search

sammycage / plutosvg

Tiny SVG rendering library in C
MIT License
247 stars 17 forks source link

Segmentation Fault in composition_solid_source_over Function #10

Closed kittener closed 1 month ago

kittener commented 2 months ago

Hello, I am testing my new fuzz tester recently. I found a crash when testing example in this project.

Description

The application crashes due to a segmentation fault when executing the composition_solid_source_over function. AddressSanitizer reports a SEGV on unknown address which suggests a possible dereference of an uninitialized or invalid pointer.

Steps to Reproduce

  1. Compile the application.
  2. Run the application using the following command: example poc.png

poc.png

  1. Observe that the application crashes with a segmentation fault.

Expected Behavior

The application should handle all memory accesses correctly without causing segmentation faults.

Actual Behavior

The application crashes, indicating an illegal memory access. Here's the output from AddressSanitizer:

ASAN:DEADLYSIGNAL
=================================================================
==5880==ERROR: AddressSanitizer: SEGV on unknown address 0x7f7394c017b0 (pc 0x559860c4608b bp 0x7ffee65f5220 sp 0x7ffee65f51f0 T0)
==5880==The signal is caused by a READ memory access.
    #0 0x559860c4608a in composition_solid_source_over (/home/kittener/Documents/plutosvg/build/example/example_asan+0x4608a)
    #1 0x559860c46f0c in blend_solid (/home/kittener/Documents/plutosvg/build/example/example_asan+0x46f0c)
    #2 0x559860c4a0e1 in plutovg_blend_color (/home/kittener/Documents/plutosvg/build/example/example_asan+0x4a0e1)
    #3 0x559860c49eba in plutovg_blend (/home/kittener/Documents/plutosvg/build/example/example_asan+0x49eba)
    #4 0x559860c39672 in plutovg_fill_preserve (/home/kittener/Documents/plutosvg/build/example/example_asan+0x39672)
    #5 0x559860c22282 in render_context_draw (/home/kittener/Documents/plutosvg/build/example/example_asan+0x22282)
    #6 0x559860c24198 in render_path (/home/kittener/Documents/plutosvg/build/example/example_asan+0x24198)
    #7 0x559860c25938 in render_element (/home/kittener/Documents/plutosvg/build/example/example_asan+0x25938)
    #8 0x559860c259d1 in render_children (/home/kittener/Documents/plutosvg/build/example/example_asan+0x259d1)
    #9 0x559860c2379b in render_g (/home/kittener/Documents/plutosvg/build/example/example_asan+0x2379b)
    #10 0x559860c258e1 in render_element (/home/kittener/Documents/plutosvg/build/example/example_asan+0x258e1)
    #11 0x559860c259d1 in render_children (/home/kittener/Documents/plutosvg/build/example/example_asan+0x259d1)
    #12 0x559860c2379b in render_g (/home/kittener/Documents/plutosvg/build/example/example_asan+0x2379b)
    #13 0x559860c258e1 in render_element (/home/kittener/Documents/plutosvg/build/example/example_asan+0x258e1)
    #14 0x559860c259d1 in render_children (/home/kittener/Documents/plutosvg/build/example/example_asan+0x259d1)
    #15 0x559860c22ae6 in render_symbol (/home/kittener/Documents/plutosvg/build/example/example_asan+0x22ae6)
    #16 0x559860c23055 in render_svg (/home/kittener/Documents/plutosvg/build/example/example_asan+0x23055)
    #17 0x559860c258b1 in render_element (/home/kittener/Documents/plutosvg/build/example/example_asan+0x258b1)
    #18 0x559860c259d1 in render_children (/home/kittener/Documents/plutosvg/build/example/example_asan+0x259d1)
    #19 0x559860c22ae6 in render_symbol (/home/kittener/Documents/plutosvg/build/example/example_asan+0x22ae6)
    #20 0x559860c23055 in render_svg (/home/kittener/Documents/plutosvg/build/example/example_asan+0x23055)
    #21 0x559860c258b1 in render_element (/home/kittener/Documents/plutosvg/build/example/example_asan+0x258b1)
    #22 0x559860c268aa in plutosvg_load_from_memory (/home/kittener/Documents/plutosvg/build/example/example_asan+0x268aa)
    #23 0x559860c26a21 in plutosvg_load_from_file (/home/kittener/Documents/plutosvg/build/example/example_asan+0x26a21)
    #24 0x559860c1005a in main (/home/kittener/Documents/plutosvg/build/example/example_asan+0x1005a)
    #25 0x7f7433ee6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #26 0x559860c0ff19 in _start (/home/kittener/Documents/plutosvg/build/example/example_asan+0xff19)

by, kaiyu Xie

sammycage commented 1 month ago

@kittener Resolved in the latest commit. Thank you for bringing this issue to our attention.