Cvjark issues

Results 39 issues of


Cvjark

issue about memory allocation

### sample file [id0_allocation-size-too-big_new.zip](https://github.com/Cvjark/Poc/files/9080719/id0_allocation-size-too-big_new.zip) ### command to reproduce `./swfmill swf2xml [sample file] /dev/null` ### crash detail ``` ==55540==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffff4d6 (0x4d8 after adjustments for alignment, red zones...

SEGV in SWF::Reader::getWord()

### sample file [id4_SEGV_getWord.zip](https://github.com/Cvjark/Poc/files/9080713/id4_SEGV_getWord.zip) ### command to reproduce `./swfmill swf2xml [sample file] /dev/null` ### crash detail ``` ==55604==ERROR: AddressSanitizer: SEGV on unknown address 0x629feb002f56 (pc 0x0000005339a8 bp 0x000000bd0dc0 sp 0x7ffe0baa8310...

heap-buffer-overflow in base64_encode

### sample file [id11_heap-buffer-overflow_base64_encode.zip](https://github.com/Cvjark/Poc/files/9080710/id11_heap-buffer-overflow_base64_encode.zip) ### command to reproduce `./swfmill swf2xml [sample file] /dev/null` ### crash detail ``` ==55556==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000019813 at pc 0x0000005311c9 bp 0x7ffedbddc7f0 sp 0x7ffedbddc7e8...

heap-buffer-overflow

### sample file [id5_heap-buffer-overflow_372.zip](https://github.com/Cvjark/Poc/files/9080709/id5_heap-buffer-overflow_372.zip) ### command to reproduce `./swfmill swf2xml [sample file] /dev/null` ### crash detail ``` ==55620==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a0000051f3 at pc 0x000000440074 bp 0x7ffd17764350 sp 0x7ffd17763b00...

heap-buffer-overflow in SWF::Reader::getU30()

### sample file [id2_heap-buffer-overflow_getU30.zip](https://github.com/Cvjark/Poc/files/9080686/id2_heap-buffer-overflow_getU30.zip) ### command to reproduce `./swfmill swf2xml [sample file] /dev/null` ### crash detail ``` ==55588==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a0000051f3 at pc 0x000000534648 bp 0x7ffedf009d00 sp 0x7ffedf009cf8...

SEGV in SWF::DefineFont2::write(SWF::Writer, SWF::Context)

### sample file [id0_SEGV_DefineFont2_write.zip](https://github.com/Cvjark/Poc/files/9080742/id0_SEGV_DefineFont2_write.zip) ### command to reproduce `./swfmill xml2swf [sample file]` ### crash detail ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==55697==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000006c4944 bp 0x00000000005e sp...

SEGV in SWF::MethodBody::write(SWF::Writer, SWF::Context)

### sample file [id11_SEGV_MethodBodywrite.zip](https://github.com/Cvjark/Poc/files/9080801/id11_SEGV_MethodBodywrite.zip) ### command to reproduce `./swfmill simple @@ /dev/null` ### crash detail ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==56731==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000006b1554 bp 0x000000000001 sp...

SEGV in SWF::DeclareFunction2::write(SWF::Writer, SWF::Context)

### sample file [id41_SEGV_DeclareFunction2_write.zip](https://github.com/Cvjark/Poc/files/9080778/id41_SEGV_DeclareFunction2_write.zip) ### command to reproduce `./swfmill simple @@ /dev/null` ### crash detail ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==56747==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000006e2444 bp 0x0c16000002a0 sp...

heap-buffer-overflow in SWF::Writer::writeByte(unsigned char)

### sample file [id10_heap-buffer-overflow_writebyte.zip](https://github.com/Cvjark/Poc/files/9080797/id10_heap-buffer-overflow_writebyte.zip) ### command to reproduce `./swfmill simple @@ /dev/null` ### crash detail ``` ================================================================= ==56715==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000133e at pc 0x0000005376d4 bp 0x7ffc19fbb2d0 sp 0x7ffc19fbb2c8...