An out of bound read was found in function OpCode(file util/decompile.c 957).
Details:
==30829==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61400000f5d0 at pc 0x000000413ddb bp 0x7ffeb39e6460 sp 0x7ffeb39e6450
READ of size 1 at 0x61400000f5d0 thread T0
#0 0x413dda in OpCode /src/libming-afl/util/decompile.c:957
#1 0x415ab5 in decompileGETTIME /src/libming-afl/util/decompile.c:1506
#2 0x41ecc9 in decompileAction /src/libming-afl/util/decompile.c:3264
#3 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
#4 0x41e83c in decompileSETTARGET /src/libming-afl/util/decompile.c:3169
#5 0x41f292 in decompileAction /src/libming-afl/util/decompile.c:3462
#6 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
#7 0x419908 in decompileIF /src/libming-afl/util/decompile.c:2364
#8 0x41eef2 in decompileAction /src/libming-afl/util/decompile.c:3335
#9 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
#10 0x41b85b in decompileIF /src/libming-afl/util/decompile.c:2656
#11 0x41eef2 in decompileAction /src/libming-afl/util/decompile.c:3335
#12 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
#13 0x41b85b in decompileIF /src/libming-afl/util/decompile.c:2656
#14 0x41eef2 in decompileAction /src/libming-afl/util/decompile.c:3335
#15 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
#16 0x41b85b in decompileIF /src/libming-afl/util/decompile.c:2656
#17 0x41eef2 in decompileAction /src/libming-afl/util/decompile.c:3335
#18 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
#19 0x41b85b in decompileIF /src/libming-afl/util/decompile.c:2656
#20 0x41eef2 in decompileAction /src/libming-afl/util/decompile.c:3335
#21 0x41f37d in decompileActions /src/libming-afl/util/decompile.c:3494
#22 0x41f4b3 in decompile5Action /src/libming-afl/util/decompile.c:3517
#23 0x40bb42 in outputSWF_DOACTION /src/libming-afl/util/outputscript.c:1551
#24 0x40e171 in outputBlock /src/libming-afl/util/outputscript.c:2083
#25 0x40f1c7 in readMovie /src/libming-afl/util/main.c:281
#26 0x40f8fc in main /src/libming-afl/util/main.c:354
#27 0x7f51e85bd82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#28 0x401998 in _start (/src/fuzz/swftocxx+0x401998)
0x61400000f5d0 is located 0 bytes to the right of 400-byte region [0x61400000f440,0x61400000f5d0)
allocated by thread T0 here:
#0 0x7f51e8f2279a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x42854e in parseSWF_ACTIONRECORD /src/libming-afl/util/parser.c:1062
#2 0x4289b2 in parseSWF_ACTIONRECORD /src/libming-afl/util/parser.c:1075
#3 0x4289b2 in parseSWF_ACTIONRECORD /src/libming-afl/util/parser.c:1075
#4 0x4289b2 in parseSWF_ACTIONRECORD /src/libming-afl/util/parser.c:1075
#5 0x4289b2 in parseSWF_ACTIONRECORD /src/libming-afl/util/parser.c:1075
#6 0x437ca5 in parseSWF_DOACTION /src/libming-afl/util/parser.c:2434
#7 0x40fb59 in blockParse /src/libming-afl/util/blocktypes.c:145
#8 0x40f116 in readMovie /src/libming-afl/util/main.c:269
#9 0x40f8fc in main /src/libming-afl/util/main.c:354
#10 0x7f51e85bd82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /src/libming-afl/util/decompile.c:957 OpCode
Shadow bytes around the buggy address:
0x0c287fff9e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff9e70: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
0x0c287fff9e80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c287fff9e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff9ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff9eb0: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
0x0c287fff9ec0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c287fff9ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff9ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff9ef0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x0c287fff9f00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==30829==ABORTING
Description
An out of bound read was found in function OpCode(file util/decompile.c 957).
Details:
poc file
https://github.com/JsHuang/pocs/blob/master/libming/swftocxx/oob_read_decompile_957
Credit
ADLab of Venustech
The text was updated successfully, but these errors were encountered: