heap-use-after-free in decompileArithmeticOp (decompile.c)

[ProbeFuzzer]

On latest version of libming, there is a heap-use-after-free in decompileArithmeticOp function of decompile.c, which could be triggered by the POC below.

To reproduce the issue, run: ./bin/swftophp $POC
POC could be downloaded at: https://github.com/ProbeFuzzer/poc/blob/master/libming/libming_0-4-8_swftophp_heap-use-after-free_bmpdecompileArithmeticOp.swf

OUTPUT:
header indicates a filesize of 140 but filesize is 166

setDimension(11000, 8000); /* SWF_DOACTION */ ================================================================= ==60331==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000000040 at pc 0x00000041eed4 bp 0x7ffec73572d0 sp 0x7ffec73572c8 READ of size 8 at 0x603000000040 thread T0 #0 0x41eed3 in getString /u/test/product/libming/master/src/util/decompile.c:349 #1 0x42691d in decompileArithmeticOp /u/test/product/libming/master/src/util/decompile.c:1080 #2 0x44af74 in decompileActions /u/test/product/libming/master/src/util/decompile.c:3419 #3 0x44af74 in decompile5Action /u/test/product/libming/master/src/util/decompile.c:3441 #4 0x411740 in outputSWF_DOACTION /u/test/product/libming/master/src/util/outputscript.c:1551 #5 0x402b69 in readMovie /u/test/product/libming/master/src/util/main.c:286 #6 0x402b69 in main /u/test/product/libming/master/src/util/main.c:359 #7 0x7f65a8dbfc04 in __libc_start_main (/lib64/libc.so.6+0x21c04) #8 0x4043d3 (/home/test/product/libming/master/exe_asan/bin/swftophp+0x4043d3)

[hlef]

Same as #129 and #130, already reported and already fixed issue (3a000c7).