Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] When converting FUR to VGM with furnace console mode, there were many crashes #325

Open
mqrsv opened this issue Mar 29, 2022 · 7 comments
Assignees
Labels
bug Something isn't working critical Requires urgent fixing

Comments

@mqrsv
Copy link

mqrsv commented Mar 29, 2022

OS: ubuntu 20.04

Furnace version dev73.

Command: ./furnace -console -vgmout out.vgm poc.fur

POC.tar.gz

I use fuzz tests, so I don't analyze these crashes in detail.

I packaged the POC file so you can reproduce the error.

@freq-mod freq-mod added the bug Something isn't working label Mar 29, 2022
@tildearrow
Copy link
Owner

Also happens when opening these files... hmmm...

@mqrsv
Copy link
Author

mqrsv commented Mar 29, 2022

I used the Fuzz tool to get hundreds of crashes in 24 hours.

Poc.tar. gz are a couple of specific errors I classified.

@marcruef
Copy link

marcruef commented Apr 3, 2022

FYI: This issue got CVE-2022-1211 assigned (source: https://vuldb.com/?id.196371)

@tildearrow tildearrow self-assigned this Apr 4, 2022
@tildearrow tildearrow added the critical Requires urgent fixing label Apr 4, 2022
tildearrow added a commit that referenced this issue Apr 4, 2022
tildearrow added a commit that referenced this issue Apr 4, 2022
@tildearrow
Copy link
Owner

I have improved the file loader to ensure we don't go out of bounds. Please test with git master.

@tildearrow tildearrow added the feedback Further information is requested label Apr 4, 2022
@tildearrow tildearrow reopened this Apr 9, 2022
@tildearrow
Copy link
Owner

Re-opening issue as I found one crash.

@tildearrow tildearrow removed the feedback Further information is requested label Apr 9, 2022
tildearrow added a commit that referenced this issue Apr 9, 2022
@freq-mod
Copy link
Contributor

that appears to be done as well.

@tildearrow
Copy link
Owner

Not really - I feel like I need to harden Furnace a bit more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working critical Requires urgent fixing
Projects
None yet
Development

No branches or pull requests

4 participants