furnace [BUG] When converting FUR to VGM with furnace console mode, there were many crashes

[BUG] When converting FUR to VGM with furnace console mode, there were many crashes

Open mqrsv opened this issue 3 years ago • 5 comments

OS： ubuntu 20.04

Furnace version dev73.

Command: ./furnace -console -vgmout out.vgm poc.fur

I use fuzz tests, so I don't analyze these crashes in detail.

I packaged the POC file so you can reproduce the error.

Mar 29 '22 07:03 mqrsv

Also happens when opening these files... hmmm...

Mar 29 '22 08:03 tildearrow

I used the Fuzz tool to get hundreds of crashes in 24 hours.

Poc.tar. gz are a couple of specific errors I classified.

Mar 29 '22 08:03 mqrsv

FYI: This issue got CVE-2022-1211 assigned (source: https://vuldb.com/?id.196371)

Apr 03 '22 11:04 marcruef

I have improved the file loader to ensure we don't go out of bounds. Please test with git master.

Apr 04 '22 19:04 tildearrow

Re-opening issue as I found one crash.

Apr 09 '22 23:04 tildearrow

that appears to be done as well.

Feb 14 '23 15:02 freq-mod

Not really - I feel like I need to harden Furnace a bit more.

Feb 14 '23 18:02 tildearrow

Closing - doesn't reproduce anymore.

Jul 10 '23 00:07 tildearrow