Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null pointer dereference in getString (decompile.c 381) #171

Open
JsHuang opened this Issue Jan 2, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@JsHuang
Copy link

JsHuang commented Jan 2, 2019

A null pointer dereference was found in function getString() (decompile.c line 381)
Details is as below:

ASAN:SIGSEGV
=================================================================
==30834==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000411266 bp 0x7ffd28773620 sp 0x7ffd28773580 T0)
    #0 0x411265 in getString /src/libming-afl/util/decompile.c:381
    #1 0x412f8c in newVar_N /src/libming-afl/util/decompile.c:725
    #2 0x41685e in decompileNEWOBJECT /src/libming-afl/util/decompile.c:1677
    #3 0x41ed5a in decompileAction /src/libming-afl/util/decompile.c:3283
    #4 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
    #5 0x41e83c in decompileSETTARGET /src/libming-afl/util/decompile.c:3169
    #6 0x41f292 in decompileAction /src/libming-afl/util/decompile.c:3462
    #7 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
    #8 0x41f4b3 in decompile5Action /src/libming-afl/util/decompile.c:3517
    #9 0x40bb42 in outputSWF_DOACTION /src/libming-afl/util/outputscript.c:1551
    #10 0x40e171 in outputBlock /src/libming-afl/util/outputscript.c:2083
    #11 0x40f1c7 in readMovie /src/libming-afl/util/main.c:281
    #12 0x40f8fc in main /src/libming-afl/util/main.c:354
    #13 0x7f83c852182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #14 0x401998 in _start (/src/fuzz/swftocxx+0x401998)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/libming-afl/util/decompile.c:381 getString
==30834==ABORTING

poc file :
https://github.com/JsHuang/libming-poc/blob/master/swftocxx/SIGSEGV_decompile_381

Reproduce it using:
./swftocxx SIGSEGV_decompile_381

credit: ADLab of Venustech

@rathann

This comment has been minimized.

Copy link

rathann commented Mar 1, 2019

CVE-2019-9113

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.