Submit #33969: When converting FUR to VGM with furnace console mode, there were many crashes信息

Title	When converting FUR to VGM with furnace console mode, there were many crashes
Description	OS： ubuntu 20.04 Furnace version dev73. Command: ./furnace -console -vgmout out.vgm poc.fur stack-buffer-overflow POC:https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing ==3616==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffea254f6e0 at pc 0x0000004feaea bp 0x7ffea254f170 sp 0x7ffea254e938 WRITE of size 47756 at 0x7ffea254f6e0 thread T0 #0 0x4feae9 in __asan_memcpy (/home/user/furnace/build/furnace+0x4feae9) #1 0x609b63 in SafeReader::read(void, unsigned long) /home/user/furnace/src/engine/safeReader.cpp:64:3 #2 0x6ffb15 in DivEngine::loadFur(unsigned char, unsigned long) /home/user/furnace/src/engine/fileOps.cpp:1043:12 #3 0x711878 in DivEngine::load(unsigned char*, unsigned long) /home/user/furnace/src/engine/fileOps.cpp:1782:12 #4 0xbfb0e7 in main /home/user/furnace/src/main.cpp:355:12 #5 0x7fee2de07fcf in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #6 0x7fee2de0807c in __libc_start_main csu/../csu/libc-start.c:409:3 #7 0x482ec4 in _start (/home/user/furnace/build/furnace+0x482ec4) Shadow bytes around the buggy address: 0x1000544a1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x1000544a1ed0: 00 00 00 00 00 00 00 00 00 00 00 00[f2]f2 f2 f2 0x1000544a1ee0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 0x1000544a1ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000544a1f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==3616==ABORTING Other crash POCs can be obtained from the links below： https://github.com/tildearrow/furnace/files/8369004/POC.tar.gz
Source	⚠️ https://github.com/tildearrow/furnace/issues/325
User	patchkey (ID 25647)
Submission	2022-04-03 10時31分 (2 years ago)
Moderation	2022-04-03 13時57分 (3 hours later)
Accepted	已接受
VulDB Entry	VDB-196371

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!