Closed fengzhengzhan closed 1 year ago
Hi, thanks for the bug report.
Could you please check this against the HEAD version of flvmeta? A very similar bug has been reported some time ago and has been fixed in commit 7b91e5656e27b16639c8de156878c7624346cbd4.
Regards
Thank you very much for your reply. I am using the latest submitted version of the software and the vulnerability has been tested and fixed. The latest version executes as follows:
./flvmeta_asan: unexpected end of file
Thank you very much.
Memory allocation failure in xml_on_metadata_tag_only() at dump_xml.c:271
Memory allocation failure in the flvmeta at function xml_on_metadata_tag_only in dump_xml.c:271.
Environment
Ubuntu 18.04, 64 bit FLVMeta 1.2.1
Steps to reproduce
cd src extract-bc flvmeta clang -fsanitize=address flvmeta.bc -o flvmeta_asan
./flvmeta_asan poc
root@a71b82b5d288:~/dataset/flvmeta-1.2.1/obj-bc/src# ./flvmeta_asan flvmeta_memory-allocation-failure_dumpxml271 AddressSanitizer:DEADLYSIGNAL
==30124==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x000000489d7b bp 0x7fff17e62cb0 sp 0x7fff17e62440 T0) ==30124==The signal is caused by a READ memory access. ==30124==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
0 0x489d7b in __interceptor_strcmp.part.298 /root/LLVM/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:444
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /root/LLVM/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:444 in __interceptor_strcmp.part.298 ==30124==ABORTING