Description
On latest version (0.4.8) of libming and commit 50e2bf7, there is a null pointer dereference in getInt function of decompile.c file, which could be triggered by the POC below.
To reproduce the issue, run ./swftophp $POC
The POC is attached.
==146840==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x00000042c454 bp 0x000000000022 sp 0x7ffca3ae5e10 T0)
==146840==The signal is caused by a READ memory access.
==146840==Hint: address points to the zero page.
#0 0x42c453 in getInt /u/test/test/product/libming/master/src/util/decompile.c:455
#1 0x42c453 in decompileGETPROPERTY /u/test/test/product/libming/master/src/util/decompile.c:1445
#2 0x42c453 in decompileAction /u/test/test/product/libming/master/src/util/decompile.c:3226
#3 0x44a0e4 in decompileActions /u/test/test/product/libming/master/src/util/decompile.c:3460
#4 0x44a0e4 in decompile5Action /u/test/test/product/libming/master/src/util/decompile.c:3483
#5 0x410b70 in outputSWF_DOACTION /u/test/test/product/libming/master/src/util/outputscript.c:1551
#6 0x402a48 in readMovie /u/test/test/product/libming/master/src/util/main.c:281
#7 0x402a48 in main /u/test/test/product/libming/master/src/util/main.c:354
#8 0x7fd038bc2c04 in __libc_start_main (/usr/lib64/libc.so.6+0x21c04)
#9 0x404073 (/home/test/test/product/libming/master/exe_asan/bin/swftophp+0x404073)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /u/test/test/product/libming/master/src/util/decompile.c:455 in getInt
==146840==ABORTING
libming_0-4-8_swftophp_null-pointer-dereference_getInt.swf.zip