Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allocation size overflow in cws2fws() at main.c:111 #267

Open
fengzhengzhan opened this issue Mar 21, 2023 · 0 comments
Open

Allocation size overflow in cws2fws() at main.c:111 #267

fengzhengzhan opened this issue Mar 21, 2023 · 0 comments

Comments

@fengzhengzhan
Copy link

Allocation size overflow in the latest version of libming at function cws2fws in util/main.c:111.

Environment

Ubuntu 18.04, 64 bit
libming 0.4.8

Steps to reproduce

  1. download file
wget https://github.com/libming/libming/archive/refs/tags/ming-0_4_8.tar.gz
tar -zxvf ming-0_4_8.tar.gz
  1. compile libming with ASAN
cd libming-ming-0_4_8
./autogen.sh
export FORCE_UNSAFE_CONFIGURE=1
export LLVM_COMPILER=clang
CC=wllvm CXX=wllvm++ CFLAGS="-g -O0 -fcommon -Wno-error" ./configure --prefix=`pwd`/obj-bc --with-php-config=/usr/bin/php-config7.2 --enable-static --disable-shared
make
make install

cd obj-bc/bin/
extract-bc swftophp
clang -fsanitize=address -lz -lm swftophp.bc -o swftophp_asan
  1. command for reproducing the error
./swftophp_asan poc

Download poc:
libming_0-4-8_swftophp_allocation-size-overflow_main111.zip

ASAN report

root@2413df779df0:~/compiler1804/libming-ming-0_4_8/obj-bc/bin# ./swftophp_asan libming_0-4-8_swftophp_allocation-size-overflow_main111.swf 
=================================================================
==60493==ERROR: AddressSanitizer: requested allocation size 0xffffffffff000533 (0xffffffffff001538 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
    #0 0x4ae288 in realloc /root/LLVM/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164
    #1 0x4f9334 in cws2fws /root/compiler1804/libming-ming-0_4_8/util/main.c:111:15
    #2 0x4f99dd in readMovieHeader /root/compiler1804/libming-ming-0_4_8/util/main.c:198:18
    #3 0x4f97ee in main /root/compiler1804/libming-ming-0_4_8/util/main.c:346:5
    #4 0x7f6a64b67c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310

==60493==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: allocation-size-too-big /root/LLVM/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164 in realloc
==60493==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant