Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in draw.c when parsing file #87

Open
Microsvuln opened this issue Apr 29, 2021 · 0 comments
Open

Crash in draw.c when parsing file #87

Microsvuln opened this issue Apr 29, 2021 · 0 comments

Comments

@Microsvuln
Copy link

There is a bug in draw.c file - location : https://github.com/leesavide/abcm2ps/blob/master/draw.c#L3424 when parsing a specific malformed file .

poc1.zip

output :


id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:1: error: Bad character
   5 &7{""ÿROaî
      ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:3: error: Bad character in grace note sequence
   5 &7{""ÿROaî
        ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:4: error: Bad character in grace note sequence
   5 &7{""ÿROaî
         ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:5: error: Bad character in grace note sequence
   5 &7{""ÿROaî
          ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:6: error: Bad character in grace note sequence
   5 &7{""ÿROaî
           ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:7: error: Bad character in grace note sequence
   5 &7{""ÿROaî
            ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:11: error: Bad character in grace note sequence
   5 &7{""ÿROaî
                ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:12: error: Bad character in grace note sequence
   5 &7{""ÿROaî
                 ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:5:12: error: EOLN in grace note sequence
   5 &7{""ÿROaî
                 ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:4: error: Bad character
   6 aHa-ÿRuebooja-ÿRueboojtz_ Xe0
         ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:5: error: Bad character
   6 aHa-ÿRuebooja-ÿRueboojtz_ Xe0
          ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:15: error: Bad character
   6 aHa-ÿRuebooja-ÿRueboojtz_ Xe0
                    ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:16: error: Bad character
   6 aHa-ÿRuebooja-ÿRueboojtz_ Xe0
                     ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:27: error: Missing note after accidental
   6 aHa-ÿRuebooja-ÿRueboojtz_ Xe0
                                ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:0: error: Bad character
  11 Ûzf@&{"a"G"éReiURfaeat aa
     ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:1: error: Bad character
  11 Ûzf@&{"a"G"éReiURfaeat aa
      ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:4: error: Bad character
  11 Ûzf@&{"a"G"éReiURfaeat aa
         ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:6: error: Bad character
  11 Ûzf@&{"a"G"éReiURfaeat aa
           ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:8: error: Bad character in grace note sequence
  11 Ûzf@&{"a"G"éReiURfaeat aa
             ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:10: error: Bad character in grace note sequence
  11 Ûzf@&{"a"G"éReiURfaeat aa
               ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:12: error: Bad character in grace note sequence
  11 Ûzf@&{"a"G"éReiURfaeat aa
                 ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:13: error: Bad character in grace note sequence
  11 Ûzf@&{"a"G"éReiURfaeat aa
                  ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:14: error: Bad character in grace note sequence
  11 Ûzf@&{"a"G"éReiURfaeat aa
                   ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:27: error: EOLN in grace note sequence
  11 Ûzf@&{"a"G"éReiURfaeat aa
                                ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:1: error: Bad start of voice overlay
  12 &2{X:23001
      ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:1: error: Bad character
  12 &2{X:23001
      ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:4: error: Not a note in grace note sequence
  12 &2{X:23001
         ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:4: error: Bad character in grace note sequence
  12 &2{X:23001
         ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:5: error: Bad character in grace note sequence
  12 &2{X:23001
          ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:6: error: Bad character in grace note sequence
  12 &2{X:23001
           ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:7: error: Bad character in grace note sequence
  12 &2{X:23001
            ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:8: error: Bad character in grace note sequence
  12 &2{X:23001
             ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:9: error: Bad character in grace note sequence
  12 &2{X:23001
              ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:12:9: error: EOLN in grace note sequence
  12 &2{X:23001
              ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:13:0: error: Bad character
  13 Ô:Wktzs Xe0
     ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:13:1: error: Bad character
  13 Ô:Wktzs Xe0
      ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:0: error: Bad character
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
     ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:1: error: Bad character
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
      ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:3: error: Bad character
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
        ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:4: error: Bad character
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
         ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:5: error: Bad character
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
          ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:7: error: Bad character
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
            ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:9: error: Bad character in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
              ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:11: error: Bad character in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
                ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:13: error: Bad character in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
                  ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:14: error: Bad character in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
                   ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:15: error: Bad character in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
                    ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:26: error: Not a note in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
                               ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:29: error: Not a note in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
                                  ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:30: error: EOLN in grace note sequence
  15 Ûz@&{"a"G"éReaURfaktzs Xe0
                                   ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:17:0: error: Bad character
  17 Û D0 
     ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:17:1: error: Bad character
  17 Û D0 
      ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:17:5: error: Bad character
  17 Û D0 
          ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:17:6: error: Bad character
  17 Û D0 
           ^
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:2:0: error: header info '@:' not treated
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:4:3: error: Bad character 'h'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:4:3: error: Bad character 'W'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:13: error: Bad character 'j'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:13: error: Bad character 'o'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:13: error: Bad character 'o'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:25: error: Bad character 't'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:25: error: Bad character 'j'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:25: error: Bad character 'o'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:25: error: Bad character 'o'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:13: error: Not enough words for lyric line
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:9: warning: Not enough words for lyric line
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:5: error: Wrong duration in voice overlay
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:20: error: Bad character 'U'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:20: error: Bad character 'i'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:11:26: error: Bad character 't'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:13:2: error: Wrong duration in voice overlay
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:13:6: error: Bad character 't'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:13:6: error: Bad character 'k'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:13:6: error: Bad character 'W'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:13:9: error: Bad character 's'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:4:4: warning: Not enough words for lyric line
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:15:21: error: Bad character 'U'
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:2: warning: Line underfull (314pt of 682pt)
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:13: warning: Line underfull (227pt of 682pt)
id:001251,sig:11,src:016769,time:5121404,op:havoc,rep:2:6:2: error: Bad tie
AddressSanitizer:DEADLYSIGNAL
=================================================================
==28933==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000003b (pc 0x0000004f390c bp 0x7ffe85149e10 sp 0x7ffe85149780 T0)
==28933==The signal is caused by a READ memory access.
==28933==Hint: address points to the zero page.
    #0 0x4f390c in draw_all_ties /home/arash/abcm2ps/draw.c:3424:29
    #1 0x4f390c in draw_symbols /home/arash/abcm2ps/draw.c:4848:2
    #2 0x4f390c in draw_all_symb /home/arash/abcm2ps/draw.c:4866:4
    #3 0x5b7607 in output_music /home/arash/abcm2ps/music.c:5119:3
    #4 0x6b7a79 in generate /home/arash/abcm2ps/parse.c:1042:2
    #5 0x645f70 in gen_ly /home/arash/abcm2ps/parse.c:1063:2
    #6 0x645f70 in do_tune /home/arash/abcm2ps/parse.c:3643:2
    #7 0x54a1da in abc_eof /home/arash/abcm2ps/abcparse.c:202:2
    #8 0x54a1da in frontend /home/arash/abcm2ps/front.c:905:2
    #9 0x33549c in treat_file /home/arash/abcm2ps/abcm2ps.c:240:2
    #10 0x339393 in main /home/arash/abcm2ps/abcm2ps.c:1041:3
    #11 0x7f08ad5a0bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
    #12 0x2868d9 in _start (/home/arash/abcm2ps/abcm2ps.laf.asan+0x2868d9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/arash/abcm2ps/draw.c:3424:29 in draw_all_ties
==28933==ABORTING

Poc is attached .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Microsvuln