search

sammycage / lunasvg

lunasvg is a standalone SVG rendering library in C++
MIT License
818 stars 115 forks source link

SEGV has occurred when running program svgpng in function lunasvg::Bitmap::clear at lunasvg.cpp #159

Open Du4t opened 5 months ago

Du4t commented 5 months ago

Desctiption

SEGV has occurred when running program svgpng in function lunasvg::Bitmap::clear at lunasvg.cpp:232:21

Version

commit d1eec967ec515395cfd669a1bfed8d5a6a119dde (HEAD -> master, origin/master, origin/HEAD)
Author: sammycage <sammycageagle@gmail.com>
Date:   Mon Jan 22 00:48:35 2024 +0100

Steps to reproduce

$ mkdir build
$ cd build
$ CFLAGS+="-fsanitize=address -fno-omit-frame-pointer -fsanitize-recover=address" cmake -DLUNASVG_BUILD_EXAMPLES=ON  ../
$ make -j8
$ ./svg2png ./poc2
=================================================================
==15620==ERROR: AddressSanitizer: SEGV on unknown address 0x7fe776400000 (pc 0x559c26d34e07 bp 0x7fffbb5b8a10 sp 0x7fffbb5b89c0 T0)
==15620==The signal is caused by a WRITE memory access.
    #0 0x559c26d34e06 in lunasvg::Bitmap::clear(unsigned int) (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb3e06)
    #1 0x559c26d35ed9 in lunasvg::Document::renderToBitmap(unsigned int, unsigned int, unsigned int) const (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb4ed9)
    #2 0x559c26d332cd in main (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb22cd)
    #3 0x7fe7797ac082 in __libc_start_main ../csu/libc-start.c:308
    #4 0x559c26d2d11d in _start (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xac11d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/du4t/Desktop/Fuzz/lunasvg/reproduce/svg2png+0xb3e06) in lunasvg::Bitmap::clear(unsigned int)
==15620==ABORTING

POC

https://github.com/Du4t/POC/blob/main/lunasvg/poc2