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Compiler version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Compile hicolor with ASAN and run the following command in bash shell:
hicolor encode -a ./poc/sample6.png ./output.hic && rm -f ./output.hic
Heap-buffer-flow bug/vulnerability caused by read access found in function cp_stored() at line 543 of vendor/cute_png.h v1.05. What's more, sample10.png provided as attack vector causes double-free heap memory corruption in function cp_load_png_mem() at line 1194 of vendor/cute_png.h v1.05.
Affected version: hicolor v0.5.0
Environment:
Operating system version: Ubuntu 22.04
Linux kernel version: Linux pc 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Compiler version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Compile hicolor with ASAN and run the following command in bash shell:
hicolor encode -a ./poc/sample10.png ./output.hic && rm -f ./output.hic
Heap-buffer-flow bug/vulnerability caused by write access found in function cp_block() at line 623 of vendor/cute_png.h v1.05. What's more, sample11.png provided as attack vector causes double-free heap memory corruption in function cp_load_png() at line 1216 of vendor/cute_png.h v1.05.
Affected version: hicolor v0.5.0
Environment:
Operating system version: Ubuntu 22.04
Linux kernel version: Linux pc 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Compiler version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Compile hicolor with ASAN and run the following command in bash shell:
hicolor encode -a ./poc/sample11.png ./output.hic && rm -f ./output.hic
heap-buffer-overflow bug/vulnerability caused by write access found in function png_quantize() at line 220 of cli.c v1.05.
Affected version: hicolor v0.5.0
Environment:
Operating system version: Ubuntu 22.04
Linux kernel version: Linux pc 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Compiler version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Compile hicolor with ASAN and run the following command in bash shell:
hicolor quantize -n ./poc/sample18.png ./output.hic && rm -f ./output.hic
Heap-buffer-flow bug/vulnerability caused by write access found in function cp_block() at line 644 of vendor/cute_png.h v1.05. What's more, sample12.png provided as attack vector causes unmap invalid pointer memory corruption in function cp_load_png_mem() at line 1189 of vendor/cute_png.h v1.05.
Affected version: hicolor v0.5.0
Environment:
Operating system version: Ubuntu 22.04
Linux kernel version: Linux pc 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Compiler version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Compile hicolor with ASAN and run the following command in bash shell:
hicolor encode -a ./poc/sample12.png ./output.hic && rm -f ./output.hic
Heap-buffer-flow bug/vulnerability caused by write access found in function cp_block() at line 642 of vendor/cute_png.h v1.05.
Affected version: hicolor v0.5.0
Environment:
Operating system version: Ubuntu 22.04
Linux kernel version: Linux pc 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Compiler version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Compile hicolor with ASAN and run the following command in bash shell:
hicolor encode -a ./poc/sample13.png ./output.hic && rm -f ./output.hic
stack-buffer-overflow bug/vulnerability caused by write access found in function cp_dynamic() at line 603 of vendor/cute_png.h v1.05. It will lead to control flow hijacking.
Affected version: hicolor v0.5.0
Environment:
Operating system version: Ubuntu 22.04
Linux kernel version: Linux pc 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Compiler version: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
Compile hicolor with ASAN and run the following command in bash shell:
hicolor encode -a ./poc/sample16.png ./output.hic && rm -f ./output.hic
When trying to build with "make test" i get the following:
./tests/hicolor.test
==== data-integrity-2.1 alpha roundtrip FAILED
==== Contents of test case:
hicolor quant alpha.png alpha-q.png
exec gm compare -metric rmse alpha.png alpha-q.png
---- Test generated error; Return code was: 1
---- Return code should have been one of: 0 2
---- errorInfo: source image "alpha.png" doesn't exist
while executing
"exec {*}$::hicolorCommand {*}$args"
(procedure "hicolor" line 2)
invoked from within
"hicolor quant alpha.png alpha-q.png"
("uplevel" body line 2)
invoked from within
"uplevel 1 $script"
---- errorCode: CHILDSTATUS 2909 1
==== data-integrity-2.1 FAILED
hicolor.test: Total 24 Passed 23 Skipped 0 Failed 1
make: *** [Makefile:26: test] Error 1
I click on the program and there is a command line that briefly shows up before closing. Alright, I figure I then have to run it through CMD itself.
So I type cd:\Users\Me into CMD (which is where I put the executable and the image, and then enter hicolor-v0.3.1-win32.exe hicolor quantize -5 example.png
But then it says "invalid command" and simply tells me:
hicolor (encode|decode|quantize) [options] src [dest]
hicolor info file
hicolor version
hicolor help
I don't know what I'm being asked to do. Even hicolor help produces "invalid command"
As the cute_png.h
library is used to load and parse PNG files, the returned image is not verified. This could cause the program's functionality to be disrupted.
An example I encountered was when the PNG headers stored excessive values for the image's height and width (despite the fact that the pixels are not stored in the data section of the format). This causes the malloc
from the function cp_to_rgb
to return NULL
and, as a result of the pointer dereferencing below, the program will generate a SIGSERV
and stop working.
It doesn't open on my PC at all. All it does is have a command prompt window pop up for a split second.
Also, the linux version isn't even a program, it's a blank file. Not even a binary.
I've tried it in other operating systems yet it still doesn't work.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.