`
fuzzer@ub16x64:~/fuzzing/swftools/src$ ./swfdump swftools/swfdump_crash_swf_GetBit_0x451A6C_
rfxswf: Warning: Short read (tagid 979). File truncated?
==== Error: Real Filesize (171) doesn't match header Filesize (65688) ====
[HEADER] File version: 4
[HEADER] File size: 65688
[HEADER] Frame rate: 129.000000
[HEADER] Frame count: 2
[HEADER] Movie width: 0.00
[HEADER] Movie height: 0.00
[000] 1 END
==== Error: End Tag not empty ====
[000] 0 END
==== Error: Unknown tag:0x230 ====
[230] 0 (null)
==== Error: Unknown tag:0x088 ====
[088] 6 (null)
==== Error: Unknown tag:0x274 ====
[274] 15 (null)
[008] 0 JPEGTABLES
[004] 7 PLACEOBJECT places id 0000 at depth 8c00
GetU16() out of bounds: TagID = 4
GetU16() out of bounds: TagID = 4
GetU16() out of bounds: TagID = 4
[004] 0 PLACEOBJECT places id 0000 at depth 0000
GetU16() out of bounds: TagID = 4
GetU16() out of bounds: TagID = 4
GetBits() out of bounds: TagID = 4, pos=0, len=0
ASAN:SIGSEGV
==18740==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffffffffffff (pc 0x000000414cf8 bp 0x60600000ed20 sp 0x7ffd0d5218d0 T0)
#0 0x414cf7 in swf_GetBits (/home/fuzzer/fuzzing/swftools/src/swfdump+0x414cf7) #1 0x415e0c in swf_GetMatrix (/home/fuzzer/fuzzing/swftools/src/swfdump+0x415e0c) #2 0x403f4c in handlePlaceObject (/home/fuzzer/fuzzing/swftools/src/swfdump+0x403f4c) #3 0x406154 in main (/home/fuzzer/fuzzing/swftools/src/swfdump+0x406154) #4 0x7fa7f2acc82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x401998 in _start (/home/fuzzer/fuzzing/swftools/src/swfdump+0x401998)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 swf_GetBits
==18740==ABORTING
`
The text was updated successfully, but these errors were encountered:
crash : https://raw.githubusercontent.com/lcatro/My_PoC/master/swftools/swfdump_crash_swf_GetBit_0x451A6C_
trigger : ./swfdump swftools/swfdump_crash_swf_GetBit_0x451A6C_
Crash Detail :
`
fuzzer@ub16x64:~/fuzzing/swftools/src$ ./swfdump swftools/swfdump_crash_swf_GetBit_0x451A6C_
rfxswf: Warning: Short read (tagid 979). File truncated?
==== Error: Real Filesize (171) doesn't match header Filesize (65688) ====
[HEADER] File version: 4
[HEADER] File size: 65688
[HEADER] Frame rate: 129.000000
[HEADER] Frame count: 2
[HEADER] Movie width: 0.00
[HEADER] Movie height: 0.00
[000] 1 END
==== Error: End Tag not empty ====
[000] 0 END
==== Error: Unknown tag:0x230 ====
[230] 0 (null)
==== Error: Unknown tag:0x088 ====
[088] 6 (null)
==== Error: Unknown tag:0x274 ====
[274] 15 (null)
[008] 0 JPEGTABLES
[004] 7 PLACEOBJECT places id 0000 at depth 8c00
GetU16() out of bounds: TagID = 4
GetU16() out of bounds: TagID = 4
GetU16() out of bounds: TagID = 4
[004] 0 PLACEOBJECT places id 0000 at depth 0000
GetU16() out of bounds: TagID = 4
GetU16() out of bounds: TagID = 4
GetBits() out of bounds: TagID = 4, pos=0, len=0
ASAN:SIGSEGV
==18740==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffffffffffff (pc 0x000000414cf8 bp 0x60600000ed20 sp 0x7ffd0d5218d0 T0)
#0 0x414cf7 in swf_GetBits (/home/fuzzer/fuzzing/swftools/src/swfdump+0x414cf7)
#1 0x415e0c in swf_GetMatrix (/home/fuzzer/fuzzing/swftools/src/swfdump+0x415e0c)
#2 0x403f4c in handlePlaceObject (/home/fuzzer/fuzzing/swftools/src/swfdump+0x403f4c)
#3 0x406154 in main (/home/fuzzer/fuzzing/swftools/src/swfdump+0x406154)
#4 0x7fa7f2acc82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x401998 in _start (/home/fuzzer/fuzzing/swftools/src/swfdump+0x401998)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 swf_GetBits
==18740==ABORTING
`
The text was updated successfully, but these errors were encountered: