New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New vulnerability #101
Comments
|
Is this really a security bug? I could not reproduce this with msvc2022 |
|
I'm not sure, but it seems like empty XML document is handled successfully by parser (no exception is thrown), but |
|
Thank you for your reply, that makes more sense. What is the process to get rid of a CVE entry? |
|
I will try fix the issue |
|
Fixed in #109 |
|
Merci |
id_000015,sig_11,src_001176,time_147681735,op_arith8,pos_10,val_+3.zip
在renderDocument函数中的XMLDocument::getRoot函数对XMLDocument对象处理不当,在第二个if处提前返回一个空指针,造成renderDocument函数后面有空指针引用。
The XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function.
AddressSanitizer:DEADLYSIGNAL
==1486083==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000006d742e bp 0x7fffc6d83dd0 sp 0x7fffc6d83880 T0)🏭 :length::unitless<double, double, svgpp::tag::length_units::mm> const> >, svgpp::color_factory<svgpp:🏭 :color::percentage_adapter<color_factory_base_t> >, svgpp::processed_elements<processed_elements>, svgpp::processed_attributes<processed_attributes>, svgpp::path_policy<path_policy>, svgpp::document_traversal_control_policy, svgpp::transform_events_policy<svgpp::policy::transform_events::forward_to_method >, svgpp::path_events_policy<svgpp::policy::path_events::forward_to_method >, svgpp::error_policy<svgpp::policy::error::default_policy >, svgpp::markers_policysvgpp::policy::markers::calculate_always, svgpp::attribute_traversal_policy<attribute_traversal>, svgpp::viewport_policysvgpp::policy::viewport::as_transform >::load_expected_element<rapidxml_ns::xml_node const*, Canvas, svgpp::tag::element::svg>(rapidxml_ns::xml_node const* const&, Canvas&, svgpp::tag::element::svg) /home/zero/Desktop/svgpp-master/src/demo/render/../../../include/svgpp/document_traversal.hpp:108:61🏭 :length::unitless<double, double, svgpp::tag::length_units::mm> const> >, svgpp::color_factory<svgpp:🏭 :color::percentage_adapter<color_factory_base_t> >, svgpp::processed_elements<processed_elements>, svgpp::processed_attributes<processed_attributes>, svgpp::path_policy<path_policy>, svgpp::document_traversal_control_policy, svgpp::transform_events_policy<svgpp::policy::transform_events::forward_to_method >, svgpp::path_events_policy<svgpp::policy::path_events::forward_to_method >, svgpp::error_policy<svgpp::policy::error::default_policy >, svgpp::markers_policysvgpp::policy::markers::calculate_always, svgpp::attribute_traversal_policy<attribute_traversal>, svgpp::viewport_policysvgpp::policy::viewport::as_transform >::load_document<rapidxml_ns::xml_node const*, Canvas>(rapidxml_ns::xml_node const* const&, Canvas&) /home/zero/Desktop/svgpp-master/src/demo/render/../../../include/svgpp/document_traversal.hpp:97:12
==1486083==The signal is caused by a READ memory access.
==1486083==Hint: address points to the zero page.
#0 0x6d742e in rapidxml_ns::xml_base::local_name() const /home/zero/Desktop/svgpp-master/src/demo/render/../../../third_party/rapidxml_ns/rapidxml_ns.hpp:882:20
#1 0x6d742e in svgpp::policy::xml::element_iterator<rapidxml_ns::xml_node const*>::get_local_name(rapidxml_ns::xml_node const*) /home/zero/Desktop/svgpp-master/src/demo/render/../../../include/svgpp/policy/xml/rapidxml_ns.hpp:127:43
#2 0x6d742e in bool svgpp::document_traversal<svgpp::context_factories<child_context_factories>, svgpp::length_policy<svgpp::policy::length::forward_to_method<Canvas, svgpp:
#3 0x6d742e in bool svgpp::document_traversal<svgpp::context_factories<child_context_factories>, svgpp::length_policy<svgpp::policy::length::forward_to_method<Canvas, svgpp:
#4 0x6d742e in renderDocument(XMLDocument&, ImageBuffer&) /home/zero/Desktop/svgpp-master/src/demo/render/svgpp_render.cpp:1659:3
#5 0x6d8b32 in main /home/zero/Desktop/svgpp-master/src/demo/render/svgpp_render.cpp:1683:7
#6 0x7fb2c6bd3d09 in __libc_start_main csu/../csu/libc-start.c:308:16
#7 0x606bc9 in _start (/home/zero/Desktop/svgpp-master/src/source/bin/svgpp_agg_render+0x606bc9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/zero/Desktop/svgpp-master/src/demo/render/../../../third_party/rapidxml_ns/rapidxml_ns.hpp:882:20 in rapidxml_ns::xml_base::local_name() const
==1486083==ABORTING
credit:Cvjark,上帝的玩具
The text was updated successfully, but these errors were encountered: