A null pointer dereference bug was found in function strlenext()(decompile.c:238)
Program received signal SIGSEGV, Segmentation fault.
0x0000000000407d27 in strlenext (str=0x0) at decompile.c:238
238 while (*str)
(gdb) bt
#0 0x0000000000407d27 in strlenext (str=0x0) at decompile.c:238
#1 0x0000000000408468 in getName (act=0x631720) at decompile.c:440
#2 0x0000000000407f79 in getString (act=0x6316c0) at decompile.c:333
#3 0x0000000000409071 in newVar_N (var=0x424ba1 "", var2=0x424ba1 "", var3=0x4258e0 "concat", var4=0x424e8c "(",
pop_counter=2, final=0x424e8a ")") at decompile.c:725
#4 0x00000000004103c2 in decompileSTRINGCONCAT (n=5, actions=0x632800, maxn=9) at decompile.c:3038
#5 0x00000000004113a5 in decompileAction (n=5, actions=0x632800, maxn=9) at decompile.c:3453
#6 0x00000000004114dd in decompileActions (n=9, actions=0x632800, indent=7) at decompile.c:3494
#7 0x000000000040eddd in decompileIF (n=2, actions=0x632e50, maxn=4) at decompile.c:2656
#8 0x0000000000411052 in decompileAction (n=2, actions=0x632e50, maxn=4) at decompile.c:3335
#9 0x00000000004114dd in decompileActions (n=4, actions=0x632e50, indent=6) at decompile.c:3494
#10 0x0000000000410a14 in decompileSETTARGET (n=9, actions=0x632b30, maxn=13, is_type2=1) at decompile.c:3169
#11 0x000000000041140d in decompileAction (n=9, actions=0x632b30, maxn=13) at decompile.c:3465
#12 0x00000000004114dd in decompileActions (n=13, actions=0x632b30, indent=5) at decompile.c:3494
#13 0x000000000040eddd in decompileIF (n=2, actions=0x6320c0, maxn=4) at decompile.c:2656
#14 0x0000000000411052 in decompileAction (n=2, actions=0x6320c0, maxn=4) at decompile.c:3335
#15 0x00000000004114dd in decompileActions (n=4, actions=0x6320c0, indent=4) at decompile.c:3494
#16 0x0000000000410a14 in decompileSETTARGET (n=3, actions=0x631f80, maxn=7, is_type2=1) at decompile.c:3169
#17 0x000000000041140d in decompileAction (n=3, actions=0x631f80, maxn=7) at decompile.c:3465
#18 0x00000000004114dd in decompileActions (n=7, actions=0x631f80, indent=3) at decompile.c:3494
#19 0x000000000040eddd in decompileIF (n=3, actions=0x632300, maxn=5) at decompile.c:2656
#20 0x0000000000411052 in decompileAction (n=3, actions=0x632300, maxn=5) at decompile.c:3335
#21 0x00000000004114dd in decompileActions (n=5, actions=0x632300, indent=2) at decompile.c:3494
#22 0x0000000000410a14 in decompileSETTARGET (n=2, actions=0x632210, maxn=7, is_type2=1) at decompile.c:3169
#23 0x000000000041140d in decompileAction (n=2, actions=0x632210, maxn=7) at decompile.c:3465
#24 0x00000000004114dd in decompileActions (n=7, actions=0x632210, indent=1) at decompile.c:3494
#25 0x000000000040eddd in decompileIF (n=17, actions=0x631790, maxn=18) at decompile.c:2656
#26 0x0000000000411052 in decompileAction (n=17, actions=0x631790, maxn=18) at decompile.c:3335
#27 0x00000000004114dd in decompileActions (n=18, actions=0x631790, indent=0) at decompile.c:3494
#28 0x00000000004115df in decompile5Action (n=18, actions=0x631790, indent=0) at decompile.c:3517
#29 0x00000000004055e1 in outputSWF_DOACTION (pblock=0x631250) at outputscript.c:1551
---Type <return> to continue, or q <return> to quit---
#30 0x0000000000406907 in outputBlock (type=12, blockp=0x631250, stream=0x630010) at outputscript.c:2083
#31 0x000000000040737f in readMovie (f=0x630010) at main.c:281
#32 0x00000000004076cb in main (argc=2, argv=0x7fffffffe4f8) at main.c:354
to reproduce it ,run swftopython with segmentaion_fault_decompile_238
A null pointer dereference bug was found in function strlenext()(decompile.c:238)
to reproduce it ,run swftopython with segmentaion_fault_decompile_238
./swftopython segmentaion_fault_decompile_238poc file https://github.com/JsHuang/libming-poc/blob/master/swftopython/segmentaion_fault_decompile_238
credit: ADLab of Venustech
segmentaion_fault_decompile_238.zip
The text was updated successfully, but these errors were encountered: