Program received signal SIGSEGV, Segmentation fault. in mz_inflateEnd at /LuPng/miniz.h:1902

[ambrosecm]

Desctiption

When using the mz_inflateEnd function to handle a specific input. Program received signal SIGSEGV, Segmentation fault. in mz_inflateEnd at /LuPng/miniz.h:1902

LuPng/miniz.h

Lines 1896 to 1902 in 5ec546e

	int mz_inflateEnd(mz_streamp pStream)
	{
	if (!pStream)
	return MZ_STREAM_ERROR;
	if (pStream->state)
	{
	pStream->zfree(pStream->opaque, pStream->state);

The primary cause is that the parameter pStream in mz_inflateEnd points to an inaccessible address, leading to a segmentation fault.

Test Environment

Ubuntu 22.04.1, 64bit
LuPng(commits on Aug 28, 2021 master 5ec546e)
program source file

How to trigger

Download the poc file , program and run the following cmd:

 $ ./mz_inflateEnd ./poc

Detail

GDB report

(gdb) r
Starting program: /home/ambrose/vsproject/HIMFuzz/harness/output/LuPng_deepseek24/crashes/miniz.h/generate/mz_inflateEnd/mz_inflateEnd output/default/crashes/id:000000,sig:11,src:000000,time:5371,execs:2103,op:havoc,rep:29
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000055555569a261 in mz_inflateEnd (pStream=0x7caff6e20040) at /home/ambrose/vsproject/TestLib/LuPng/miniz.h:1902
1902            pStream->zfree(pStream->opaque, pStream->state);
(gdb) bt
#0  0x000055555569a261 in mz_inflateEnd (pStream=0x7caff6e20040)
    at /home/ambrose/vsproject/TestLib/LuPng/miniz.h:1902
#1  0x000055555577f90a in main (argc=2, argv=0x7fffffffdab8)
    at output/LuPng_deepseek24/harness/code/miniz.h/generate/mz_inflateEnd.c:39
(gdb) p pStream->opaque
$1 = (void *) 0x0
(gdb) p pStream->state
$2 = (struct mz_internal_state *) 0x6f10000000000000