uvoteam / libdoc Goto Github PK
View Code? Open in Web Editor NEWC/Python library to extract text from MS doc files
License: GNU General Public License v2.0
C/Python library to extract text from MS doc files
License: GNU General Public License v2.0
latest version, git clone https://github.com/uvoteam/libdoc
Ubuntu 16.04-x64, gcc version 5.4.0 20160609
gcc main.c -o doc2txt -L ../build/ -lasan -fsanitize=address -ggdb ../build/libdoc.a
doc2txt [infile]
Reading symbols from doc2txt...done.
(gdb) run libdoc_numutils_getlong_22.overflow
Starting program: /var/normal/bin/doc2txt libdoc_numutils_getlong_22.overflow
*** Error in `/var/normal/bin/doc2txt': corrupted size vs. prev_size: 0x000000000064dfc0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7ffff7a847e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x80d36)[0x7ffff7a8dd36]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7ffff7a9153c]
/var/normal/bin/doc2txt[0x400e52]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7ffff7a2d830]
/var/normal/bin/doc2txt[0x400c99]
======= Memory map: ========
00400000-0044c000 r-xp 00000000 08:01 526540 /var/normal/bin/doc2txt
0064b000-0064c000 r--p 0004b000 08:01 526540 /var/normal/bin/doc2txt
0064c000-0064d000 rw-p 0004c000 08:01 526540 /var/normal/bin/doc2txt
0064d000-0066e000 rw-p 00000000 00:00 0 [heap]
7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0
7ffff0021000-7ffff4000000 ---p 00000000 00:00 0
7ffff77f7000-7ffff780d000 r-xp 00000000 08:01 1053568 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff780d000-7ffff7a0c000 ---p 00016000 08:01 1053568 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff7a0c000-7ffff7a0d000 rw-p 00015000 08:01 1053568 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff7a0d000-7ffff7bcd000 r-xp 00000000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7bcd000-7ffff7dcd000 ---p 001c0000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7dcd000-7ffff7dd1000 r--p 001c0000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7dd1000-7ffff7dd3000 rw-p 001c4000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7dd3000-7ffff7dd7000 rw-p 00000000 00:00 0
7ffff7dd7000-7ffff7dfd000 r-xp 00000000 08:01 1053502 /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7fde000-7ffff7fe1000 rw-p 00000000 00:00 0
7ffff7ff6000-7ffff7ff7000 rw-p 00000000 00:00 0
7ffff7ff7000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00025000 08:01 1053502 /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7ffd000-7ffff7ffe000 rw-p 00026000 08:01 1053502 /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Program received signal SIGABRT, Aborted.
0x00007ffff7a42428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff7a42428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff7a4402a in __GI_abort () at abort.c:89
#2 0x00007ffff7a847ea in __libc_message (do_abort=2, fmt=fmt@entry=0x7ffff7b9ded8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff7a8dd36 in malloc_printerr (ar_ptr=0x7ffff7dd1b20 <main_arena>, ptr=<optimized out>, str=0x7ffff7b9ac75 "corrupted size vs. prev_size", action=3) at malloc.c:5006
#4 _int_free (av=0x7ffff7dd1b20 <main_arena>, p=<optimized out>, have_lock=0) at malloc.c:4005
#5 0x00007ffff7a9153c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968
#6 0x0000000000400e52 in main ()
root@leon-virtual-machine:/var/asan/bin# ./doc2txt libdoc_numutils_getlong_22.overflow
=================================================================
==92310==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000f120 at pc 0x000000403238 bp 0x7ffe6888f220 sp 0x7ffe6888f210
READ of size 1 at 0x60200000f120 thread T0
#0 0x403237 in getlong /root/libdoc/numutils.c:22
#1 0x404053 in ole_init /root/libdoc/ole.c:176
#2 0x401d61 in analyze_format /root/libdoc/analyze.c:50
#3 0x4019a2 in doc2text /root/libdoc/catdoc.c:55
#4 0x401715 in main /root/libdoc/example/main.c:24
#5 0x7f082402e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x401498 in _start (/var/asan/bin/doc2txt+0x401498)
AddressSanitizer can not describe address in more detail (wild memory access suspected).
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/libdoc/numutils.c:22 getlong
Shadow bytes around the buggy address:
0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 01 fa
0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9e20: fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==92310==ABORTING
libdoc_numutils_getlong_22.zip
Zhao Liang, Huawei Weiran Labs
A parameter which do not exist will lead to Segmentation fault in catdoc.c:34 at libdoc master branch(2019/1/29) when using libdoc.a
Triggered by
gcc main.c -o doc2txt -L ../build/ -lasan -fsanitize=address -ggdb ../build/libdoc.a
doc2txt [A filename which not exist]
Poc
./doc2txt d_000094,sig_06,src_000540,op_havoc,rep_2:
The ASAN information is as follows:
root:~/libdoc-master/example# ./doc2txt d_000094,sig_06,src_000540,op_havoc,rep_2:
ASAN:SIGSEGV
=================================================================
==37085==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000401a4a bp 0x0fffbea4dd3e sp 0x7ffdf526e9e0 T0)
#0 0x401a49 in doc2text /root/libdoc-master/catdoc.c:34
#1 0x4018ea in main /root/libdoc-master/example/main.c:23
#2 0x7f60ad96782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#3 0x401668 in _start (/root/libdoc-master/example/doc2txt+0x401668)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/libdoc-master/catdoc.c:34 doc2text
==37085==ABORTING
FoundBy: [email protected]
latest version, git clone https://github.com/uvoteam/libdoc
Ubuntu 16.04-x64, gcc version 5.4.0 20160609
gcc main.c -o doc2txt -L ../build/ -lasan -fsanitize=address -ggdb ../build/libdoc.a
doc2txt [infile]
Reading symbols from doc2txt...done.
(gdb) run libdoc_reader_process_file_203.overflow
Starting program: /var/normal/bin/doc2txt libdoc_reader_process_file_203.overflow
*** Error in `/var/normal/bin/doc2txt': malloc(): memory corruption: 0x000000000064e1c0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7ffff7a847e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7ffff7a8f13e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7ffff7a91184]
/var/normal/bin/doc2txt[0x402a63]
/var/normal/bin/doc2txt[0x4012fd]
/var/normal/bin/doc2txt[0x400f3d]
/var/normal/bin/doc2txt[0x400e46]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7ffff7a2d830]
/var/normal/bin/doc2txt[0x400c99]
======= Memory map: ========
00400000-0044c000 r-xp 00000000 08:01 526540 /var/normal/bin/doc2txt
0064b000-0064c000 r--p 0004b000 08:01 526540 /var/normal/bin/doc2txt
0064c000-0064d000 rw-p 0004c000 08:01 526540 /var/normal/bin/doc2txt
0064d000-0066e000 rw-p 00000000 00:00 0 [heap]
7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0
7ffff0021000-7ffff4000000 ---p 00000000 00:00 0
7ffff77f7000-7ffff780d000 r-xp 00000000 08:01 1053568 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff780d000-7ffff7a0c000 ---p 00016000 08:01 1053568 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff7a0c000-7ffff7a0d000 rw-p 00015000 08:01 1053568 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff7a0d000-7ffff7bcd000 r-xp 00000000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7bcd000-7ffff7dcd000 ---p 001c0000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7dcd000-7ffff7dd1000 r--p 001c0000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7dd1000-7ffff7dd3000 rw-p 001c4000 08:01 1053530 /lib/x86_64-linux-gnu/libc-2.23.so
7ffff7dd3000-7ffff7dd7000 rw-p 00000000 00:00 0
7ffff7dd7000-7ffff7dfd000 r-xp 00000000 08:01 1053502 /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7fde000-7ffff7fe1000 rw-p 00000000 00:00 0
7ffff7ff6000-7ffff7ff7000 rw-p 00000000 00:00 0
7ffff7ff7000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00025000 08:01 1053502 /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7ffd000-7ffff7ffe000 rw-p 00026000 08:01 1053502 /lib/x86_64-linux-gnu/ld-2.23.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Program received signal SIGABRT, Aborted.
0x00007ffff7a42428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff7a42428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff7a4402a in __GI_abort () at abort.c:89
#2 0x00007ffff7a847ea in __libc_message (do_abort=2, fmt=fmt@entry=0x7ffff7b9ded8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff7a8f13e in malloc_printerr (ar_ptr=0x7ffff7dd1b20 <main_arena>, ptr=0x64e1c0, str=0x7ffff7b9ad3f "malloc(): memory corruption", action=<optimized out>)
at malloc.c:5006
#4 _int_malloc (av=av@entry=0x7ffff7dd1b20 <main_arena>, bytes=bytes@entry=200) at malloc.c:3474
#5 0x00007ffff7a91184 in __GI___libc_malloc (bytes=200) at malloc.c:2913
#6 0x0000000000402a63 in ole_readdir (f=0x64d290, ole_params=0x7fffffffe1d0) at /root/libdoc/ole.c:314
#7 0x00000000004012fd in analyze_format (f=0x64d290, out=0x64d010) at /root/libdoc/analyze.c:52
#8 0x0000000000400f3d in doc2text (buf=0x64e250 "", size=41095, buffer_out=0x7fffffffe368) at /root/libdoc/catdoc.c:55
#9 0x0000000000400e46 in main ()
root@leon-virtual-machine:/var/asan/bin# ./doc2txt libdoc_reader_process_file_203.overflow
=================================================================
==76395==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fa2b88fa7fe at pc 0x000000407d19 bp 0x7ffc58dcb2a0 sp 0x7ffc58dcb290
READ of size 2 at 0x7fa2b88fa7fe thread T0
#0 0x407d18 in process_file /root/libdoc/reader.c:203
#1 0x402344 in parse_word_header /root/libdoc/analyze.c:123
#2 0x401e54 in analyze_format /root/libdoc/analyze.c:57
#3 0x4019a2 in doc2text /root/libdoc/catdoc.c:55
#4 0x401715 in main /root/libdoc/example/main.c:24
#5 0x7fa2b748b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x401498 in _start (/var/asan/bin/doc2txt+0x401498)
0x7fa2b88fa7fe is located 2 bytes to the left of 524288-byte region [0x7fa2b88fa800,0x7fa2b897a800)
allocated by thread T0 here:
#0 0x7fa2b78cd602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x407733 in process_file /root/libdoc/reader.c:111
#2 0x402344 in parse_word_header /root/libdoc/analyze.c:123
#3 0x401e54 in analyze_format /root/libdoc/analyze.c:57
#4 0x4019a2 in doc2text /root/libdoc/catdoc.c:55
#5 0x401715 in main /root/libdoc/example/main.c:24
#6 0x7fa2b748b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/libdoc/reader.c:203 process_file
Shadow bytes around the buggy address:
0x0ff4d71174a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff4d71174b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff4d71174c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff4d71174d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff4d71174e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0ff4d71174f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0ff4d7117500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4d7117510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4d7117520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4d7117530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff4d7117540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==76395==ABORTING
libdoc_reader_process_file_203.zip
Zhao Liang, Huawei Weiran Labs
A crafted input will lead to ’division by zero‘ in ole.c:390 at libdoc master branch(2019/1/29) when using libdoc.a
Triggered by
gcc main.c -o doc2txt -L ../build/ -lasan -fsanitize=address -ggdb ../build/libdoc.a
doc2txt [infile]
Poc
libdoc_poc3.zip
The gdb information is as follows:
Starting program: /root/libdoc-master/example/doc2txt id_0000102,sig_08,src_000304,op_flip1,pos_32
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGFPE, Arithmetic exception.
0x0000000000403669 in calcFileBlockOffset (ole_params=0x7fffffffe0a0, blk=0, e=0x60c00000bd40) at /root/libdoc-master/ole.c:390
390 long int sbdSecNum=e->blocks[blk]/sbdPerSector;
(gdb) bt
#0 0x0000000000403669 in calcFileBlockOffset (ole_params=0x7fffffffe0a0, blk=0, e=0x60c00000bd40) at /root/libdoc-master/ole.c:390
#1 ole_read (ptr=0x7fffffffe140, size=<optimized out>, nmemb=<optimized out>, stream=0x60c00000bd40, ole_params=0x7fffffffe0a0) at /root/libdoc-master/ole.c:436
#2 0x00000000004020b7 in analyze_format (f=f@entry=0x61200000bec0, out=out@entry=0x61600000f980) at /root/libdoc-master/analyze.c:56
#3 0x0000000000401a94 in doc2text (buf=0x62c000000200 "\320\317\021\340\241\261\032\341", '\060' <repeats 15 times>, ")000000\t0\026", '\060' <repeats 11 times>, "\001",
size=<optimized out>, buffer_out=<optimized out>) at /root/libdoc-master/catdoc.c:55
#4 0x00000000004018eb in main (argc=2, argv=0x7fffffffe488) at main.c:23
(gdb)
FoundBy: [email protected]
A crafted input will lead to heap-buffer-overflow in reader.c:203 at libdoc master branch(2019/1/29) when using libdoc.a
Triggered by
gcc main.c -o doc2txt -L ../build/ -lasan -fsanitize=address -ggdb ../build/libdoc.a
doc2txt [infile]
Poc
libdoc_poc2.zip
The ASAN information is as follows:
=================================================================
==30477==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fe37c9507fe at pc 0x0000004075e8 bp 0x7fff893cc130 sp 0x7fff893cc120
READ of size 2 at 0x7fe37c9507fe thread T0
#0 0x4075e7 in process_file /root/libdoc-master/reader.c:203
#1 0x401e30 in parse_word_header /root/libdoc-master/analyze.c:123
#2 0x4020d6 in analyze_format /root/libdoc-master/analyze.c:57
#3 0x401a93 in doc2text /root/libdoc-master/catdoc.c:55
#4 0x4018ea in main /root/libdoc-master/example/main.c:23
#5 0x7fe37b4de82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x401668 in _start (/root/libdoc-master/example/doc2txt+0x401668)
0x7fe37c9507fe is located 2 bytes to the left of 524288-byte region [0x7fe37c950800,0x7fe37c9d0800)
allocated by thread T0 here:
#0 0x7fe37b920602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x407045 in process_file /root/libdoc-master/reader.c:111
#2 0x40307f (/root/libdoc-master/example/doc2txt+0x40307f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/libdoc-master/reader.c:203 process_file
Shadow bytes around the buggy address:
0x0ffcef9220a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ffcef9220b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ffcef9220c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ffcef9220d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ffcef9220e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0ffcef9220f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0ffcef922100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffcef922110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffcef922120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffcef922130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ffcef922140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==30477==ABORTING
FoundBy: [email protected]
A crafted input will lead to Segmentation fault in numutils.c:22 at libdoc master branch(2019/1/29) when using libdoc.a
Triggered by
gcc main.c -o doc2txt -L ../build/ -lasan -fsanitize=address -ggdb ../build/libdoc.a
doc2txt [infile]
Poc
libdoc_poc1.zip
The ASAN information is as follows:
ASAN:SIGSEGV
=================================================================
==30179==ERROR: AddressSanitizer: SEGV on unknown address 0x60200028efe8 (pc 0x000000402eeb bp 0x00000000000a sp 0x7ffd46f34450 T0)
#0 0x402eea in getlong /root/libdoc-master/numutils.c:22
#1 0x40588a in ole_init /root/libdoc-master/ole.c:176
#2 0x40201a in analyze_format /root/libdoc-master/analyze.c:50
#3 0x401a93 in doc2text /root/libdoc-master/catdoc.c:55
#4 0x4018ea in main /root/libdoc-master/example/main.c:23
#5 0x7ff33d21882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x401668 in _start (/root/libdoc-master/example/doc2txt+0x401668)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/libdoc-master/numutils.c:22 getlong
FoundBy: [email protected]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.