Fix heap buffer overflow in decode_png

[kobrineli]

Hi! We've been fuzzing torchvision project with sydr-fuzz.
We've found a heap buffer overflow error at png.c:90 in libpng project.

The error occurred because in decode_png.cpp in the first bytes of the input contents are compared with the png signature. But there is no check that the input size can be less than 8, so the heap buffer overflow at png_sig_cmp function may happen

torchvision version: 9d0a93e

pytorch version: 0f1621df1a0a73956c7ce4e2f72f069e610e0137

OS: Ubuntu 20.04

How to reproduce

1. Build docker from here and run the container:

    sudo docker build -t oss-sydr-fuzz-torchvision .
    sudo docker run --privileged --rm -v `pwd`:/fuzz -it oss-sydr-fuzz-torchvision /bin/bash
   

2. Run the target on this input:

    /decode_png_fuzz heapbof.png
   

3. You will see the following output:

    =================================================================
    ==1160==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020004e6a37 at pc 0x00000055c516 bp 0x7ffffa6635a0 sp 0x7ffffa662d50
    READ of size 8 at 0x6020004e6a37 thread T0
        #0 0x55c515 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:860:7
        #1 0x55ca0a in __interceptor_memcmp /llvm-project-llvmorg-14.0.6/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:892:10
        #2 0x13c8c171 in png_sig_cmp /libpng-1.6.37/png.c:90:18
        #3 0x6332b8 in vision::image::decode_png(at::Tensor const&, long, bool) /vision/torchvision/csrc/io/image/cpu/decode_png.cpp:52:18
        #4 0x6025c0 in LLVMFuzzerTestOneInput /vision/decode_png.cc:34:32
        #5 0x668bc1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
        #6 0x65204c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
        #7 0x65819b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
        #8 0x651da2 in main /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
        #9 0x7f8f02e1d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
        #10 0x541cbd in _start (/decode_png_fuzz+0x541cbd)
    
    0x6020004e6a37 is located 0 bytes to the right of 7-byte region [0x6020004e6a30,0x6020004e6a37)
    allocated by thread T0 here:
        #0 0x5ff66d in operator new[](unsigned long) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/asan/asan_new_delete.cpp:98:3
        #1 0x668ad2 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:596:23
        #2 0x65204c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
        #3 0x65819b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
        #4 0x651da2 in main /llvm-project-llvmorg-14.0.6/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
        #5 0x7f8f02e1d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    
    SUMMARY: AddressSanitizer: heap-buffer-overflow /llvm-project-llvmorg-14.0.6/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:860:7 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long)
    Shadow bytes around the buggy address:
      0x0c0480094cf0: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
      0x0c0480094d00: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fd
      0x0c0480094d10: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
      0x0c0480094d20: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fd
      0x0c0480094d30: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fd
    =>0x0c0480094d40: fa fa 07 fa fa fa[07]fa fa fa fa fa fa fa fa fa
      0x0c0480094d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c0480094d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c0480094d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c0480094d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c0480094d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
    ==1160==ABORTING
   

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/vision/7691

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

❌ 1 New Failure, 2 Unrelated Failures

As of commit 8cbf5d7:

NEW FAILURE - The following job has failed:

• Build M1 Wheels (gh)

BROKEN TRUNK - The following jobs failed but were present on the merge base 5178a2e:

👉 Rebase onto the `viable/strict` branch to avoid these failures

• windows (windows.4xlarge, cpu) / windows-job (gh)
• windows (windows.g5.4xlarge.nvidia.gpu, cuda, 11.8) / windows-job (gh)

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[facebook-github-bot]

Hi @kobrineli!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at [email protected]. Thanks!

[NicolasHug]

Thanks for the PR @kobrineli , LGTM if green. We'll need you to sign the CLA before we can merge it.

@vfdev-5 maybe you want to give this a quick look?

[kobrineli]

@NicolasHug Hi! Thank you
Already signed it, it just didn't update

[vfdev-5]

looks good to me as well, thanks @kobrineli

[github-actions]

Hey @NicolasHug!

You merged this PR, but no labels were added. The list of valid labels is available at https://github.com/pytorch/vision/blob/main/.github/process_commit.py