==18865==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f6452a6c000 at pc 0x7f6451a4c935 bp 0x7ffd244304d0 sp 0x7ffd2442fc78
READ of size 43580776 at 0x7f6452a6c000 thread T0
#0 0x7f6451a4c934 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c934) #1 0x401c32 in readBlock (/home/fuzzer/fuzzing/swftools/src/ttftool+0x401c32) #2 0x405a8f in ttf_load (/home/fuzzer/fuzzing/swftools/src/ttftool+0x405a8f) #3 0x40b4cc in ttf_open (/home/fuzzer/fuzzing/swftools/src/ttftool+0x40b4cc) #4 0x4017fa in main (/home/fuzzer/fuzzing/swftools/src/ttftool+0x4017fa) #5 0x7f645161782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #6 0x4012d8 in _start (/home/fuzzer/fuzzing/swftools/src/ttftool+0x4012d8)
0x7f6452a6c000 is located 6144 bytes to the left of 524512-byte region [0x7f6452a6d800,0x7f6452aed8e0)
allocated by thread T0 here:
#0 0x7f6451a58602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602) #1 0x4059ba in ttf_load (/home/fuzzer/fuzzing/swftools/src/ttftool+0x4059ba)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
0x0fed0a5457b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fed0a545800:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==18865==ABORTING
`
The text was updated successfully, but these errors were encountered:
Crash : https://raw.githubusercontent.com/lcatro/My_PoC/master/swftools/ttf2swf_crash_memcpy
Trigger : ./ttftool swftools/ttf2swf_crash_memcpy
Crash Detail :
`
==18865==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f6452a6c000 at pc 0x7f6451a4c935 bp 0x7ffd244304d0 sp 0x7ffd2442fc78
READ of size 43580776 at 0x7f6452a6c000 thread T0
#0 0x7f6451a4c934 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c934)
#1 0x401c32 in readBlock (/home/fuzzer/fuzzing/swftools/src/ttftool+0x401c32)
#2 0x405a8f in ttf_load (/home/fuzzer/fuzzing/swftools/src/ttftool+0x405a8f)
#3 0x40b4cc in ttf_open (/home/fuzzer/fuzzing/swftools/src/ttftool+0x40b4cc)
#4 0x4017fa in main (/home/fuzzer/fuzzing/swftools/src/ttftool+0x4017fa)
#5 0x7f645161782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x4012d8 in _start (/home/fuzzer/fuzzing/swftools/src/ttftool+0x4012d8)
0x7f6452a6c000 is located 6144 bytes to the left of 524512-byte region [0x7f6452a6d800,0x7f6452aed8e0)
allocated by thread T0 here:
#0 0x7f6451a58602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x4059ba in ttf_load (/home/fuzzer/fuzzing/swftools/src/ttftool+0x4059ba)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
0x0fed0a5457b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fed0a5457f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fed0a545800:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fed0a545850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==18865==ABORTING
`
The text was updated successfully, but these errors were encountered: