Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault in function decompileINCR_DECR, decompile.c 1640 #203

Open
5hadowblad3 opened this issue Aug 25, 2020 · 0 comments
Open

Comments

@5hadowblad3
Copy link

Hi, there.

There is a segmentation fault in the newest master branch 04aee52.
Here is the reproducing command:

swftophp poc

POC:
seg-decompile1640.zip

Here is the reproduce trace reported by ASAN:

==79767==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x00000042782c bp 0x0000000000f0 sp 0x7ffdbd64ccf0 T0)
    #0 0x42782b in decompileINCR_DECR ../../util/decompile.c:1640
    #1 0x44e234 in decompileActions ../../util/decompile.c:3535
    #2 0x44e234 in decompile5Action ../../util/decompile.c:3558
    #3 0x4114d9 in outputSWF_INITACTION ../../util/outputscript.c:1860
    #4 0x402836 in readMovie ../../util/main.c:281
    #5 0x402836 in main ../../util/main.c:354
    #6 0x7fd557eb582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #7 0x403b38 in _start (/mnt/data/playground/libming/build/util/swftophp+0x403b38)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../../util/decompile.c:1640 decompileINCR_DECR
==79767==ABORTING

The cause might due to the incomplete check related to the index for array regs.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant