We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, I was playing with libFuzzer and found crash when opening encrypted xlsx-file with xlnt::workbook::load function.
xlnt::workbook::load
Segmentation fault occurs when loading crash-16b4cf6103695fbb96cd52ff2c5be05e83344d4e.txt file. You can use docker and fuzz targets from oss-sydr-fuzz to reproduce error:
/load_fuzzer crash-16b4cf6103695fbb96cd52ff2c5be05e83344d4e.txt
Sanitizer output:
================================================================= ==32142==ERROR: AddressSanitizer: SEGV on unknown address 0x61dc00000a80 (pc 0x7f955c2e2dc9 bp 0x7ffd2fd0b8d0 sp 0x7ffd2fd0b088 T0) ==32142==The signal is caused by a READ memory access. #0 0x7f955c2e2dc9 /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:345 #1 0x4db0b1 in __asan_memcpy /llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 #2 0x109a359 in xlnt::detail::compound_document::read_directory() /xlnt/source/detail/cryptography/compound_document.cpp:975:34 #3 0x109709b in xlnt::detail::compound_document::compound_document(std::istream&) /xlnt/source/detail/cryptography/compound_document.cpp:517:5 #4 0x982c40 in (anonymous namespace)::decrypt_xlsx(std::vector<unsigned char, std::allocator<unsigned char> > const&, std::__cxx11::basic_string<char16_t, std::char_traits<char16_t>, std::allocator<char16_t> > const&) /xlnt/source/detail/cryptography/xlsx_crypto_consumer.cpp:320:37 #5 0x98243a in xlnt::detail::decrypt_xlsx(std::vector<unsigned char, std::allocator<unsigned char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /xlnt/source/detail/cryptography/xlsx_crypto_consumer.cpp:339:12 #6 0x983bee in xlnt::detail::xlsx_consumer::read(std::istream&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /xlnt/source/detail/cryptography/xlsx_crypto_consumer.cpp:345:28 #7 0x547138 in xlnt::workbook::load(std::istream&) /xlnt/source/workbook/workbook.cpp:901:22 #8 0x56df87 in xlnt::workbook::load(std::vector<unsigned char, std::allocator<unsigned char> > const&) /xlnt/source/workbook/workbook.cpp:919:5 #9 0x514da2 in LLVMFuzzerTestOneInput /xlnt/build/../load_fuzzer.cc:9:23 #10 0x441d41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #11 0x42c35c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #12 0x4320cb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 #13 0x45ae12 in main /llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #14 0x7f955c24b0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #15 0x426c7d in _start (/load_fuzzer+0x426c7d) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:345 ==32142==ABORTING
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi,
I was playing with libFuzzer and found crash when opening encrypted xlsx-file with
xlnt::workbook::load
function.Segmentation fault occurs when loading crash-16b4cf6103695fbb96cd52ff2c5be05e83344d4e.txt file. You can use docker and fuzz targets from oss-sydr-fuzz to reproduce error:
Sanitizer output:
The text was updated successfully, but these errors were encountered: