swfmill SEGV in SWF::DefineFont2::write(SWF::Writer*, SWF::Context*)

SEGV in SWF::DefineFont2::write(SWF::Writer, SWF::Context)

Open Cvjark opened this issue 3 years ago • 0 comments

sample file

command to reproduce

./swfmill xml2swf [sample file]

crash detail

AddressSanitizer:DEADLYSIGNAL
=================================================================
==55697==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000006c4944 bp 0x00000000005e sp 0x7fff161ee980 T0)
==55697==The signal is caused by a READ memory access.
==55697==Hint: address points to the zero page.
    #0 0x6c4944 in SWF::DefineFont2::write(SWF::Writer*, SWF::Context*) /home/bupt/Desktop/swfmill/src/gSWFWriter.cpp
    #1 0x6a2eac in SWF::Header::write(SWF::Writer*, SWF::Context*) /home/bupt/Desktop/swfmill/src/gSWFWriter.cpp:232:16
    #2 0x53d45c in SWF::File::save(_IO_FILE*, SWF::Context*) /home/bupt/Desktop/swfmill/src/SWFFile.cpp:158:11
    #3 0x54f8b9 in swfmill_xml2swf(int, char**) /home/bupt/Desktop/swfmill/src/swfmill.cpp:251:21
    #4 0x7fd92a2abc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
    #5 0x4224d9 in _start (/home/bupt/Desktop/swfmill/src/swfmill+0x4224d9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/bupt/Desktop/swfmill/src/gSWFWriter.cpp in SWF::DefineFont2::write(SWF::Writer*, SWF::Context*)
==55697==ABORTING

Jul 11 '22 04:07 Cvjark

swfmill swfmill copied to clipboard

SEGV in SWF::DefineFont2::write(SWF::Writer*, SWF::Context*)

sample file

command to reproduce

crash detail

swfmill
swfmill copied to clipboard

SEGV in SWF::DefineFont2::write(SWF::Writer, SWF::Context)