From afc9fd8b9e8c259bb08dc113278032cca73fe7e4 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <cnx@loang.net>
Date: Wed, 19 Feb 2025 17:35:54 +0900
Subject: Add ASan'ed libjpeg-turbo 1.5.3 for CVE-2018-14498

---
 REUSE.toml                                |   4 ++++
 bugs/README.md                            |  14 ++++++++++++--
 bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp | Bin 0 -> 4170 bytes
 bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp | Bin 0 -> 2336 bytes
 bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp | Bin 0 -> 2349 bytes
 bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp | Bin 0 -> 871 bytes
 bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp | Bin 0 -> 4002 bytes
 loftix/bugs.scm                           |  15 +++++++++++++++
 8 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp
 create mode 100644 bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp
 create mode 100644 bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp
 create mode 100644 bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp
 create mode 100644 bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp

diff --git a/REUSE.toml b/REUSE.toml
index 8bdde8b..2d6dbd6 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -60,6 +60,10 @@ SPDX-FileCopyrightText = '2017 Junchao Luan'
 path = 'bugs/cve/2017/15232/*.jpg'
 SPDX-FileCopyrightText = '2017 Zhao Liang'
 
+[[annotations]]
+path = 'bugs/cve/2018/14498/*.bmp'
+SPDX-FileCopyrightText = '2018 Hongxu Chen'
+
 [[annotations]]
 path = 'bugs/cve/2019/9077/hbo2'
 SPDX-FileCopyrightText = '2019 陈鹏'
diff --git a/bugs/README.md b/bugs/README.md
index 7378d71..6a3ba1c 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -54,9 +54,18 @@
 
       guix shell libjpeg-turbo@1.5.2
       djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\
-        -targa -grayscale -outfile o cve/2017/15232/1.jpg
+        -targa -grayscale -outfile /dev/null cve/2017/15232/1.jpg
       djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\
-        -targa -grayscale -outfile o cve/2017/15232/2.jpg
+        -targa -grayscale -outfile /dev/null cve/2017/15232/2.jpg
+
+- CVE-2018-14498: [heap buffer overflow][libjpeg-turbo-258]
+
+      guix shell libjpeg-turbo@1.5.3
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:209_1.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:209_2.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:210_1.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:211_1.bmp
+      cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:211_2.bmp
 
 ## libxml2
 
@@ -76,6 +85,7 @@
 [jasper-22]: https://github.com/jasper-software/jasper/issues/22
 [jasper-67]: https://github.com/jasper-software/jasper/issues/67
 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717
+[libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3
 [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808
diff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp
new file mode 100644
index 0000000..a239263
Binary files /dev/null and b/bugs/cve/2018/14498/hbo_rdbmp.c:209_1.bmp differ
diff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp
new file mode 100644
index 0000000..b91f983
Binary files /dev/null and b/bugs/cve/2018/14498/hbo_rdbmp.c:209_2.bmp differ
diff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp
new file mode 100644
index 0000000..73f80b7
Binary files /dev/null and b/bugs/cve/2018/14498/hbo_rdbmp.c:210_1.bmp differ
diff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp
new file mode 100644
index 0000000..549d598
Binary files /dev/null and b/bugs/cve/2018/14498/hbo_rdbmp.c:211_1.bmp differ
diff --git a/bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp b/bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp
new file mode 100644
index 0000000..22165da
Binary files /dev/null and b/bugs/cve/2018/14498/hbo_rdbmp.c:211_2.bmp differ
diff --git a/loftix/bugs.scm b/loftix/bugs.scm
index 296043f..7fa0f19 100644
--- a/loftix/bugs.scm
+++ b/loftix/bugs.scm
@@ -127,6 +127,21 @@
     (arguments '(#:make-flags '("LDFLAGS=-static")
                  #:test-target "test"))))
 
+(define-public libjpeg-turbo-1.5.3-asan
+  (package
+    (inherit libjpeg-turbo-1.5.2)
+    (name "libjpeg-turbo")
+    (version "1.5.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
+                                  version "/libjpeg-turbo-" version ".tar.gz"))
+              (sha256
+               (base32
+                "08r5b5mywwrxv4axvq80dm31cklz81grczlzlxr2xqa6pgi90j5j"))))
+    (arguments '(#:make-flags '("CFLAGS=-O2 -g -fsanitize=address"
+                                "LDFLAGS=-static -fsanitize=address")))))
+
 (define-public libxml2-2.9.4
   (package
     (inherit libxml2)
-- 
cgit 1.4.1