Bug#784080: libe-book-0.1-1: PDB parser: null pointer deference

Sat, 02 May 2015 13:18:36 -0700 

Package: libe-book-0.1-1
Version: 0.1.2-2
Usertags: afl
libe-book crashes on the attached (slightly corrupted) PalmDoc Ebook file: 

$ ./src/conv/text/ebook2text crash.pdb
Segmentation fault


GDB says it's a null pointer dereference:

(gdb) up
#1  0xf7f631a4 in libebook::PDBParser::openDocument (this=0xffffd538) at 
PDBParser.cpp:142
142         if (m_converter->convertBytes(getName(), std::strlen(getName()), nameUtf8) 
&& !nameUtf8.empty())
(gdb) print m_converter
$1 = (libebook::EBOOKCharsetConverter *) 0x0
(gdb) bt
#0  0xf7f1a0b3 in libebook::EBOOKCharsetConverter::convertBytes (this=0x0, in=0x8051c3c 
"sample_dvi", length=10, out=std::vector of length 10, capacity 10 = {...})
   at EBOOKCharsetConverter.cpp:135
#1  0xf7f631a4 in libebook::PDBParser::openDocument (this=0xffffd538) at 
PDBParser.cpp:142
#2  0xf7f62f61 in libebook::PDBParser::readDataRecord (this=0xffffd538, 
input=0x8051c50, last=true) at PDBParser.cpp:108
#3  0xf7f65a57 in libebook::PDXParser::readDataRecords (this=0xffffd538) at 
PDXParser.cpp:188
#4  0xf7f65666 in libebook::PDXParser::parse (this=0xffffd538) at 
PDXParser.cpp:118
#5  0xf7f186bf in libebook::(anonymous namespace)::doParse<libebook::PDBParser> 
(input=0x8051ba0, document=0xffffd624) at EBOOKDocument.cpp:370
#6  0xf7f17c6e in libebook::EBOOKDocument::parse (input=0x8051ba0, 
document=0xffffd624, type=libebook::EBOOKDocument::TYPE_PALMDOC) at 
EBOOKDocument.cpp:603
#7  0x08049160 in main (argc=2, argv=0xffffd6f4) at ebook2text.cpp:100


This bug was found using American fuzzy lop:
http://lcamtuf.coredump.cx/afl/

-- System Information:
Debian Release: stretch/sid
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libe-book-0.1-1 depends on:
ii  libc6             2.19-18
ii  libgcc1           1:5.1.1-2
ii  libicu52          52.1-8
ii  librevenge-0.0-0  0.0.2-2
ii  libstdc++6        5.1.1-2
ii  libxml2           2.9.2+dfsg1-3
ii  zlib1g            1:1.2.8.dfsg-2+b1

--
Jakub Wilk

Attachment: crash.pdb
Description: Protein Databank data

Reply via email to