libredwg
libredwg copied to clipboard
Published
20 hours ago •
LibreDWG
LibreDWG
A Segmentation fault in bit_write_RC in bits.c:351
Affected version
the latest commit: https://github.com/LibreDWG/libredwg/tree/45d2a290c65ed691be0901ba2b2ef51044e07a16 and 0.12.4
What's the problem?
Segmentation fault in bit_write_RC in bits.c:351 because of writing unknown address.
ASAN report:
$ ./dwgrewrite ./pocs/tests_64234
......
......
......
==3089790==ERROR: AddressSanitizer: SEGV on unknown address 0x7fffc210e8de (pc 0x0000004d8f90 bp 0x7fffffffc320 sp 0x7fffffffc2e0 T0)
==3089790==The signal is caused by a WRITE memory access.
#0 0x4d8f90 in bit_write_RC /src/libredwg/src/bits.c:351:29
#1 0x4d9443 in bit_write_RS /src/libredwg/src/bits.c:400:3
#2 0x4dbf93 in bit_write_MS /src/libredwg/src/bits.c:1019:3
#3 0xfe6d31 in dwg_encode_add_object /src/libredwg/src/encode.c:3893:7
#4 0xf98c78 in dwg_encode /src/libredwg/src/encode.c:2352:16
#5 0x4cbcf6 in dwg_write_file /src/libredwg/src/dwg.c:429:11
#6 0x4c939f in main /src/libredwg/programs/dwgrewrite.c:349:11
#7 0x7ffff7c580b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x41c3fd in _start (/mnt/disk/out/libredwg/programs_asan/dwgrewrite+0x41c3fd)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/libredwg/src/bits.c:351:29 in bit_write_RC
==3089790==ABORTING
Compile command
CC="clang" CFLAGS="-O1 -g -fsanitize=address" ./configure --enable-release --disable-shared && make
How can we reproduce the issue?
unzip tests_64234.zip
dwgrewrite ./tests_64234
POC file :
tests_64234.zip
