There exists heap-buffer-overflow at podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:180:75 in readXRefStreamEntry
Environment
OS: Ubuntu 20.04.1
Release: podofo 0.10.0
Program: podofopdfinfo
To reproduce the problem, we need to build podofo with asan:
cmake -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS="-O0 -fsanitize=address -g3" -DCMAKE_CXX_FLAGS="-O0 -fsanitize=address -g3"
Command Input
./podofopdfinfo poc-file poc-file.zip
poc-file is attached.
ASAN info
=================================================================
==4183448==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6070000000d1 at pc 0x7fa657687bfc bp 0x7ffc5513f550 sp 0x7ffc5513f548
READ of size 1 at 0x6070000000d1 thread T0
#0 0x7fa657687bfb in PoDoFo::PdfXRefStreamParserObject::readXRefStreamEntry(PoDoFo::PdfXRefEntry&, char*, long const*) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:180:75
#1 0x7fa657687485 in PoDoFo::PdfXRefStreamParserObject::parseStream(long const*, std::vector<long, std::allocator<long> > const&) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:130:17
#2 0x7fa657685b59 in PoDoFo::PdfXRefStreamParserObject::ReadXRefTable() /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:86:5
#3 0x7fa6575b20b3 in PoDoFo::PdfParser::ReadXRefStreamContents(PoDoFo::InputStreamDevice&, unsigned long, bool) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfParser.cpp:571:21
#4 0x7fa6575ae4fc in PoDoFo::PdfParser::ReadXRefContents(PoDoFo::InputStreamDevice&, unsigned long, bool) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfParser.cpp:368:13
#5 0x7fa6575a9bfe in PoDoFo::PdfParser::ReadDocumentStructure(PoDoFo::InputStreamDevice&) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfParser.cpp:139:9
#6 0x7fa6575a89cf in PoDoFo::PdfParser::Parse(PoDoFo::InputStreamDevice&, bool) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfParser.cpp:82:9
#7 0x7fa657447b44 in PoDoFo::PdfMemDocument::loadFromDevice(std::shared_ptr<PoDoFo::InputStreamDevice> const&, std::basic_string_view<char, std::char_traits<char> > const&) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfMemDocument.cpp:148:12
#8 0x7fa657449486 in PoDoFo::PdfMemDocument::LoadFromDevice(std::shared_ptr<PoDoFo::InputStreamDevice> const&, std::basic_string_view<char, std::char_traits<char> > const&) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfMemDocument.cpp:137:5
#9 0x7fa6574490ac in PoDoFo::PdfMemDocument::Load(std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > const&) /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfMemDocument.cpp:119:5
#10 0x513ac7 in PdfInfoHelper::PdfInfoHelper(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/target/latest/20230418/podofo-0.10.0/tools/podofopdfinfo/pdfinfo.cpp:16:12
#11 0x512368 in main /root/target/latest/20230418/podofo-0.10.0/tools/podofopdfinfo/podofopdfinfo.cpp:94:23
#12 0x7fa656196082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#13 0x46711d in _start (/root/target/latest/20230418/podofo-0.10.0/target/podofopdfinfo+0x46711d)
0x6070000000d1 is located 0 bytes to the right of 65-byte region [0x607000000090,0x6070000000d1)
allocated by thread T0 here:
#0 0x50efed in operator new(unsigned long) /root/llvm-project-llvmorg-10.0.1/compiler-rt/lib/asan/asan_new_delete.cpp:99:3
#1 0x7fa65664635d in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x14335d)
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/target/latest/20230418/podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:180:75 in PoDoFo::PdfXRefStreamParserObject::readXRefStreamEntry(PoDoFo::PdfXRefEntry&, char*, long const*)
Shadow bytes around the buggy address:
0x0c0e7fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0e7fff8000: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
=>0x0c0e7fff8010: fa fa 00 00 00 00 00 00 00 00[01]fa fa fa fa fa
0x0c0e7fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==4183448==ABORTING
The text was updated successfully, but these errors were encountered:
DaisyPo
changed the title
There exists heap-buffer-overflow at podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:180:75
There exists heap-buffer-overflow at podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:180:75 in readXRefStreamEntry
Apr 18, 2023
There exists heap-buffer-overflow at podofo-0.10.0/src/podofo/main/PdfXRefStreamParserObject.cpp:180:75 in readXRefStreamEntry
Environment
OS: Ubuntu 20.04.1
Release: podofo 0.10.0
Program: podofopdfinfo
To reproduce the problem, we need to build podofo with asan:
cmake -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS="-O0 -fsanitize=address -g3" -DCMAKE_CXX_FLAGS="-O0 -fsanitize=address -g3"
Command Input
./podofopdfinfo poc-file
poc-file.zip
poc-file is attached.
ASAN info
The text was updated successfully, but these errors were encountered: