Tested Version:
libextractor v1.6
Tested System:
Linux leon-virtual-machine 4.10.0-35-generic #39~16.04.1-Ubuntu SMP Wed Sep 13 09:02:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Details:
In function EXTRACTOR_s3m_extract_method at s3m_extractor.c
83 if (sizeof (header) >
84 ec->read (ec->cls,
85 &data,
86 sizeof (header)))
87 return;
88 memcpy (&header, data, sizeof (header));
89 if ( (0x1A != header.byte_1A) ||
90 (0 != memcmp (header.SCRM, "SCRM", 4)) )
91 return;
ec->read function set data to NULL, so it crash when the code want to copy data to header.
Crash Information:
The output with address sanitizer enabled
./extract -i extract.EXTRACTOR_s3m_extract_method.s3m_extractor.88.crash
Keywords for file extract.EXTRACTOR_s3m_extract_method.s3m_extractor.88.crash:
comment - r~rL?
ASAN:SIGSEGV
=================================================================
==49338==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fc077662c44 bp 0x7ffe92149d60 sp 0x7ffe92149be0 T0)
#0 0x7fc077662c43 in EXTRACTOR_s3m_extract_method /root/libextractor-1.6/src/plugins/s3m_extractor.c:88
#1 0x7fc07e5909a1 in do_extract /root/libextractor-1.6/src/main/extractor.c:583
#2 0x7fc07e590db5 in EXTRACTOR_extract /root/libextractor-1.6/src/main/extractor.c:662
#3 0x4044f9 in main /root/libextractor-1.6/src/main/extract.c:983
#4 0x7fc07e1ca82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x4017c8 in _start (/opt/asan/bin/extract+0x4017c8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/libextractor-1.6/src/plugins/s3m_extractor.c:88 EXTRACTOR_s3m_extract_method
==49338==ABORTING
CREDIT
Zhao Liang, Huawei Weiran Labs
Attachment is POC file
extract.EXTRACTOR_s3m_extract_method.s3m_extractor.88.crash