You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I currently learn to use fuzz tech to detect bugs and I found something in this repo.
in order to reproduce the crash info, please attach ASAN when you compile this repo.
==71111==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100004fce8 at pc 0x00000063ce64 bp 0x7ffdb8f7dab0 sp 0x7ffdb8f7daa8
READ of size 1 at 0x62100004fce8 thread T0
#0 0x63ce63 in DCTStream::readHuffSym(DCTHuffTable*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2825:14
#1 0x638c4a in DCTStream::readDataUnit(DCTHuffTable*, DCTHuffTable*, int*, int*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2345:17
#2 0x634338 in DCTStream::readMCURow() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2129:9
#3 0x632e98 in DCTStream::getChar() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2040:12
#4 0x60e023 in ImageStream::getLine() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:373:25
#5 0x60dd51 in ImageStream::getPixel(unsigned char*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:344:5
#6 0x7c9dc5 in VectorGraphicOutputDev::drawGeneralImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int, int, int, int*, Stream*, int, int, int, GfxImageColorMap*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1303:12
#7 0x7ccc45 in VectorGraphicOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int*, int) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1430:5
#8 0x71dc57 in Gfx::doImage(Object*, Stream*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3664:12
#9 0x6ec5e0 in Gfx::opXObject(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3336:7
#10 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#11 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#12 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#13 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#14 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#15 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#16 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#17 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#18 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#19 0x7f645bf2ac86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#20 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
Address 0x62100004fce8 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:2825:14 in DCTStream::readHuffSym(DCTHuffTable*)
Shadow bytes around the buggy address:
0x0c4280001f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c4280001f90: fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa
0x0c4280001fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280001fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==71111==ABORTING
==50683==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000000280 at pc 0x000000751637 bp 0x7ffe2a4712c0 sp 0x7ffe2a4712b8
READ of size 8 at 0x608000000280 thread T0
#0 0x751636 in GfxICCBasedColorSpace::getDefaultColor(GfxColor*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:923:9
#1 0x6f5e8e in Gfx::opSetFillColorSpace(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:1163:17
#2 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#3 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#4 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#5 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#6 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#7 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#8 0x5fcfff in pdf_open(_gfxsource*, char const*) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:542:14
#9 0x500300 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:738:26
#10 0x7f363dd8ac86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
0x608000000280 is located 0 bytes to the right of 96-byte region [0x608000000220,0x608000000280)
allocated by thread T0 here:
#0 0x4f8d28 in operator new(unsigned long) /home/bupt/桌�/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x7497ce in GfxICCBasedColorSpace::parse(Array*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:890:8
#2 0x745a62 in GfxColorSpace::parse(Object*, StreamColorSpaceMode) /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:134:12
#3 0x6f5da4 in Gfx::opSetFillColorSpace(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc
#4 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/pdf/xpdf/GfxState.cc:923:9 in GfxICCBasedColorSpace::getDefaultColor(GfxColor*)
Shadow bytes around the buggy address:
0x0c107fff8000: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 02 fa
0x0c107fff8010: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
0x0c107fff8020: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x0c107fff8030: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c107fff8040: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c107fff8050:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c107fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==50683==ABORTING
==60167==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000003080 at pc 0x00000092ceba bp 0x7ffe40762c20 sp 0x7ffe40762c18
WRITE of size 8 at 0x604000003080 thread T0
#0 0x92ceb9 in draw_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:212:24
#1 0x92e224 in gfxpoly_from_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:226:5
#2 0x90989c in polyops_stroke /home/bupt/Desktop/swftools/lib/devices/polyops.c:229:23
#3 0x7c1563 in VectorGraphicOutputDev::strokeGfxline(GfxState*, _gfxline*, int) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:612:9
#4 0x7cd69e in VectorGraphicOutputDev::stroke(GfxState*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1487:5
#5 0x6eeffa in Gfx::opStroke(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:1415:12
#6 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#7 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#8 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#9 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#10 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#11 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#12 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#13 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#14 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#15 0x7f15d7322c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#16 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
0x604000003080 is located 0 bytes to the right of 48-byte region [0x604000003050,0x604000003080)
allocated by thread T0 here:
#0 0x4b3160 in malloc /home/bupt/桌�/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
#1 0x92c94f in draw_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:192:26
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:212:24 in draw_stroke
Shadow bytes around the buggy address:
0x0c087fff85c0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff85d0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fff85e0: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 00 00
0x0c087fff85f0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
0x0c087fff8600: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 00
=>0x0c087fff8610:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fff8660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==60167==ABORTING
==8869==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000035ae8 at pc 0x00000062399c bp 0x7ffdb53cd5e0 sp 0x7ffdb53cd5d8
WRITE of size 8 at 0x621000035ae8 thread T0
#0 0x62399b in DCTStream::reset() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:1994:15
#1 0x60dc99 in ImageStream::reset() /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:337:8
#2 0x7c82aa in VectorGraphicOutputDev::drawGeneralImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int, int, int, int*, Stream*, int, int, int, GfxImageColorMap*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1183:11
#3 0x7ccc45 in VectorGraphicOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, int*, int) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:1430:5
#4 0x71dc57 in Gfx::doImage(Object*, Stream*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3664:12
#5 0x6ec5e0 in Gfx::opXObject(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3336:7
#6 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#7 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#8 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#9 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#10 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#11 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#12 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#13 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#14 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#15 0x7f2c3ecc8c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#16 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
0x621000035ae8 is located 0 bytes to the right of 4584-byte region [0x621000034900,0x621000035ae8)
allocated by thread T0 here:
#0 0x4f8d28 in operator new(unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x60ccb7 in Stream::makeFilter(char*, Stream*, Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:239:11
#2 0x60b856 in Stream::addFilters(Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:112:11
#3 0x65fa23 in Parser::makeStream(Object*, unsigned char*, CryptAlgorithm, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Parser.cc:203:14
#4 0x65d23e in Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Parser.cc:94:18
#5 0x65375a in XRef::fetch(int, int, Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/XRef.cc:823:13
#6 0x6501de in Object::fetch(XRef*, Object*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Object.cc:106:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/swftools/lib/pdf/xpdf/Stream.cc:1994:15 in DCTStream::reset()
Shadow bytes around the buggy address:
0x0c427fffeb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffeb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fffeb50: 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa
0x0c427fffeb60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeb70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffeba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==8869==ABORTING
==41269==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x00000091bf07 bp 0x7fff9910e150 sp 0x7fff9910dfa0 T0)
==41269==The signal is caused by a READ memory access.
==41269==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x91bf07 in convert_gfxline /home/bupt/Desktop/swftools/lib/gfxpoly/convert.c:31:18
#1 0x91bf07 in gfxpoly_from_fill /home/bupt/Desktop/swftools/lib/gfxpoly/convert.c:250:5
#2 0x90a161 in polyops_fill /home/bupt/Desktop/swftools/lib/devices/polyops.c:247:22
#3 0x7c3e1b in VectorGraphicOutputDev::fillGfxLine(GfxState*, _gfxline*, char) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:627:5
#4 0x7c3e1b in VectorGraphicOutputDev::endString(GfxState*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:805:6
#5 0x71bb67 in Gfx::doShowText(GString*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3300:10
#6 0x6f28e5 in Gfx::opShowText(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:3042:3
#7 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#8 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#9 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#10 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#11 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#12 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#13 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#14 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#15 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#16 0x7fa199df7c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#17 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/swftools/lib/gfxpoly/convert.c:31:18 in convert_gfxline
==41269==ABORTING
==41858==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x0000008e4b57 bp 0x7ffe72186f50 sp 0x7ffe72186e20 T0)
==41858==The signal is caused by a READ memory access.
==41858==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x8e4b57 in gfxline_getbbox /home/bupt/Desktop/swftools/lib/gfxtools.c:765:11
#1 0x7c200e in VectorGraphicOutputDev::clipToGfxLine(GfxState*, _gfxline*, char) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:636:22
#2 0x7c439f in VectorGraphicOutputDev::endTextObject(GfxState*) /home/bupt/Desktop/swftools/lib/pdf/VectorGraphicOutputDev.cc:829:2
#3 0x6ed08a in Gfx::opEndText(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:2931:8
#4 0x705f02 in Gfx::execOp(Object*, Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:693:3
#5 0x7049c1 in Gfx::go(int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:584:7
#6 0x703ea8 in Gfx::display(Object*, int) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Gfx.cc:556:3
#7 0x6b9401 in Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:317:10
#8 0x6b8cee in Page::display(OutputDev*, double, double, int, int, int, int, Catalog*, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/Page.cc:264:3
#9 0x6099b0 in PDFDoc::displayPage(OutputDev*, int, double, double, int, int, int, int, int (*)(void*), void*) /home/bupt/Desktop/swftools/lib/pdf/xpdf/PDFDoc.cc:317:27
#10 0x5f87d5 in render2(_gfxpage*, _gfxdevice*, int, int, int, int, int, int) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:164:14
#11 0x5f8e64 in pdfpage_rendersection(_gfxpage*, _gfxdevice*, double, double, double, double, double, double) /home/bupt/Desktop/swftools/lib/pdf/pdf.cc:190:5
#12 0x501816 in main /home/bupt/Desktop/swftools/src/pdf2swf.c:832:3
#13 0x7fa23073cc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#14 0x420b99 in _start (/home/bupt/Desktop/swftools/build/bin/pdf2swf+0x420b99)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/swftools/lib/gfxtools.c:765:11 in gfxline_getbbox
==41858==ABORTING
==102601==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x2e03f3250 bytes
#0 0x4b3160 in malloc /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145#1 0x92c94f in draw_stroke /home/bupt/Desktop/swftools/lib/gfxpoly/stroke.c:192:26
==102601==HINT: if you don't care about these errors you may set allocator_may_return_null=1SUMMARY: AddressSanitizer: out-of-memory /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145 in malloc==102601==ABORTING
The text was updated successfully, but these errors were encountered:
Hi, I currently learn to use fuzz tech to detect bugs and I found something in this repo.
in order to reproduce the crash info, please attach ASAN when you compile this repo.
heap buffer overflow
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id3_heap_buffer_overflow.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id175_heap_buffer_overflow.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id293_heap_buffer_overflow.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id305_heap-buffer-overflow.zip
crash info
stack_buffer_overflow
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id100_stack_buffer_overflow.zip
crash info
global-buffer-overflow
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id7_global_buffer_overflow.zip
crash info
SEGV
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id0_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id76_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id87_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id177_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id247_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id299_SEGV.zip
crash info
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id359_SEGV.zip
crash info
FPE
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id92_FPE.zip
crash info
out of memory
reproduce
command to reproduce: ./pdf2swf -G -f -t [sample file] -o /dev/null
sample file
id298_out_of_memory.zip
crash info
The text was updated successfully, but these errors were encountered: