==55463==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a00000d200 at pc 0x7ff23d09954d bp 0x7fff5e4aa310 sp 0x7fff5e4aa308
READ of size 4 at 0x62a00000d200 thread T0
#0 0x7ff23d09954c in fontindex_to_utf8 /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1222:30
#1 0x7ff23d09954c in text_convert /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1399:15
#2 0x7ff23d099912 in text_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1502:5
#3 0x7ff23d0d95db in U_emf_onerec_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:542:9
#4 0x7ff23d0da4fb in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:773:13
#5 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#6 0x7ff23b664c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#7 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
Address 0x62a00000d200 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1222:30 in fontindex_to_utf8
Shadow bytes around the buggy address:
0x0c547fff99f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c547fff9a40:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c547fff9a90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==55463==ABORTING
info: No menu item '=' in node '(dir)Top'
==57283==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c000000efc at pc 0x00000048d903 bp 0x7ffe40401a90 sp 0x7ffe40401240
READ of size 1024 at 0x60c000000efc thread T0
#0 0x48d902 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:844
#1 0x48e1e8 in bcmp /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:889
#2 0x7fa0ca77c0f7 in image_library_find /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_bitmap.c:360:13
#3 0x7fa0ca77c0f7 in image_library_writer /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_bitmap.c:412:30
#4 0x7fa0ca76f725 in U_EMRCREATEMONOBRUSH_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_object_creation.c:117:30
#5 0x7fa0ca7a7bcb in U_emf_onerec_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:569:9
#6 0x7fa0ca7a84fb in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:773:13
#7 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#8 0x7fa0c8d32c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
0x60c000000efc is located 0 bytes to the right of 124-byte region [0x60c000000e80,0x60c000000efc)
allocated by thread T0 here:
#0 0x4afdb8 in calloc /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154
#1 0x7fa0ca77c1d9 in image_library_create /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_bitmap.c:371:28
#2 0x7fa0ca77c1d9 in image_library_add /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_bitmap.c:383:9
#3 0x7fa0ca77c1d9 in image_library_writer /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_bitmap.c:414:17
#4 0x7fa0ca76f155 in U_EMRCREATEDIBPATTERNBRUSHPT_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_object_creation.c:79:30
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:844 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long)
Shadow bytes around the buggy address:
0x0c187fff8180: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c187fff8190: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c187fff81a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c187fff81b0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c187fff81c0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x0c187fff81d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[04]
0x0c187fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c187fff8220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==57283==ABORTING
==24920==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000120 at pc 0x7fc3d44796e6 bp 0x7ffe7abfe6c0 sp 0x7ffe7abfe6b8
READ of size 4 at 0x606000000120 thread T0
#0 0x7fc3d44796e5 in U_EMRHEADER_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_control.c:35:15
#1 0x7fc3d44b1b0e in U_emf_onerec_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:293:9
#2 0x7fc3d44b34fb in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:773:13
#3 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#4 0x7fc3d2a3dc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#5 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
0x606000000120 is located 3 bytes to the right of 61-byte region [0x6060000000e0,0x60600000011d)
allocated by thread T0 here:
#0 0x4f57b8 in operator new(unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x4fad5b in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::input_iterator_tag) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.tcc:184:27
#2 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::__false_type) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:236:11
#3 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:255:4
#4 0x4f93d9 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string<std::istreambuf_iterator<char, std::char_traits<char> >, void>(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::allocator<char> const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:607:4
#5 0x4f93d9 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:129:17
#6 0x7fc3d2a3dc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_control.c:35:15 in U_EMRHEADER_draw
Shadow bytes around the buggy address:
0x0c0c7fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0c7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c0c7fff8000: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0c7fff8010: 00 00 00 00 00 00 02 fa fa fa fa fa 00 00 00 00
=>0x0c0c7fff8020: 00 00 00 05[fa]fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==24920==ABORTING
==72094==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000000131 at pc 0x7f49a29457f4 bp 0x7ffdf4911aa0 sp 0x7ffdf4911a98
READ of size 4 at 0x611000000131 thread T0
#0 0x7f49a29457f3 in U_emf_onerec_analyse /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:50:20
#1 0x7f49a29471df in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:732:18
#2 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#3 0x7f49a0ed1c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#4 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
0x611000000131 is located 0 bytes to the right of 241-byte region [0x611000000040,0x611000000131)
allocated by thread T0 here:
#0 0x4f57b8 in operator new(unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x4fad5b in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::input_iterator_tag) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.tcc:184:27
#2 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::__false_type) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:236:11
#3 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:255:4
#4 0x4f93d9 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string<std::istreambuf_iterator<char, std::char_traits<char> >, void>(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::allocator<char> const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:607:4
#5 0x4f93d9 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:129:17
#6 0x7f49a0ed1c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:50:20 in U_emf_onerec_analyse
Shadow bytes around the buggy address:
0x0c227fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c227fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c227fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff8020: 00 00 00 00 00 00[01]fa fa fa fa fa fa fa fa fa
0x0c227fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==72094==ABORTING
==72320==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000000261 at pc 0x7f77e83bf3ec bp 0x7ffea8c746b0 sp 0x7ffea8c746a8
READ of size 2 at 0x615000000261 thread T0
#0 0x7f77e83bf3eb in wchar16len /home/bupt/Desktop/libemf2svg/src/lib/uemf_utf.c:164:16
#1 0x7f77e83bf3eb in U_Utf16leToUtf8 /home/bupt/Desktop/libemf2svg/src/lib/uemf_utf.c:498:27
#2 0x7f77e84a20af in U_EMRHEADER_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_rec_control.c:50:18
#3 0x7f77e84dab0e in U_emf_onerec_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:293:9
#4 0x7f77e84dc4fb in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:773:13
#5 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#6 0x7f77e6a66c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#7 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
0x615000000261 is located 0 bytes to the right of 481-byte region [0x615000000080,0x615000000261)
allocated by thread T0 here:
#0 0x4f57b8 in operator new(unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x4fad5b in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::input_iterator_tag) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.tcc:184:27
#2 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::__false_type) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:236:11
#3 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:255:4
#4 0x4f93d9 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string<std::istreambuf_iterator<char, std::char_traits<char> >, void>(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::allocator<char> const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:607:4
#5 0x4f93d9 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:129:17
#6 0x7f77e6a66c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/libemf2svg/src/lib/uemf_utf.c:164:16 in wchar16len
Shadow bytes around the buggy address:
0x0c2a7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff8000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff8030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fff8040: 00 00 00 00 00 00 00 00 00 00 00 00[01]fa fa fa
0x0c2a7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==72320==ABORTING
==74012==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000000260 at pc 0x7f323841191e bp 0x7ffd25bf26a0 sp 0x7ffd25bf2698
READ of size 4 at 0x615000000260 thread T0
#0 0x7f323841191d in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c
#1 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#2 0x7f323699bc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#3 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
0x615000000261 is located 0 bytes to the right of 481-byte region [0x615000000080,0x615000000261)
allocated by thread T0 here:
#0 0x4f57b8 in operator new(unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:99
#1 0x4fad5b in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::input_iterator_tag) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.tcc:184:27
#2 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::__false_type) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:236:11
#3 0x4f93d9 in void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<std::istreambuf_iterator<char, std::char_traits<char> > >(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:255:4
#4 0x4f93d9 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string<std::istreambuf_iterator<char, std::char_traits<char> >, void>(std::istreambuf_iterator<char, std::char_traits<char> >, std::istreambuf_iterator<char, std::char_traits<char> >, std::allocator<char> const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/basic_string.h:607:4
#5 0x4f93d9 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:129:17
#6 0x7f323699bc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c in emf2svg
Shadow bytes around the buggy address:
0x0c2a7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff8000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fff8030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fff8040: 00 00 00 00 00 00 00 00 00 00 00 00[01]fa fa fa
0x0c2a7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==74012==ABORTING
==55587==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ff99dfb83df bp 0x7fffab9a1910 sp 0x7fffab9a1700 T0)
==55587==The signal is caused by a READ memory access.
==55587==Hint: address points to the zero page.
#0 0x7ff99dfb83df in reverse_utf8 /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1368:17
#1 0x7ff99dfb83df in text_convert /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1418:13
#2 0x7ff99dfb9912 in text_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1502:5
#3 0x7ff99dff95db in U_emf_onerec_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:542:9
#4 0x7ff99dffa4fb in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:773:13
#5 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#6 0x7ff99c584c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#7 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1368:17 in reverse_utf8
==55587==ABORTING
==56616==ERROR: AddressSanitizer: SEGV on unknown address 0x625000155bf0 (pc 0x7ff32e8278c5 bp 0x7ffef3f6c510 sp 0x7ffef3f6c300 T0)
==56616==The signal is caused by a WRITE memory access.
#0 0x7ff32e8278c5 in cmap_rev /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1138:32
#1 0x7ff32e8278c5 in gen_reverse_map /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1159:11
#2 0x7ff32e8278c5 in fontindex_to_utf8 /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1200:11
#3 0x7ff32e8278c5 in text_convert /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1399:15
#4 0x7ff32e828912 in text_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1502:5
#5 0x7ff32e8685db in U_emf_onerec_draw /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:542:9
#6 0x7ff32e8694fb in emf2svg /home/bupt/Desktop/libemf2svg/src/lib/emf2svg.c:773:13
#7 0x4f9562 in main /home/bupt/Desktop/libemf2svg/src/conv/emf2svg.cpp:142:15
#8 0x7ff32cdf3c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x41d629 in _start (/home/bupt/Desktop/libemf2svg/build/emf2svg-conv+0x41d629)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/libemf2svg/src/lib/emf2svg_utils.c:1138:32 in cmap_rev
==56616==ABORTING
heap-buffer-overflow
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id0_heap-buffer-overflow.zip
crash info
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id30_heap-buffer-overflow.zip
crash info
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id65_heap-buffer-overflow.zip
crash info
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id76_heap-buffer-overflow.zip
crash info
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id82_heap-buffer-overflow.zip
crash info
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id103_heap-buffer-overflow.zip
crash info
SEGV
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id2_SEGV.zip
crash info
command to reproduce
./emf2svg-conv -i [sample file] -o /dev/null
sample file
id19_SEGV.zip
crash info