| शीर्षक | When converting FUR to VGM with furnace console mode, there were many crashes |
|---|
| विवरण | OS: ubuntu 20.04
Furnace version dev73.
Command: ./furnace -console -vgmout out.vgm poc.fur
stack-buffer-overflow POC:https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing
==3616==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffea254f6e0 at pc 0x0000004feaea bp 0x7ffea254f170 sp 0x7ffea254e938
WRITE of size 47756 at 0x7ffea254f6e0 thread T0
#0 0x4feae9 in __asan_memcpy (/home/user/furnace/build/furnace+0x4feae9)
#1 0x609b63 in SafeReader::read(void*, unsigned long) /home/user/furnace/src/engine/safeReader.cpp:64:3
#2 0x6ffb15 in DivEngine::loadFur(unsigned char*, unsigned long) /home/user/furnace/src/engine/fileOps.cpp:1043:12
#3 0x711878 in DivEngine::load(unsigned char*, unsigned long) /home/user/furnace/src/engine/fileOps.cpp:1782:12
#4 0xbfb0e7 in main /home/user/furnace/src/main.cpp:355:12
#5 0x7fee2de07fcf in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#6 0x7fee2de0807c in __libc_start_main csu/../csu/libc-start.c:409:3
#7 0x482ec4 in _start (/home/user/furnace/build/furnace+0x482ec4)
Shadow bytes around the buggy address:
0x1000544a1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000544a1e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000544a1ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000544a1eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000544a1ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000544a1ed0: 00 00 00 00 00 00 00 00 00 00 00 00[f2]f2 f2 f2
0x1000544a1ee0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00
0x1000544a1ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000544a1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000544a1f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000544a1f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3616==ABORTING
Other crash POCs can be obtained from the links below:
https://github.com/tildearrow/furnace/files/8369004/POC.tar.gz |
|---|
| स्रोत | ⚠️ https://github.com/tildearrow/furnace/issues/325 |
|---|
| उपयोगकर्ता | patchkey (UID 25647) |
|---|
| सबमिशन | 03/04/2022 10:31 AM (4 साल पहले) |
|---|
| संयम | 03/04/2022 01:57 PM (3 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 196371 [tildearrow Furnace dev73 FUR to VGM Converter बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|