Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NULL pointer deference #186

Closed
skyvast404 opened this issue Jan 14, 2020 · 3 comments
Closed

NULL pointer deference #186

skyvast404 opened this issue Jan 14, 2020 · 3 comments
Assignees
Labels
fuzzing Intentional illegal input
Milestone

Comments

@skyvast404
Copy link

skyvast404 commented Jan 14, 2020

Hello, I got a NULL pointer deference bug in 0.10.1.2677 and even earlier by run dxf2dwg poc -o /dev/null

==12391==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f9f9b4f3284 bp 0x7ffcfa3b08a0 sp 0x7ffcfa3b0860 T0)
==12391==The signal is caused by a READ memory access.
==12391==Hint: address points to the zero page.
    #0 0x7f9f9b4f3283 in add_MLINESTYLE_lines /home/skyvast/Documents/libredwg-0.10.1.2677/src/in_dxf.c:1462
    #1 0x7f9f9b554a23 in new_object /home/skyvast/Documents/libredwg-0.10.1.2677/src/in_dxf.c:5897
    #2 0x7f9f9b564d2d in dxf_objects_read /home/skyvast/Documents/libredwg-0.10.1.2677/src/in_dxf.c:7245
    #3 0x7f9f9b56bb16 in dwg_read_dxf /home/skyvast/Documents/libredwg-0.10.1.2677/src/in_dxf.c:7701
    #4 0x7f9f9a684ee7 in dxf_read_file /home/skyvast/Documents/libredwg-0.10.1.2677/src/dwg.c:319
    #5 0x564a81d20465 in main /home/skyvast/Documents/libredwg-0.10.1.2677/programs/dxf2dwg.c:255
    #6 0x7f9f99d8fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #7 0x564a81d1f489 in _start (/home/skyvast/Documents/asan_libredwg/bin/dxf2dwg+0x2489)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/skyvast/Documents/libredwg-0.10.1.2677/src/in_dxf.c:1462 in add_MLINESTYLE_lines
==12391==ABORTING

@rurban rurban self-assigned this Jan 14, 2020
@rurban
Copy link
Contributor

rurban commented Jan 14, 2020

Can you attach the poc please?

rurban added a commit that referenced this issue Jan 14, 2020
@rurban rurban added this to the 0.11 milestone Jan 14, 2020
@skyvast404
Copy link
Author

null_pointer.zip

@rurban rurban added the fuzzing Intentional illegal input label Jan 16, 2020
rurban added a commit that referenced this issue Jan 16, 2020
Fixes GH #186, and 2 cases of GH #189
@rurban rurban closed this as completed Jan 16, 2020
@skyvast404
Copy link
Author

This bug credited by ADLab.
CVE-2020-15807

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
fuzzing Intentional illegal input
Projects
None yet
Development

No branches or pull requests

2 participants