A null pointer dereference bug was found in function getName()(decompile.c:407)
Program received signal SIGSEGV, Segmentation fault.
0x0000000000408376 in getName (act=0x0) at decompile.c:407
407 switch( act->Type )
(gdb) bt
#0 0x0000000000408376 in getName (act=0x0) at decompile.c:407
#1 0x000000000040c42d in decompileRETURN (n=1, actions=0x63c960, maxn=2) at decompile.c:1878
#2 0x000000000040c98e in decompileJUMP (n=1, actions=0x63c960, maxn=2) at decompile.c:1969
#3 0x000000000041106b in decompileAction (n=1, actions=0x63c960, maxn=2) at decompile.c:3325
#4 0x0000000000411546 in decompileActions (n=2, actions=0x63c960, indent=1) at decompile.c:3494
#5 0x000000000040d678 in decompile_SWITCH (n=0, actions=0x63c730, maxn=23, off1end=81) at decompile.c:2235
#6 0x000000000040ea0b in decompileIF (n=7, actions=0x632260, maxn=14) at decompile.c:2594
#7 0x00000000004110bb in decompileAction (n=7, actions=0x632260, maxn=14) at decompile.c:3335
#8 0x0000000000411546 in decompileActions (n=14, actions=0x632260, indent=0) at decompile.c:3494
#9 0x0000000000411648 in decompile5Action (n=14, actions=0x632260, indent=0) at decompile.c:3517
#10 0x0000000000405610 in outputSWF_DOACTION (pblock=0x631250) at outputscript.c:1551
#11 0x0000000000406970 in outputBlock (type=12, blockp=0x631250, stream=0x630010) at outputscript.c:2083
#12 0x00000000004073e8 in readMovie (f=0x630010) at main.c:281
#13 0x0000000000407734 in main (argc=2, argv=0x7fffffffe448) at main.c:354
(gdb) b decompile.c:407
Breakpoint 1 at 0x408372: file decompile.c, line 407.
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/libming/util/swftophp segmentaion_fault_decompile_407
header indicates a filesize of 1484 but filesize is 128
<?php
$m = new SWFMovie(10);
ming_setscale(1.0);
$m->setRate(24.000000);
$m->setDimension(11672, 8000);
/*Unknown block type 69*/
Stream out of sync after parse of blocktype 12 (SWF_DOACTION). 126 but expecting 113.
/* SWF_DOACTION */
Breakpoint 1, getName (act=0x0) at decompile.c:407
407 switch( act->Type )
(gdb) p act
$1 = (struct SWF_ACTIONPUSHPARAM *) 0x0
to reproduce it ,run swftophp with segmentaion_fault_decompile_407
A null pointer dereference bug was found in function getName()(decompile.c:407)
to reproduce it ,run swftophp with segmentaion_fault_decompile_407
./swftophp segmentaion_fault_decompile_407poc file https://github.com/JsHuang/libming-poc/blob/master/swftophp/segmentaion_fault_decompile_407
credit: ADLab of Venustech
segmentaion_fault_decompile_407.zip
The text was updated successfully, but these errors were encountered: