Add ASan'ed libjpeg-turbo 1.5.3 for CVE-2018-14498

author: Nguyễn Gia Phong <cnx@loang.net> 2025-02-19 17:35:54 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2025-02-19 17:35:54 +0900
commit: afc9fd8b9e8c259bb08dc113278032cca73fe7e4 (patch)
tree: b641d7b91c35b0724bdf85af2cbfda706ac0b923
parent: 1b05cd6abedba0efdd548a7a648e4d9147ff13f8 (diff)
download: loftix-afc9fd8b9e8c259bb08dc113278032cca73fe7e4.tar.gz
8 files changed, 31 insertions, 2 deletions
diff --git a/REUSE.toml b/REUSE.toml
index 8bdde8b..2d6dbd6 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -61,6 +61,10 @@ path = 'bugs/cve/2017/15232/*.jpg'
 SPDX-FileCopyrightText = '2017 Zhao Liang'
 
 [[annotations]]
+path = 'bugs/cve/2018/14498/*.bmp'
+SPDX-FileCopyrightText = '2018 Hongxu Chen'
+
+[[annotations]]
 path = 'bugs/cve/2019/9077/hbo2'
 SPDX-FileCopyrightText = '2019 陈鹏'
 SPDX-License-Identifier = 'CC0-1.0'
diff --git a/bugs/README.md b/bugs/README.md
index 7378d71..6a3ba1c 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -54,9 +54,18 @@
 
       guix shell libjpeg-turbo@1.5.2
       djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\
-        -targa -grayscale -outfile o cve/2017/15232/1.jpg
+        -targa -grayscale -outfile /dev/null cve/2017/15232/1.jpg
       djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\
-        -targa -grayscale -outfile o cve/2017/15232/2.jpg
+        -targa -grayscale -outfile /dev/null cve/2017/15232/2.jpg
+
+- CVE-2018-14498: [heap buffer overflow][libjpeg-turbo-258]
+
+      guix shell libjpeg-turbo@1.5.3
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:209_1.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:209_2.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:210_1.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:211_1.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:211_2.bmp
 
 ## libxml2
 
@@ -76,6 +85,7 @@
 [jasper-22]: https://github.com/jasper-software/jasper/issues/22
 [jasper-67]: https://github.com/jasper-software/jasper/issues/67
 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717
+[libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3
 [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808
diff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp
new file mode 100644
index 0000000..a239263
--- /dev/null
+++ b/bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp
Binary files differdiff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp
new file mode 100644
index 0000000..b91f983
--- /dev/null
+++ b/bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp
Binary files differdiff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp
new file mode 100644
index 0000000..73f80b7
--- /dev/null
+++ b/bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp
Binary files differdiff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp
new file mode 100644
index 0000000..549d598
--- /dev/null
+++ b/bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp
Binary files differdiff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp
new file mode 100644
index 0000000..22165da
--- /dev/null
+++ b/bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp
Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm
index 296043f..7fa0f19 100644
--- a/loftix/bugs.scm
+++ b/loftix/bugs.scm
@@ -127,6 +127,21 @@
     (arguments '(#:make-flags '("LDFLAGS=-static")
                  #:test-target "test"))))
 
+(define-public libjpeg-turbo-1.5.3-asan
+  (package
+    (inherit libjpeg-turbo-1.5.2)
+    (name "libjpeg-turbo")
+    (version "1.5.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
+                                  version "/libjpeg-turbo-" version ".tar.gz"))
+              (sha256
+               (base32
+                "08r5b5mywwrxv4axvq80dm31cklz81grczlzlxr2xqa6pgi90j5j"))))
+    (arguments '(#:make-flags '("CFLAGS=-O2 -g -fsanitize=address"
+                                "LDFLAGS=-static -fsanitize=address")))))
+
 (define-public libxml2-2.9.4
   (package
     (inherit libxml2)
author	Nguyễn Gia Phong <cnx@loang.net>	2025-02-19 17:35:54 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2025-02-19 17:35:54 +0900
commit	afc9fd8b9e8c259bb08dc113278032cca73fe7e4 (patch)
tree	b641d7b91c35b0724bdf85af2cbfda706ac0b923
parent	1b05cd6abedba0efdd548a7a648e4d9147ff13f8 (diff)
download	loftix-afc9fd8b9e8c259bb08dc113278032cca73fe7e4.tar.gz