Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stack-overflow on ass_parse.c:77 mystrcmp #423

Closed
Fstark-prog opened this issue Aug 29, 2020 · 3 comments
Closed

stack-overflow on ass_parse.c:77 mystrcmp #423

Fstark-prog opened this issue Aug 29, 2020 · 3 comments

Comments

@Fstark-prog
Copy link

Fstark-prog commented Aug 29, 2020

Description
A vulnerability was found in function mystrcmp in ass_parse.c:77 ,which allow attackers to cause a denial of service or remote code execution via a crafted file.

@TheOneric
Copy link
Member

Thanks for taking your time to fuzz libass.
I can't find mystrcmp anywhere in the stacktrace, it seems to point towards the same problem as #422 , perhaps you mixed the stacktraces up? Did you fuzz against git-master or still 0.14.0 ?
Also the poc.zip archive seems to be broken, so unfortunately I can't try to reproduce it myself and it isn't obvious to me how mystrcmp can be exploited either.

Archive:  poc.zip
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.

Incidentially mystrcmp was modified a few days ago in b3f9022, could you retest and/or reupload the sample file ?

@TheOneric
Copy link
Member

TheOneric commented Sep 3, 2020

Ok, I've tested the file from the RAR archive with master and 0.14.0. In both cases I couldn't reproduce any overflows or similar.

Can you provide exact steps how to reproduce this? Which program consumes the sample file? Which OS, libc and CPU architecture? Which exact version of libass is being used?

@astiob
Copy link
Member

astiob commented Sep 19, 2020

Unless the OP posted a wrong stack trace by accident, I’m pretty sure this is the same as #422 and is long fixed in master.

It’s great to have more people fuzz libass, but please run your tests against master!

@astiob astiob closed this as completed Sep 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants