Headline
CVE-2021-34338: Segmentation fault in function getName, decompile.c:457 · Issue #201 · libming/libming
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
Hi, there.
There is a segmentation fault in the newest master branch 04aee52.
Here is the reproducing command:
==19422==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000041ef74 bp 0x0c10000017fb sp 0x7ffee6469480 T0)
#0 0x41ef73 in getName ../../util/decompile.c:457
#1 0x42b65b in decompileDELETE ../../util/decompile.c:3175
#2 0x42b65b in decompileAction ../../util/decompile.c:3436
#3 0x44e234 in decompileActions ../../util/decompile.c:3535
#4 0x44e234 in decompile5Action ../../util/decompile.c:3558
#5 0x4114d9 in outputSWF_INITACTION ../../util/outputscript.c:1860
#6 0x402836 in readMovie ../../util/main.c:281
#7 0x402836 in main ../../util/main.c:354
#8 0x7f82c681082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#9 0x403b38 in _start (/mnt/data/playground/libming/build/util/swftophp+0x403b38)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../../util/decompile.c:457 getName
==19422==ABORTING
The cause is due to the incomplete check in line 452 mentioned in the Figure.
