Submit #33969: When converting FUR to VGM with furnace console mode, there were many crashes
Title | When converting FUR to VGM with furnace console mode, there were many crashes |
---|---|
Description | OS: ubuntu 20.04 Furnace version dev73. Command: ./furnace -console -vgmout out.vgm poc.fur stack-buffer-overflow POC:https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing ==3616==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffea254f6e0 at pc 0x0000004feaea bp 0x7ffea254f170 sp 0x7ffea254e938 WRITE of size 47756 at 0x7ffea254f6e0 thread T0 #0 0x4feae9 in __asan_memcpy (/home/user/furnace/build/furnace+0x4feae9) #1 0x609b63 in SafeReader::read(void*, unsigned long) /home/user/furnace/src/engine/safeReader.cpp:64:3 #2 0x6ffb15 in DivEngine::loadFur(unsigned char*, unsigned long) /home/user/furnace/src/engine/fileOps.cpp:1043:12 #3 0x711878 in DivEngine::load(unsigned char*, unsigned long) /home/user/furnace/src/engine/fileOps.cpp:1782:12 #4 0xbfb0e7 in main /home/user/furnace/src/main.cpp:355:12 #5 0x7fee2de07fcf in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #6 0x7fee2de0807c in __libc_start_main csu/../csu/libc-start.c:409:3 #7 0x482ec4 in _start (/home/user/furnace/build/furnace+0x482ec4) Shadow bytes around the buggy address: 0x1000544a1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x1000544a1ed0: 00 00 00 00 00 00 00 00 00 00 00 00[f2]f2 f2 f2 0x1000544a1ee0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 0x1000544a1ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==3616==ABORTING Other crash POCs can be obtained from the links below: https://github.com/tildearrow/furnace/files/8369004/POC.tar.gz |
Source | ⚠️ https:/ |
User | patchkey (ID 25647) |
Submission | 2022-04-03 10時31分 (2 years ago) |
Moderation | 2022-04-03 13時57分 (3 hours later) |
Accepted | 已接受 |
VulDB Entry | VDB-196371 |