jedwing / chmlib Goto Github PK
View Code? Open in Web Editor NEWLibrary for reading Microsoft ITSS/CHM format files.
Home Page: http://morte.jedrea.com/~jedwin/projects/chmlib/
License: GNU Lesser General Public License v2.1
chmlib's People
Contributors
Stargazers
Watchers
Forkers
jespino jjuran icasablanca ahqmhjk afriza juvenal bygreencn deasturies yangrongwei larntin thenephalim lxlpp123 sumit4iit jnduan iossvis jack1582 nicolaze imeteora sumatrapdfreader modulexcite freason ahplankton zysss lilei0510 joncampbell123 dinkin mattz7 luobende ezhangle wzugang goto-bus-stop baidule jokit digsrc fromasmtodisasm jeffrey-mys spsforks adam-zhang disenqf radtek sahwar stephensmitchell-forks ferdnyc laiyongqin brukerjwd sonnybynum follow-the-vine-to-get-to-the-melon c4pt000 joycodex antrepo jerryfleming linecode gerhobbelt areese leon-y zwwland cs2130 iaalm jacobclemente cntrump shutaozhenzhen fweimer-rh li123zhi benpope82 gmh5225chmlib's Issues
create/compile chm files
it seems that chmlib is used to read/decompile chm files only, but since you already be able to decompile it, what should be added to support creating/compile chm files?
I'm interested at this. Do you think it's easy or not? I'm planning to use chmlib as a start point, is it possible?
deprecated-configure-filename
Reported by Debian's Lintian:
X: chmlib source: deprecated-configure-filename
N:
N: The use of 'configure.in' with automake is deprecated and will not be
N: supported in future versions of automake. Please consider (helping
N: upstream) migrating to 'configure.ac' instead.
N:
N: Refer to
N: https://lists.gnu.org/archive/html/automake/2013-05/msg00049.html for
N: details.
N:
N: Severity: wishlist, Certainty: certain
N:
N: Check: automake, Type: source
Thanks!
Read heap overflow in function _unmarshal_int32()
This file will trigger a heap overflow in chmlib (test with enum_chmLib):
https://crashes.fuzzing-project.org/chmlib-heapoverflow-_unmarshal_int32.chm
To see this chmlib needs to be run with valgrind or compiled with address sanitizer. When address sanitizer is not used it will cause an infinite loop.
Found with the help of american fuzzy lop.
Address Sanitizer output:
==6078==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000efe0 at pc 0x0000004e6b0a bp 0x7fff29013b00 sp 0x7fff29013af8
READ of size 1 at 0x60200000efe0 thread T0
#0 0x4e6b09 in _unmarshal_int32 /f/chmlib-0.40/src/chm_lib.c:264:13
#1 0x4e6b09 in _unmarshal_pmgl_header /f/chmlib-0.40/src/chm_lib.c:504
#2 0x4e5070 in chm_enumerate /f/chmlib-0.40/src/chm_lib.c:1663:15
#3 0x4dcc8e in main /f/chmlib-0.40/src/enum_chmLib.c:80:15
#4 0x7ffebbc90f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
#5 0x4363d6 in _start (/mnt/ram/chmlib/enum_chmLib+0x4363d6)
0x60200000efe0 is located 0 bytes to the right of 16-byte region [0x60200000efd0,0x60200000efe0)
allocated by thread T0 here:
#0 0x4bd3a2 in __interceptor_malloc (/mnt/ram/chmlib/enum_chmLib+0x4bd3a2)
#1 0x4e4d5d in chm_enumerate /f/chmlib-0.40/src/chm_lib.c:1628:23
#2 0x4dcc8e in main /f/chmlib-0.40/src/enum_chmLib.c:80:15
SUMMARY: AddressSanitizer: heap-buffer-overflow /f/chmlib-0.40/src/chm_lib.c:264 _unmarshal_int32
Shadow bytes around the buggy address:
0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9df0: fa fa fa fa fa fa fa fa fa fa 00 00[fa]fa fd fd
0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6078==ABORTING
compile lzx.c with -DLZX_CHM_TESTDRIVER do not provide correct main function
Read heap overflow in function _chm_skip_cword()
This file will trigger a heap overflow in chmlib (test with enum_chmLib):
https://crashes.fuzzing-project.org/chmlib-heapoverflow-_chm_skip_cword.chm
To see this chmlib needs to be run with valgrind or compiled with address sanitizer. When address sanitizer is not used it will cause an infinite loop.
Found with the help of american fuzzy lop.
Address Sanitizer output:
==6074==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100001c900 at pc 0x0000004e2d26 bp 0x7ffff01a3eb0 sp 0x7ffff01a3ea8
READ of size 1 at 0x62100001c900 thread T0
#0 0x4e2d25 in _chm_skip_cword /f/chmlib-0.40/src/chm_lib.c:1096:12
#1 0x4e2d25 in _chm_skip_PMGL_entry_data /f/chmlib-0.40/src/chm_lib.c:1104
#2 0x4e2d25 in _chm_find_in_PMGL /f/chmlib-0.40/src/chm_lib.c:1200
#3 0x4e2d25 in chm_resolve_object /f/chmlib-0.40/src/chm_lib.c:1287
#4 0x4de582 in chm_open /f/chmlib-0.40/src/chm_lib.c:901:32
#5 0x4dcc0b in main /f/chmlib-0.40/src/enum_chmLib.c:69:13
#6 0x7f3694114f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
#7 0x4363d6 in _start (/mnt/ram/chmlib/enum_chmLib+0x4363d6)
0x62100001c900 is located 0 bytes to the right of 4096-byte region [0x62100001b900,0x62100001c900)
allocated by thread T0 here:
#0 0x4bd3a2 in __interceptor_malloc (/mnt/ram/chmlib/enum_chmLib+0x4bd3a2)
#1 0x4e0ab3 in chm_resolve_object /f/chmlib-0.40/src/chm_lib.c:1263:23
#2 0x4de582 in chm_open /f/chmlib-0.40/src/chm_lib.c:901:32
#3 0x4dcc0b in main /f/chmlib-0.40/src/enum_chmLib.c:69:13
SUMMARY: AddressSanitizer: heap-buffer-overflow /f/chmlib-0.40/src/chm_lib.c:1096 _chm_skip_cword
Shadow bytes around the buggy address:
0x0c427fffb8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fffb920:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6074==ABORTING
Configure fails if /bin/sh is dash
I'm on gentoo, so I let portage do the building. But basically, chmlib wouldn't go past the configure phase for some reason. Something about calling shift too many times. I like to have dash as my /bin/sh, but I tried changing it back to bash and configure succeeded. I don't know what the cause is, are there bash-isms being used in the configure phase? I'm sorry I can't be more help than this. I don't really understand how the autotools system works so I don't know how to diagnose the situation any further.
>>> Emerging (1 of 27) dev-libs/chmlib-0.40-r1::gentoo
* Fetching files in the background.
* To view fetch progress, run in another terminal:
* tail -f /var/log/emerge-fetch.log
* chmlib-0.40.tar.bz2 BLAKE2B SHA512 size ;-) ... [ ok ]
>>> Unpacking source...
>>> Unpacking chmlib-0.40.tar.bz2 to /var/tmp/portage/dev-libs/chmlib-0.40-r1/work
>>> Source unpacked in /var/tmp/portage/dev-libs/chmlib-0.40-r1/work
>>> Preparing source in /var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40 ...
* Applying chmlib-0.39-stdtypes.patch ...
[ ok ]
* Applying chmlib-0.40-headers.patch ...
patching file src/chm_http.c
Hunk #1 succeeded at 34 with fuzz 2.
Hunk #2 succeeded at 44 (offset 1 line).
[ ok ]
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40 ...
* econf: updating chmlib-0.40/config.guess with /usr/share/gnuconfig/config.guess
* econf: updating chmlib-0.40/config.sub with /usr/share/gnuconfig/config.sub
/var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40/configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --docdir=/usr/share/doc/chmlib-0.40-r1 --htmldir=/usr/share/doc/chmlib-0.40-r1/html --libdir=/usr/lib64 --enable-examples --disable-static
checking for a BSD-compatible install... /usr/lib/portage/python3.7/ebuild-helpers/xattr/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for x86_64-pc-linux-gnu-gcc... x86_64-pc-linux-gnu-gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether x86_64-pc-linux-gnu-gcc accepts -g... yes
checking for x86_64-pc-linux-gnu-gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of x86_64-pc-linux-gnu-gcc... none
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by x86_64-pc-linux-gnu-gcc... /usr/x86_64-pc-linux-gnu/bin/ld
checking if the linker (/usr/x86_64-pc-linux-gnu/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... no
checking for /usr/x86_64-pc-linux-gnu/bin/ld option to reload object files... -r
checking for x86_64-pc-linux-gnu-objdump... x86_64-pc-linux-gnu-objdump
checking how to recognize dependent libraries... pass_all
checking for x86_64-pc-linux-gnu-ar... x86_64-pc-linux-gnu-ar
checking for x86_64-pc-linux-gnu-strip... x86_64-pc-linux-gnu-strip
checking for x86_64-pc-linux-gnu-ranlib... x86_64-pc-linux-gnu-ranlib
checking command to parse /usr/bin/nm -B output from x86_64-pc-linux-gnu-gcc object... ok
checking how to run the C preprocessor... x86_64-pc-linux-gnu-gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if x86_64-pc-linux-gnu-gcc supports -fno-rtti -fno-exceptions... no
checking for x86_64-pc-linux-gnu-gcc option to produce PIC... -fPIC -DPIC
checking if x86_64-pc-linux-gnu-gcc PIC flag -fPIC -DPIC works... yes
checking if x86_64-pc-linux-gnu-gcc static flag -static works... yes
checking if x86_64-pc-linux-gnu-gcc supports -c -o file.o... yes
checking if x86_64-pc-linux-gnu-gcc supports -c -o file.o... (cached) yes
checking whether the x86_64-pc-linux-gnu-gcc linker (/usr/x86_64-pc-linux-gnu/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking for a BSD-compatible install... /usr/lib/portage/python3.7/ebuild-helpers/xattr/install -c
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking for unistd.h... (cached) yes
checking for pthread_mutex_init in -lpthread... yes
checking for lseek64... yes
checking for pread64... yes
checking for size_t... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: executing depfiles commands
./config.status: 1134: shift: can't shift that many
!!! Please attach the following file when seeking support:
!!! /var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40_build/config.log
* ERROR: dev-libs/chmlib-0.40-r1::gentoo failed (configure phase):
* econf failed
*
* Call stack:
* ebuild.sh, line 125: Called src_configure
* environment, line 446: Called out-of-source_src_configure
* environment, line 401: Called my_src_configure
* environment, line 375: Called econf '--enable-examples' '--disable-static'
* phase-helpers.sh, line 681: Called __helpers_die 'econf failed'
* isolated-functions.sh, line 112: Called die
* The specific snippet of code:
* die "$@"
*
* If you need support, post the output of `emerge --info '=dev-libs/chmlib-0.40-r1::gentoo'`,
* the complete build log and the output of `emerge -pqv '=dev-libs/chmlib-0.40-r1::gentoo'`.
* The complete build log is located at '/var/tmp/portage/dev-libs/chmlib-0.40-r1/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/dev-libs/chmlib-0.40-r1/temp/environment'.
* Working directory: '/var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40_build'
* S: '/var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40'
>>> Failed to emerge dev-libs/chmlib-0.40-r1, Log file:
>>> '/var/tmp/portage/dev-libs/chmlib-0.40-r1/temp/build.log'
* Messages for package dev-libs/chmlib-0.40-r1:
* ERROR: dev-libs/chmlib-0.40-r1::gentoo failed (configure phase):
* econf failed
*
* Call stack:
* ebuild.sh, line 125: Called src_configure
* environment, line 446: Called out-of-source_src_configure
* environment, line 401: Called my_src_configure
* environment, line 375: Called econf '--enable-examples' '--disable-static'
* phase-helpers.sh, line 681: Called __helpers_die 'econf failed'
* isolated-functions.sh, line 112: Called die
* The specific snippet of code:
* die "$@"
*
* If you need support, post the output of `emerge --info '=dev-libs/chmlib-0.40-r1::gentoo'`,
* the complete build log and the output of `emerge -pqv '=dev-libs/chmlib-0.40-r1::gentoo'`.
* The complete build log is located at '/var/tmp/portage/dev-libs/chmlib-0.40-r1/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/dev-libs/chmlib-0.40-r1/temp/environment'.
* Working directory: '/var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40_build'
* S: '/var/tmp/portage/dev-libs/chmlib-0.40-r1/work/chmlib-0.40'
Malformed chm file will trigger a floating point exception / crash
This file will trigger a floating point exception in chmlib:
https://crashes.fuzzing-project.org/chmlib-floating-point-exception.chm
Can be tested with enum_chmLib [file]. This was found with the tool american fuzzy lop.
Read heap overflow in function _unmarshal_char_array()
This file will trigger a heap overflow in chmlib (test with enum_chmLib):
https://crashes.fuzzing-project.org/chmlib-heapoverflow-_unmarshal_char_array.chm
To see this chmlib needs to be run with valgrind or compiled with address sanitizer.
Found with the help of american fuzzy lop.
Address Sanitizer output:
==6076==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000efd3 at pc 0x0000004e68b7 bp 0x7fff01443500 sp 0x7fff014434f8
READ of size 4 at 0x60200000efd3 thread T0
#0 0x4e68b6 in _unmarshal_char_array /f/chmlib-0.40/src/chm_lib.c:213:5
#1 0x4e68b6 in _unmarshal_pmgl_header /f/chmlib-0.40/src/chm_lib.c:500
#2 0x4e5070 in chm_enumerate /f/chmlib-0.40/src/chm_lib.c:1663:15
#3 0x4dcc8e in main /f/chmlib-0.40/src/enum_chmLib.c:80:15
#4 0x7f605fcf6f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
#5 0x4363d6 in _start (/mnt/ram/chmlib/enum_chmLib+0x4363d6)
0x60200000efd3 is located 2 bytes to the right of 1-byte region [0x60200000efd0,0x60200000efd1)
allocated by thread T0 here:
#0 0x4bd3a2 in __interceptor_malloc (/mnt/ram/chmlib/enum_chmLib+0x4bd3a2)
#1 0x4e4d5d in chm_enumerate /f/chmlib-0.40/src/chm_lib.c:1628:23
#2 0x4dcc8e in main /f/chmlib-0.40/src/enum_chmLib.c:80:15
SUMMARY: AddressSanitizer: heap-buffer-overflow /f/chmlib-0.40/src/chm_lib.c:213 _unmarshal_char_array
Shadow bytes around the buggy address:
0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9df0: fa fa fa fa fa fa fa fa fa fa[01]fa fa fa fd fa
0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6076==ABORTING
Read heap overflow errors in functions _chm_parse_UTF8()
This file will trigger a heap overflow in chmlib (test with enum_chmLib):
https://crashes.fuzzing-project.org/chmlib-heapoverflow-_chm_parse_UTF8.chm
To see this chmlib needs to be run with valgrind or compiled with address sanitizer. Found with the help of american fuzzy lop.
Address Sanitizer output:
==6072==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100001a100 at pc 0x0000004e6218 bp 0x7fff56b17050 sp 0x7fff56b17048
READ of size 1 at 0x62100001a100 thread T0
#0 0x4e6217 in _chm_parse_UTF8 /f/chmlib-0.40/src/chm_lib.c:1133:26
#1 0x4e6217 in _chm_parse_PMGL_entry /f/chmlib-0.40/src/chm_lib.c:1152
#2 0x4e6217 in chm_enumerate /f/chmlib-0.40/src/chm_lib.c:1675
#3 0x4dcc8e in main /f/chmlib-0.40/src/enum_chmLib.c:80:15
#4 0x7faa8bb3ef9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
#5 0x4363d6 in _start (/mnt/ram/chmlib/enum_chmLib+0x4363d6)
0x62100001a100 is located 0 bytes to the right of 4096-byte region [0x621000019100,0x62100001a100)
allocated by thread T0 here:
#0 0x4bd3a2 in __interceptor_malloc (/mnt/ram/chmlib/enum_chmLib+0x4bd3a2)
#1 0x4e4d5d in chm_enumerate /f/chmlib-0.40/src/chm_lib.c:1628:23
#2 0x4dcc8e in main /f/chmlib-0.40/src/enum_chmLib.c:80:15
SUMMARY: AddressSanitizer: heap-buffer-overflow /f/chmlib-0.40/src/chm_lib.c:1133 _chm_parse_UTF8
Shadow bytes around the buggy address:
0x0c427fffb3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fffb410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fffb420:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fffb470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6072==ABORTING
An improper locking bug(e.g., deadlock) on the lock h->cache_mutex
Hi, developers, thank you for your checking. It seems the lock h->cache_mutex is not released correctly when newBlocks == NULL in the function chm_set_param?
Lines 1026 to 1035 in 2bef8d0
Website down
It seems the website where tarballs are released is down:
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.