swfmill swf2xml denial of service (OOM)

[lcatro]

Crash File : https://raw.githubusercontent.com/lcatro/My_PoC/master/swfmill/swf2xml_dead_loop

Trigger : ./swfmill swf2xml ./swf2xml_dead_loop

it will alloc a lot of memory until this process get kill

Crash Detail :

libfuzzer@libfuzzer-virtual-machine:~/fuzzing/swfmill/src$ ./swfmill swf2xml ./swf2xml_dead_loop 
WARNING: size specified in SWF (1751646321) != filesize (73), using filesize-8.
buf is nonzero in byteAlign() @8
WARNING: end of tag PlaceObject2 is @35, should be @40
kill

[djcsdy]

Thanks!

I think if you’re going to fuzz swfmill you’re going to find a lot of issues like this :-). The code is not brilliant and it’s pretty much permanently stuck at alpha quality.

Anyway, I will look into it.

[lcatro]

@djcsdy I see last issue is 2016 year before me at github and my issus will correct product crash .Recently I'm try to fuzzing some open source project until i found it .

Anyway ,you did a good job ..