You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a buffer overflow in the newest master branch 04aee52 which related to incomplete fix of CVE-2019-9114 mentioned in issue #170.
Here is the reproducing command:
==168940==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000eeab at pc 0x00000041fa80 bp 0x7ffd66331d40 sp 0x7ffd66331d30
WRITE of size 1 at 0x60300000eeab thread T0
#0 0x41fa7f in strcpyext ../../util/decompile.c:259
#1 0x41fa7f in getName ../../util/decompile.c:435
#2 0x4304b8 in decompileREMOVECLIP ../../util/decompile.c:3108
#3 0x4304b8 in decompileAction ../../util/decompile.c:3497
#4 0x44e234 in decompileActions ../../util/decompile.c:3535
#5 0x44e234 in decompile5Action ../../util/decompile.c:3558
#6 0x4114d9 in outputSWF_INITACTION ../../util/outputscript.c:1860
#7 0x402836 in readMovie ../../util/main.c:281
#8 0x402836 in main ../../util/main.c:354
#9 0x7fbe6bcd982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#10 0x403b38 in _start (/mnt/data/playground/libming/build/util/swftophp+0x403b38)
0x60300000eeab is located 0 bytes to the right of 27-byte region [0x60300000ee90,0x60300000eeab)
allocated by thread T0 here:
#0 0x7fbe6c63e662 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98662)
#1 0x41f3d0 in getName ../../util/decompile.c:434
SUMMARY: AddressSanitizer: heap-buffer-overflow ../../util/decompile.c:259 strcpyext
Shadow bytes around the buggy address:
0x0c067fff9d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c067fff9dd0: fa fa 00 00 00[03]fa fa 00 00 00 fa fa fa 00 00
0x0c067fff9de0: 00 fa fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa
0x0c067fff9df0: 00 00 00 00 fa fa 00 00 00 00 fa fa fd fd fd fd
0x0c067fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==168940==ABORTING
The text was updated successfully, but these errors were encountered:
Hi, there.
There is a buffer overflow in the newest master branch 04aee52 which related to incomplete fix of CVE-2019-9114 mentioned in issue #170.
Here is the reproducing command:
POC:
overflow-decompiler259-20199114.zip
Here is the reproduce trace reported by ASAN:
The text was updated successfully, but these errors were encountered: