Dailydave mailing list archives

Re: More INFILTRATE planning, and an 0day.

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Wed, 26 Sep 2012 15:30:16 -0700

(The 0day as promised in the subject line is attached. If you can't see
it, then it worked!)


Did not work for me, shows as a regular JPEG, although I fiddled with
it a bit... looks like it's meant to target this code, right?

      s += state.last_dc_val[ci];
      state.last_dc_val[ci] = s;
      /* Scale and output the coefficient (assumes jpeg_natural_order[0]=0) */
      (*block)[0] = (JCOEF) (s << Al);

The bug is pretty subtle, took me a while to figure it out. Kudos.

/mz
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

More INFILTRATE planning, and an 0day. Dave Aitel (Sep 26)
- Re: More INFILTRATE planning, and an 0day. Michal Zalewski (Sep 26)