Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV has occurred when running program svgpng in function lunasvg::Bitmap::clear at lunasvg.cpp #159

Open
Du4t opened this issue Feb 24, 2024 · 0 comments
Open

SEGV has occurred when running program svgpng in function lunasvg::Bitmap::clear at lunasvg.cpp #159

Du4t opened this issue Feb 24, 2024 · 0 comments

Comments

@Du4t
Copy link

Du4t commented Feb 24, 2024

Desctiption

SEGV has occurred when running program svgpng in function lunasvg::Bitmap::clear at lunasvg.cpp:232:21

Version

commit d1eec967ec515395cfd669a1bfed8d5a6a119dde (HEAD -> master, origin/master, origin/HEAD)
Author: sammycage <sammycageagle@gmail.com>
Date:   Mon Jan 22 00:48:35 2024 +0100

Steps to reproduce

$ mkdir build
$ cd build
$ CFLAGS+="-fsanitize=address -fno-omit-frame-pointer -fsanitize-recover=address" cmake -DLUNASVG_BUILD_EXAMPLES=ON  ../
$ make -j8
$ ./svg2png ./poc2

=================================================================
==15620==ERROR: AddressSanitizer: SEGV on unknown address 0x7fe776400000 (pc 0x559c26d34e07 bp 0x7fffbb5b8a10 sp 0x7fffbb5b89c0 T0)
==15620==The signal is caused by a WRITE memory access.
    #0 0x559c26d34e06 in lunasvg::Bitmap::clear(unsigned int) (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb3e06)
    #1 0x559c26d35ed9 in lunasvg::Document::renderToBitmap(unsigned int, unsigned int, unsigned int) const (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb4ed9)
    #2 0x559c26d332cd in main (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb22cd)
    #3 0x7fe7797ac082 in __libc_start_main ../csu/libc-start.c:308
    #4 0x559c26d2d11d in _start (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xac11d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb3e06) in lunasvg::Bitmap::clear(unsigned int)
==15620==ABORTING

POC

https://github.com/Du4t/POC/blob/main/lunasvg/poc2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Du4t