NULL pointer dereference in print_default (matdump)

[gy741]

Hello.

I found a NULL pointer dereference bug in matdump.

In my opinion, 810 line: It seems that the problem is caused by exceeding the array range. 732 line: There is code that performs NULL validation, but a crash occurs.

Please confirm.

Thanks.

OS: Ubuntu 17.10 64bit PoC download : PoC

https://github.com/tbeu/matio/blob/aa7ffd3c7c650e236c89f2712361f9f8103c1fef/tools/matdump.c#L730-L810

=================================================================
==2742==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000050d188 bp 0x00000000002a sp 0x7ffd5d0f7cc0 T0)
==2742==The signal is caused by a READ memory access.
==2742==Hint: address points to the zero page.
    #0 0x50d187 in print_default /home/karas/matio/tools/matdump.c:735:22
    #1 0x50e2ea in print_default /home/karas/matio/tools/matdump.c:810:17
    #2 0x50ea10 in print_default /home/karas/matio/tools/matdump.c:786:21
    #3 0x50ca04 in main /home/karas/matio/tools/matdump.c:932:17
    #4 0x7fc482d993f0 in __libc_start_main /build/glibc-mXZSwJ/glibc-2.24/csu/../csu/libc-start.c:291
    #5 0x41a589 in _start (/home/karas/matio/tools/.libs/matdump+0x41a589)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/karas/matio/tools/matdump.c:735:22 in print_default
==2742==ABORTING

[tbeu]

Thanks for reporting. It rather is an access violation on uninitialized heap memory, which should be fixed by 702fd2d1b9d1c125e4095a1e104655f2015a8f7c.