=================================================================
==29185==ERROR: AddressSanitizer: attempting double-free on 0x60c00000b140 in thread T0:
#0 0x7ff7ab4c22da in free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982da)
#1 0x55bd65d40854 in dwg_free_MATERIAL_private /home/seviezhou/libredwg/src/dwg.spec:7662
#2 0x55bd65dec9d4 in dwg_free_MATERIAL /home/seviezhou/libredwg/src/dwg.spec:7640
#3 0x55bd65e6c14e in dwg_free_object /home/seviezhou/libredwg/src/free.c:862
#4 0x55bd65e736fc in dwg_free /home/seviezhou/libredwg/src/free.c:1266
#5 0x55bd65b897d7 in bmp_free_dwg /home/seviezhou/libredwg/programs/dwgbmp.c:95
#6 0x55bd65b89e1b in get_bmp /home/seviezhou/libredwg/programs/dwgbmp.c:133
#7 0x55bd65b88bca in main /home/seviezhou/libredwg/programs/dwgbmp.c:301
#8 0x7ff7aacbcb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#9 0x55bd65b893e9 in _start (/home/seviezhou/libredwg/programs/dwgbmp+0x4e23e9)
0x60c00000b140 is located 0 bytes inside of 128-byte region [0x60c00000b140,0x60c00000b1c0)
freed by thread T0 here:
#0 0x7ff7ab4c22da in free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982da)
#1 0x55bd657f449b in dwg_decode_MATERIAL_private /home/seviezhou/libredwg/src/dwg.spec:7665
#2 0xb4 (<unknown module>)
previously allocated by thread T0 here:
#0 0x7ff7ab4c27aa in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x987aa)
#1 0x55bd657f2777 in dwg_decode_MATERIAL_private /home/seviezhou/libredwg/src/dwg.spec:7662
#2 0xb4 (<unknown module>)
SUMMARY: AddressSanitizer: double-free ??:0 free
==29185==ABORTING
the 2nd mapper transmatrix was wrong, we need a texture here.
This caused a double-free if map.source == 2.
Only found via fuzzing GH #256 by @seviezhou.
the 2nd mapper transmatrix was wrong, we need a texture here.
This caused a double-free if map.source == 2.
Only found via fuzzing GH #256 by @seviezhou.
System info
Ubuntu X64, gcc (Ubuntu 5.5.0-12ubuntu1), dwgbmp (latest master 4b99ed)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
Command line
./programs/dwgbmp ./double-free-dwg_free_MATERIAL_private-dwg.spec-7662 /tmp/a.bmp
AddressSanitizer output
POC
double-free-dwg_free_MATERIAL_private-dwg.spec-7662.zip
The text was updated successfully, but these errors were encountered: