CVE-2023-30085: Allocation size overflow in cws2fws() at main.c:111 · Issue #267 · libming/libming

Allocation size overflow in the latest version of libming at function cws2fws in util/main.c:111.

Environment

Ubuntu 18.04, 64 bit
libming 0.4.8

Steps to reproduce

1. download file

   wget https://github.com/libming/libming/archive/refs/tags/ming-0_4_8.tar.gz tar -zxvf ming-0_4_8.tar.gz

2. compile libming with ASAN

   cd libming-ming-0_4_8 ./autogen.sh export FORCE_UNSAFE_CONFIGURE=1 export LLVM_COMPILER=clang CC=wllvm CXX=wllvm++ CFLAGS="-g -O0 -fcommon -Wno-error" ./configure --prefix=pwd/obj-bc --with-php-config=/usr/bin/php-config7.2 --enable-static --disable-shared make make install

   cd obj-bc/bin/ extract-bc swftophp clang -fsanitize=address -lz -lm swftophp.bc -o swftophp_asan

3. command for reproducing the error

Download poc:
libming_0-4-8_swftophp_allocation-size-overflow_main111.zip

ASAN report

root@2413df779df0:~/compiler1804/libming-ming-0_4_8/obj-bc/bin# ./swftophp_asan libming_0-4-8_swftophp_allocation-size-overflow_main111.swf 
=================================================================
==60493==ERROR: AddressSanitizer: requested allocation size 0xffffffffff000533 (0xffffffffff001538 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
    #0 0x4ae288 in realloc /root/LLVM/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164
    #1 0x4f9334 in cws2fws /root/compiler1804/libming-ming-0_4_8/util/main.c:111:15
    #2 0x4f99dd in readMovieHeader /root/compiler1804/libming-ming-0_4_8/util/main.c:198:18
    #3 0x4f97ee in main /root/compiler1804/libming-ming-0_4_8/util/main.c:346:5
    #4 0x7f6a64b67c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310

==60493==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: allocation-size-too-big /root/LLVM/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:164 in realloc
==60493==ABORTING