=================================================================
==65289==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62c0000381ff at pc 0x7fc1be68a945 bp 0x7fff3419f990 sp 0x7fff3419f138
READ of size 6 at 0x62c0000381ff thread T0
#0 0x7fc1be68a944 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c944)
#1 0x5588916f116f in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 0x5588916f116f in bit_read_fixed /home/seviezhou/libredwg/src/bits.c:1424
#3 0x558891715678 in acds_private /home/seviezhou/libredwg/src/acds.spec:111
#4 0x5588917b3161 in read_2004_section_acds /home/seviezhou/libredwg/src/decode.c:3437
#5 0x5588917b3161 in decode_R2004 /home/seviezhou/libredwg/src/decode.c:3694
#6 0x5588917bf646 in dwg_decode /home/seviezhou/libredwg/src/decode.c:242
#7 0x5588916b89fc in dwg_read_file /home/seviezhou/libredwg/src/dwg.c:251
#8 0x5588916b5e12 in main /home/seviezhou/libredwg/programs/dwg2dxf.c:258
#9 0x7fc1bde90b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#10 0x5588916b6d69 in _start (/home/seviezhou/libredwg/programs/dwg2dxf+0xa88d69)
0x62c0000381ff is located 1 bytes to the left of 29696-byte region [0x62c000038200,0x62c00003f600)
allocated by thread T0 here:
#0 0x7fc1be6967aa in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x987aa)
#1 0x5588917211c4 in read_2004_compressed_section /home/seviezhou/libredwg/src/decode.c:2432
#2 0x5588922c13aa (/home/seviezhou/libredwg/programs/dwg2dxf+0x16933aa)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
0x0c587fffefe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c587fffeff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c587ffff000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c587ffff010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c587ffff020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c587ffff030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0c587ffff040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c587ffff050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c587ffff060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c587ffff070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c587ffff080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==65289==ABORTING
System info
Ubuntu X64, gcc (Ubuntu 5.5.0-12ubuntu1), dwg2dxf (latest master 39ef943)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
Command line
./programs/dwg2dxf -b -m ./SEGV-check_POLYLINE_handles-decode-5110 -o /dev/null
AddressSanitizer output
POC
heap-overflow-bit_read_fixed-bits-1424.zip
The text was updated successfully, but these errors were encountered: