Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malloc size error in decode.c:3437 #259

Closed
seviezhou opened this issue Aug 2, 2020 · 0 comments
Closed

Malloc size error in decode.c:3437 #259

seviezhou opened this issue Aug 2, 2020 · 0 comments
Assignees
@rurban
Labels
bug Something isn't working fuzzing Intentional illegal input
Milestone
0.11

Comments

@seviezhou
Copy link

System info

Ubuntu X64, gcc (Ubuntu 5.5.0-12ubuntu1), dwgbmp (latest master 39ef943)

Configure

CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure

Command line

./dwgbmp ./malloc-size-error-read_2004_section_acds-3437

AddressSanitizer output

==19408==WARNING: AddressSanitizer failed to allocate 0x002a02e603b8 bytes
==19408==AddressSanitizer's allocator is terminating the process instead of returning 0
==19408==If you don't like this behavior set allocator_may_return_null=1
==19408==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0)
    #0 0x7fb92ffea611  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0611)
    #1 0x7fb92ffef5c3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55c3)
    #2 0x7fb92ff67393  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d393)
    #3 0x7fb92ffed845  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3845)
    #4 0x7fb92ff6cabd  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22abd)
    #5 0x7fb92ff6d987  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x23987)
    #6 0x7fb92ffe2775 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98775)
    #7 0x556356d48717 in acds_private /home/seviezhou/libredwg/src/acds.spec:47
    #8 0x556356de6551 in read_2004_section_acds /home/seviezhou/libredwg/src/decode.c:3437
    #9 0x556356de6551 in decode_R2004 /home/seviezhou/libredwg/src/decode.c:3694
    #10 0x556356df2a36 in dwg_decode /home/seviezhou/libredwg/src/decode.c:242
    #11 0x556356cebdec in dwg_read_file /home/seviezhou/libredwg/src/dwg.c:251
    #12 0x556356ce9e28 in get_bmp /home/seviezhou/libredwg/programs/dwgbmp.c:120
    #13 0x556356ce8ed0 in main /home/seviezhou/libredwg/programs/dwgbmp.c:301
    #14 0x7fb92f7dcb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #15 0x556356ce96a9 in _start (/home/seviezhou/libredwg/programs/dwgbmp+0x4e76a9)

POC

malloc-size-error-read_2004_section_acds-3437.zip
@rurban rurban self-assigned this Aug 2, 2020
@rurban rurban added bug Something isn't working fuzzing Intentional illegal input labels Aug 2, 2020
@rurban rurban added this to the 0.11 milestone Aug 2, 2020
rurban added a commit that referenced this issue Aug 2, 2020
@rurban
decode: protect from invalid ACDS.num_segidx
a3679b4 
Fixes fuzzing GH #259 by @seviezhou
@rurban rurban mentioned this issue Aug 2, 2020
Closed
@rurban rurban closed this as completed Aug 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rurban rurban

Labels
bug Something isn't working fuzzing Intentional illegal input
Projects
None yet
Milestone
0.11
Development

No branches or pull requests
2 participants
@rurban @seviezhou