We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi rurban,
Making a quick report on an out-of-bounds read fuzzing crash. I confirmed this with a build using the --enable-release flag as well.
--enable-release
Release build error:
./programs/dwgread crash.dwg ERROR: Invalid num_pages 7274598, skip ERROR: Invalid section->pages[0] size Warning: Failed to find section_info[1] ERROR: Failed to read header section Warning: Failed to find section_info[3] ERROR: Failed to read class section Warning: Failed to find section_info[7] ERROR: Failed to read objects section Warning: Failed to find section_info[2] ERROR: Preview overflow 119 + 0 > 302223 Warning: thumbnail.size mismatch: 302223 != 0 zsh: segmentation fault ./programs/dwgread ./crash.dwg
Debug trace:
Program received signal SIGSEGV, Segmentation fault. 0x0000555555810645 in read_data_section (sec_dat=0x7fffffffc1f0, dat=0x7fffffffc880, sections_map=<optimized out>, pages_map=0x555555b0fd50, sec_type=<optimized out>) at decode_r2007.c:840 840 r2007_section_page *section_page = section->pages[i]; (gdb) backtrace #0 0x0000555555810645 in read_data_section (sec_dat=0x7fffffffc1f0, dat=0x7fffffffc880, sections_map=<optimized out>, pages_map=0x555555b0fd50, sec_type=<optimized out>) at decode_r2007.c:840 #1 0x0000555555808d5c in read_2007_section_revhistory (dat=0x7fffffffc880, dwg=0x7fffffffc8c0, sections_map=0x555555b0f410, pages_map=0x555555b0fd50) at decode_r2007.c:2023 #2 read_r2007_meta_data (dat=0x7fffffffc880, hdl_dat=<optimized out>, dwg=0x7fffffffc8c0) at decode_r2007.c:2466 #3 0x00005555555d5279 in decode_R2007 (dat=0x7fffffffc880, dwg=0x7fffffffc8c0) at decode.c:3469 #4 dwg_decode (dat=0x7fffffffc880, dwg=0x7fffffffc8c0) at decode.c:227 #5 0x00005555555be42d in dwg_read_file (filename=<optimized out>, dwg=0x7fffffffc8c0) at dwg.c:261 #6 0x00005555555be42d in main (argc=<optimized out>, argv=0x7fffffffdec8)
crash.dwg.zip
Thanks!
The text was updated successfully, but these errors were encountered:
decode_r2007: fix fuzzing out-of-bounds
c8cf03c
reset invalid section->num_pages. Fixes GH #850
Sorry, something went wrong.
libredwg: apply patch for CVE-2023-26157
926673e
LibreDWG/libredwg#850
da71452
LibreDWG/libredwg#850 (cherry picked from commit 926673e)
rurban
No branches or pull requests
Hi rurban,
Making a quick report on an out-of-bounds read fuzzing crash. I confirmed this with a build using the
--enable-release
flag as well.Release build error:
Debug trace:
crash.dwg.zip
Thanks!
The text was updated successfully, but these errors were encountered: