negative-size-param exists in the function bit_read_fixed in bits.c #880
Assignees
Labels
fuzzing
Intentional illegal input
Comments
rurban
added a commit
that referenced
this issue
Nov 28, 2023
rurban
added a commit
that referenced
this issue
Nov 28, 2023
rurban
added a commit
that referenced
this issue
Nov 28, 2023
rurban
added a commit
that referenced
this issue
Nov 29, 2023
rurban
added a commit
that referenced
this issue
Nov 29, 2023
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
System info
Ubuntu x86_64, clang 12.0
version: libredwg-0.12.5.6588
Command line
./dwg2dxf poc
Poc
poc:poc
AddressSanitizer output
==3732098==ERROR: AddressSanitizer: negative-size-param: (size=-1)
#0 0x496694 in __asan_memcpy (/src/libredwg-crash/programs/dwg2dxf+0x496694)
#1 0x4f8775 in bit_read_fixed /src/libredwg-crash/src/bits.c:1597:7
#2 0x8443b6 in read_sections_map /src/libredwg-crash/src/decode_r2007.c:951:9
#3 0x8443b6 in read_r2007_meta_data /src/libredwg-crash/src/decode_r2007.c:2397:18
#4 0x50f90b in decode_R2007 /src/libredwg-crash/src/decode.c:3506:11
#5 0x50f90b in dwg_decode /src/libredwg-crash/src/decode.c:239:12
#6 0x4cb1f6 in dwg_read_file /src/libredwg-crash/src/dwg.c:268:11
#7 0x4c92a5 in main /src/libredwg-crash/programs/dwg2dxf.c:261:15
#8 0x7f296d8c0082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
#9 0x41c48d in _start (/src/libredwg-crash/programs/dwg2dxf+0x41c48d)
0x6230000004c0 is located 960 bytes inside of 6282-byte region [0x623000000100,0x62300000198a)
allocated by thread T0 here:
#0 0x4974c2 in calloc (/src/libredwg-crash/programs/dwg2dxf+0x4974c2)
#1 0x50b5f8 in bit_chain_init /src/libredwg-crash/src/bits.c:3808:33
#2 0x50b5f8 in bit_chain_init_dat /src/libredwg-crash/src/bits.c:3825:3
SUMMARY: AddressSanitizer: negative-size-param (/src/libredwg-crash/programs/dwg2dxf+0x496694) in __asan_memcpy
==3732098==ABORTING
The text was updated successfully, but these errors were encountered: