Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory allocation failure in parseSWF_ACTIONRECORD (parser.c: 1142), different from #109 #173

Open
waugustus opened this issue Jan 17, 2019 · 2 comments

Comments

@waugustus
Copy link

version: master(commit 5009802)
command: listswf $FILE
OS: Ubuntu 16.04.4 LTS 64bit

$ ./install-asan/bin/listswf poc>/dev/null
header indicates a filesize of 808464488 but filesize is 430
 Stream out of sync after parse of blocktype 24 (SWF_PROTECT). 33 but expecting 51.
==40038==WARNING: AddressSanitizer failed to allocate 0xfffffffffffcd800 bytes
==40038==AddressSanitizer's allocator is terminating the process instead of returning 0
==40038==If you don't like this behavior set allocator_may_return_null=1
==40038==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0)
    #0 0x7f9ab5b8b631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7f9ab5b905e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7f9ab5b08425  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
    #3 0x7f9ab5b8e865  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
    #4 0x7f9ab5b0db4d  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
    #5 0x7f9ab5b835d2 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x985d2)
    #6 0x433465 in parseSWF_ACTIONRECORD /home/wdw/experiment/aflgo/libming/util/parser.c:1142
    #7 0x42d6de in parseSWF_CLIPACTIONRECORD /home/wdw/experiment/aflgo/libming/util/parser.c:386
    #8 0x42da81 in parseSWF_CLIPACTIONS /home/wdw/experiment/aflgo/libming/util/parser.c:408
    #9 0x4443a3 in parseSWF_PLACEOBJECT2 /home/wdw/experiment/aflgo/libming/util/parser.c:2665
    #10 0x419c15 in blockParse /home/wdw/experiment/aflgo/libming/util/blocktypes.c:145
    #11 0x415a68 in readMovie /home/wdw/experiment/aflgo/libming/util/main.c:269
    #12 0x41624e in main /home/wdw/experiment/aflgo/libming/util/main.c:354
    #13 0x7f9ab522282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #14 0x401aa8 in _start (/home/wdw/experiment/aflgo/libming/install-asan/bin/listswf+0x401aa8)

Download: poc

@rathann
Copy link

rathann commented Feb 25, 2019

CVE-2019-7581

@rathann
Copy link

rathann commented Mar 8, 2019

Which commit fixes this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants