Hi, I currently learn to use fuzz tech to detect bugs and I found something in this repo.
in order to reproduce the crash info, please attach ASAN when you compile this repo.
==71111==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100004fce8 at pc 0x00000063ce64 bp 0x7ffdb8f7dab0 sp 0x7ffdb8f7daa8
READ of size 1 at 0x62100004fce8 thread T0
#0 0x63ce63 in DCTStream::readHuffSym(DCTHuffTable*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2825:14
#1 0x638c4a in DCTStream::readDataUnit(DCTHuffTable*, DCTHuffTable*, int*, int*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2345:17
#2 0x634338 in DCTStream::readMCURow() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2129:9
#3 0x632e98 in DCTStream::getChar() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2040:12
#4 0x60e023 in ImageStream::getLine() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:373:25
#5 0x60dd51 in ImageStream::getPixel(unsigned char*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:344:5
#6 0x7c9dc5 in VectorGraphicOutputDev::drawGeneralImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int, int, int, int*, Stream*, int, int, int, GfxImageColorMap*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1303:12
#7 0x7ccc45 in VectorGraphicOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int*, int) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1430:5
#8 0x71dc57 in Gfx::doImage(Object*, Stream*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3664:12
#9 0x6ec5e0 in Gfx::opXObject(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3336:7
#10 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#11 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#12 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#13 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#14 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#15 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#16 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#17 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#18 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#19 0x7f645bf2ac86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#20 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
Address 0x62100004fce8 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2825:14 in DCTStream::readHuffSym(DCTHuffTable*)
Shadow bytes around the buggy address:
0x0c4280001f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4280001f90: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa
0x0c4280001fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==71111==ABORTING
==50683==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000000280 at pc 0x000000751637 bp 0x7ffe2a4712c0 sp 0x7ffe2a4712b8
READ of size 8 at 0x608000000280 thread T0
#0 0x751636 in GfxICCBasedColorSpace::getDefaultColor(GfxColor*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:923:9
#1 0x6f5e8e in Gfx::opSetFillColorSpace(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:1163:17
#2 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#3 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#4 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#5 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#6 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#7 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#8 0x5fcfff in pdf_open(_gfxsource*, char const*) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:542:14
#9 0x500300 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:738:26
#10 0x7f363dd8ac86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
0x608000000280 is located 0 bytes to the right of 96-byte region [0x608000000220,0x608000000280)
allocated by thread T0 here:
#0 0x4f8d28 in operator new(unsigned long) /home/bupt/桌�/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x7497ce in GfxICCBasedColorSpace::parse(Array*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:890:8
#2 0x745a62 in GfxColorSpace::parse(Object*, StreamColorSpaceMode) /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:134:12
#3 0x6f5da4 in Gfx::opSetFillColorSpace(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc
#4 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:923:9 in GfxICCBasedColorSpace::getDefaultColor(GfxColor*)
Shadow bytes around the buggy address:
0x0c107fff8000: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 02 fa
0x0c107fff8010: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
0x0c107fff8020: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x0c107fff8030: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c107fff8040: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c107fff8050:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==50683==ABORTING
==60167==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000003080 at pc 0x00000092ceba bp 0x7ffe40762c20 sp 0x7ffe40762c18
WRITE of size 8 at 0x604000003080 thread T0
#0 0x92ceb9 in draw_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:212:24
#1 0x92e224 in gfxpoly_from_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:226:5
#2 0x90989c in polyops_stroke /home/bupt/Desktop/swftools/lib/devices/polyops.c:229:23
#3 0x7c1563 in VectorGraphicOutputDev::strokeGfxline(GfxState*, _gfxline*, int) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:612:9
#4 0x7cd69e in VectorGraphicOutputDev::stroke(GfxState*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1487:5
#5 0x6eeffa in Gfx::opStroke(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:1415:12
#6 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#7 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#8 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#9 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#10 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#11 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#12 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#13 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#14 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#15 0x7f15d7322c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#16 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
0x604000003080 is located 0 bytes to the right of 48-byte region [0x604000003050,0x604000003080)
allocated by thread T0 here:
#0 0x4b3160 in malloc /home/bupt/桌�/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
#1 0x92c94f in draw_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:192:26
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:212:24 in draw_stroke
Shadow bytes around the buggy address:
0x0c087fff85c0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff85d0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff85e0: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 00 00
0x0c087fff85f0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff8600: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 00
=>0x0c087fff8610:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==60167==ABORTING
==8869==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000035ae8 at pc 0x00000062399c bp 0x7ffdb53cd5e0 sp 0x7ffdb53cd5d8
WRITE of size 8 at 0x621000035ae8 thread T0
#0 0x62399b in DCTStream::reset() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:1994:15
#1 0x60dc99 in ImageStream::reset() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:337:8
#2 0x7c82aa in VectorGraphicOutputDev::drawGeneralImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int, int, int, int*, Stream*, int, int, int, GfxImageColorMap*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1183:11
#3 0x7ccc45 in VectorGraphicOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int*, int) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1430:5
#4 0x71dc57 in Gfx::doImage(Object*, Stream*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3664:12
#5 0x6ec5e0 in Gfx::opXObject(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3336:7
#6 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#7 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#8 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#9 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#10 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#11 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#12 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#13 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#14 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#15 0x7f2c3ecc8c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#16 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
0x621000035ae8 is located 0 bytes to the right of 4584-byte region [0x621000034900,0x621000035ae8)
allocated by thread T0 here:
#0 0x4f8d28 in operator new(unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x60ccb7 in Stream::makeFilter(char*, Stream*, Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:239:11
#2 0x60b856 in Stream::addFilters(Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:112:11
#3 0x65fa23 in Parser::makeStream(Object*, unsigned char*, CryptAlgorithm, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Parser.cc:203:14
#4 0x65d23e in Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Parser.cc:94:18
#5 0x65375a in XRef::fetch(int, int, Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/XRef.cc:823:13
#6 0x6501de in Object::fetch(XRef*, Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Object.cc:106:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:1994:15 in DCTStream::reset()
Shadow bytes around the buggy address:
0x0c427fffeb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fffeb50: 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa
0x0c427fffeb60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeb70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==8869==ABORTING
==41269==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x00000091bf07 bp 0x7fff9910e150 sp 0x7fff9910dfa0 T0)
==41269==The signal is caused by a READ memory access.
==41269==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x91bf07 in convert_gfxline /home/bupt/Desktop/swftools/lib/gfxpoly/convert.c:31:18
#1 0x91bf07 in gfxpoly_from_fill /home/bupt/Desktop/swftools/lib/gfxpoly/convert.c:250:5
#2 0x90a161 in polyops_fill /home/bupt/Desktop/swftools/lib/devices/polyops.c:247:22
#3 0x7c3e1b in VectorGraphicOutputDev::fillGfxLine(GfxState*, _gfxline*, char) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:627:5
#4 0x7c3e1b in VectorGraphicOutputDev::endString(GfxState*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:805:6
#5 0x71bb67 in Gfx::doShowText(GString*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3300:10
#6 0x6f28e5 in Gfx::opShowText(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3042:3
#7 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#8 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#9 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#10 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#11 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#12 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#13 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#14 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#15 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#16 0x7fa199df7c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#17 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/swftools/lib/gfxpoly/convert.c:31:18 in convert_gfxline
==41269==ABORTING
==41858==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x0000008e4b57 bp 0x7ffe72186f50 sp 0x7ffe72186e20 T0)
==41858==The signal is caused by a READ memory access.
==41858==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x8e4b57 in gfxline_getbbox /home/bupt/Desktop/swftools/lib/gfxtools.c:765:11
#1 0x7c200e in VectorGraphicOutputDev::clipToGfxLine(GfxState*, _gfxline*, char) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:636:22
#2 0x7c439f in VectorGraphicOutputDev::endTextObject(GfxState*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:829:2
#3 0x6ed08a in Gfx::opEndText(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:2931:8
#4 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#5 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#6 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#7 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#8 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#9 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#10 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#11 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#12 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#13 0x7fa23073cc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#14 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/swftools/lib/gfxtools.c:765:11 in gfxline_getbbox
==41858==ABORTING
==102601==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x2e03f3250 bytes
#0 0x4b3160 in malloc /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145#1 0x92c94f in draw_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:192:26
==102601==HINT: if you don't care about these errors you may set allocator_may_return_null=1SUMMARY: AddressSanitizer: out-of-memory /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145 in malloc==102601==ABORTING
The text was updated successfully, but these errors were encountered:
Hi, I currently learn to use fuzz tech to detect bugs and I found something in this repo.
in order to reproduce the crash info, please attach ASAN when you compile this repo.
heap buffer overflow
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id3_heap_buffer_overflow.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id175_heap_buffer_overflow.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id293_heap_buffer_overflow.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id305_heap-buffer-overflow.zip
crash info
stack_buffer_overflow
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id100_stack_buffer_overflow.zip
crash info
global-buffer-overflow
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id7_global_buffer_overflow.zip
crash info
SEGV
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id0_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id76_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id87_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id177_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id247_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id299_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id359_SEGV.zip
crash info
FPE
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id92_FPE.zip
crash info
out of memory
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id298_out_of_memory.zip
crash info
==102601==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x2e03f3250 bytes #0 0x4b3160 in malloc /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145 #1 0x92c94f in draw_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:192:26 ==102601==HINT: if you don't care about these errors you may set allocator_may_return_null=1 SUMMARY: AddressSanitizer: out-of-memory /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145 in malloc ==102601==ABORTINGThe text was updated successfully, but these errors were encountered: