You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
r->position() + len caused a interger overflow at line 6857 of file gSWFParser.cpp
if( r->getPosition() != file_offset + len ) {
fprintf( stderr, "WARNING: end of tag %s is @%i, should be @%i\n",
"DefineSprite",
r->getPosition(),
file_offset+len );
r->seekTo( file_offset + len );
}
it will make cur pos to a negative number
then in the function getword, the pos will be a really big number, then it will cause an oob access.
uint16_t Reader::getWord() {
if (pos+2 > length) {
err = Reader::eof;
pos = length+1;
return 0;
}
printf("%d\n", pos);
int r = data[pos++];
r += data[pos++]<<8;
return r;
}
The text was updated successfully, but these errors were encountered:
poc:
https://drive.google.com/open?id=1o3DyrB2cT_yHOMqYWOUXxHKqgHKQ3Oad
asan:
https://drive.google.com/open?id=1FfVhfhB_lJc6bAYOWyoOkjz-Udmn0l9J
r->position() + len caused a interger overflow at line 6857 of file gSWFParser.cpp
it will make cur pos to a negative number
then in the function getword, the pos will be a really big number, then it will cause an oob access.
The text was updated successfully, but these errors were encountered: