Program received signal SIGSEGV, Segmentation fault. in mz_deflateReset at /LuPng/miniz.h:1587 #15
Description
Desctiption
When using the mz_deflateReset function to handle a specific input. Program received signal SIGSEGV, Segmentation fault. in mz_deflateReset at /LuPng/miniz.h:1587
Lines 1582 to 1587 in 5ec546e
The primary cause is that the parameter pStream in mz_deflateReset is corrupted. Specifically, pStream->state points to an inaccessible address, leading to a segmentation fault.
Test Environment
Ubuntu 22.04.1, 64bit
LuPng(commits on Aug 28, 2021 master 5ec546e)
program source file
How to trigger
Download the poc file , program and run the following cmd:
$ ./mz_deflateReset ./poc
Detail
GDB report
(gdb) r
Starting program: /home/ambrose/vsproject/HIMFuzz/harness/output/LuPng_deepseek24/crashes/miniz.h/generate/mz_deflateReset/mz_deflateReset output/default/crashes/id:000000,sig:11,src:000001,time:1303,execs:558,op:havoc,rep:2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x0000555555670d45 in mz_deflateReset (pStream=0x7bfff5c09020) at /home/ambrose/vsproject/TestLib/LuPng/miniz.h:1587
1587 tdefl_init((tdefl_compressor *)pStream->state, NULL, NULL, ((tdefl_compressor *)pStream->state)->m_flags);
(gdb) bt
#0 0x0000555555670d45 in mz_deflateReset (pStream=0x7bfff5c09020)
at /home/ambrose/vsproject/TestLib/LuPng/miniz.h:1587
#1 0x000055555577f98f in main (argc=2, argv=0x7fffffffdab8)
at output/LuPng_deepseek24/harness/code/miniz.h/generate/mz_deflateReset.c:31
(gdb) p (tdefl_compressor *)pStream->state
$1 = (tdefl_compressor *) 0x505050505050000
(gdb) p ((tdefl_compressor *)pStream->state)->m_flags
Cannot access memory at address 0x505050505050010