Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid-allocation-size in function add_ent_preview() #1006

Closed
skorpion98 opened this issue Sep 4, 2024 · 2 comments
Closed

Invalid-allocation-size in function add_ent_preview() #1006

skorpion98 opened this issue Sep 4, 2024 · 2 comments
Assignees
@rurban
Labels
fuzzing Intentional illegal input

Comments

@skorpion98
Copy link

Describe the bug

In file in_dxf.c, function add_ent_preview() invokes the calloc() function with an invalid value when a specific input is provided (0x7fffffffffffffff with the attached input).

To Reproduce

Due to size constraints of this report, the archive we used to perform our tests is available at this link, and it contains:

  • the executable on which we performed our tests
  • the input file that caused the bug
  • the output of ASan confirming our finding

To reproduce the errors, simply run the given binary on the provided testcase files with a command like ./llvmfuzz /path_to_testcases/input

The program has been tested on the OSS-Fuzz Docker image for this project using Ubuntu 20.04.During the compilation,we compiled using Address Sanitizer using the flag --sanitizer=address.

The hash commit used to perform the tests is 27118c4.

Environment

  • OS: Linux
  • Version/Distribution: Ubuntu 20.04
  • Architecture: x86_64
@rurban rurban added the fuzzing Intentional illegal input label Sep 4, 2024
@rurban
Copy link
Contributor

rurban commented Sep 28, 2024
edited
Loading

Harmless. If the calloc fails due to an overlarge user-input value, it fails with an Out of memory error.
But I fail now earlier when the size is > INTMAX_MAX.

And we only need the failing input file and cmdline to reproduce for the next time.

@rurban rurban self-assigned this Sep 28, 2024
rurban added a commit that referenced this issue Sep 28, 2024
@rurban
indxf: check invalid preview_size
a384325 
Fixes GH #1006, fuzzing invalid DXF input
rurban added a commit that referenced this issue Sep 28, 2024
@rurban
define MAX_SIZE_BUF
adce77a 
esp. for asan: allocation-size-too-big
which is harmless, but throws a better error msg in add_ent_preview for a BLL.
Fixes GH #1006, fuzzing DXF input
@rurban
Copy link
Contributor

rurban commented Oct 3, 2024

Fixed by adce77a and a384325

@rurban rurban closed this as completed Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rurban rurban

Labels
fuzzing Intentional illegal input
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rurban @skorpion98