SEGV caused by a READ memory access in jpegoptim.c

[yangfar]

With the help of AFL, I found some crashes. Are they new bugs?

• Crashes1

================================================================= ==3914==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7f92addb01f7 bp 0x7ffce101b640 sp 0x7ffce101a2e0 T0) ==3914==The signal is caused by a READ memory access. ==3914==Hint: this fault was caused by a dereference of a high value address (see register values below). Dissassemble the provided pc to learn which register was used. #0 0x7f92addb01f7 (/lib/x86_64-linux-gnu/libjpeg.so.8+0x201f7) #1 0x7f92addb0c06 (/lib/x86_64-linux-gnu/libjpeg.so.8+0x20c06) #2 0x7f92addaef1e (/lib/x86_64-linux-gnu/libjpeg.so.8+0x1ef1e) #3 0x7f92addb779d in jpeg_read_coefficients (/lib/x86_64-linux-gnu/libjpeg.so.8+0x2779d) #4 0x4c7cbc in optimize /home/hjsz/jpegoptim/jpegoptim.c:709:17 #5 0x4cdbcf in main /home/hjsz/jpegoptim/jpegoptim.c:1309:10 #6 0x7f92adb72082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #7 0x41c5ed in _start (/home/hjsz/jpegoptim/jpegoptim+0x41c5ed)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libjpeg.so.8+0x201f7) ==3914==ABORTING

[tjko]

What makes you think this is issue with jpegoptim? Stack trace clearly shows it was (code in) libjpeg.so that seems to have made out-of-bounds read....

[yangfar]

This should not be the problem of jpegoptim, but how to avoid these crashes when libjpeg. so is called.