Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

swfc dict_lookup() Null-pointer access #24

Closed
lcatro opened this issue Jun 11, 2017 · 0 comments
Closed

swfc dict_lookup() Null-pointer access #24

lcatro opened this issue Jun 11, 2017 · 0 comments

Comments

@lcatro
Copy link

lcatro commented Jun 11, 2017

Crash : https://raw.githubusercontent.com/lcatro/My_PoC/master/swftools/swfc_crash_dict_do_lookup_647E2C

Trigger : ./swfc swftools/swfc_crash_dict_do_lookup_647E2C

Crash Detail :

`
fuzzer@ub16x64:~/fuzzing/swftools/src$ ./swfc swftools/swfc_crash_dict_do_lookup_647E2C
ASAN:SIGSEGV

==18801==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000489a58 bp 0x0000004029e0 sp 0x7fff47ddda20 T0)
#0 0x489a57 in dict_lookup (/home/fuzzer/fuzzing/swftools/src/swfc+0x489a57)
#1 0x48a2e3 in map_lookup (/home/fuzzer/fuzzing/swftools/src/swfc+0x48a2e3)
#2 0x405a7e in lu (/home/fuzzer/fuzzing/swftools/src/swfc+0x405a7e)
#3 0x410e09 in findFontUsage (/home/fuzzer/fuzzing/swftools/src/swfc+0x410e09)
#4 0x410fb9 in firstPass (/home/fuzzer/fuzzing/swftools/src/swfc+0x410fb9)
#5 0x4111d4 in main (/home/fuzzer/fuzzing/swftools/src/swfc+0x4111d4)
#6 0x7f605287382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#7 0x402a08 in _start (/home/fuzzer/fuzzing/swftools/src/swfc+0x402a08)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 dict_lookup
==18801==ABORTING

`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant