search

LibreDWG / libredwg

Official mirror of libredwg. With CI hooks and nightly releases. PR's ok
https://savannah.gnu.org/projects/libredwg/
GNU General Public License v3.0
947 stars 230 forks source link

Invalid-allocation-size in function `add_ent_preview()` #1006

Open skorpion98 opened 4 weeks ago

skorpion98 commented 4 weeks ago

Describe the bug

In file in_dxf.c, function add_ent_preview() invokes the calloc() function with an invalid value when a specific input is provided (0x7fffffffffffffff with the attached input).

To Reproduce

Due to size constraints of this report, the archive we used to perform our tests is available at this link, and it contains:

To reproduce the errors, simply run the given binary on the provided testcase files with a command like ./llvmfuzz /path_to_testcases/input

The program has been tested on the OSS-Fuzz Docker image for this project using Ubuntu 20.04.During the compilation,we compiled using Address Sanitizer using the flag --sanitizer=address.

The hash commit used to perform the tests is 27118c4.

Environment

rurban commented 5 days ago

Harmless. If the calloc fails due to an overlarge user-input value, it fails with an Out of memory error. But I fail now earlier when the size is > INTMAX_MAX.

And we only need the failing input file and cmdline to reproduce for the next time.