Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.

Date

April 26, 2022

Percona XtraBackup for MySQL Databases enables MySQL backups without blocking user queries. Percona XtraBackup is ideal for companies with large data sets and mission-critical applications that cannot tolerate long periods of downtime. Offered free as an open source solution, Percona XtraBackup drives down backup costs while providing unique features for MySQL backups.

Percona XtraBackup 2.4 does not support making backups of databases created in _MySQL 8.0_, _Percona Server for MySQL 8.0_, or _Percona XtraDB Cluster 8.0_. Use Percona XtraBackup 8.0 to make backups for these versions.

*   Release Highlights
    
*   New Features
    
*   Bugs Fixed
    
*   Useful Links
    

**Release Highlights¶**

The xbcloud binary adds support for the Microsoft Azure Cloud Storage using the REST API.

**New Features¶**

*   PXB-1883: Implements support for Microsoft Azure Cloud Storage in the xbcloud binary. (Thanks to Ivan Groenewold for reporting this issue)
    

**Bugs Fixed¶**

*   PXB-2608: Upgraded the Vault API to V2 (Thanks to Benedito Marques Magalhaes for reporting this issue)
    
*   PXB-2649: Fix for compilation issues on GCC-10.
    
*   PXB-2648: CURL prior to 7.38.0 version doesn’t use CURLE\_HTTP2 and throws an error 'CURLE_HTTP2' is not a member of 'CURLcode'. Added CURLE\_OBSOLETE16 as a connectivity error code. In CURL versions after 7.38.0, CURLE\_OBSOLETE16 is translated to CURLE\_HTTP2.
    
*   PXB-2711: Fix for libgcrypt initialization warnings in xtrabackup.
    
*   PXB-2722: Fix for when via command line, a password, passed using the -p option, was written into the backup tool\_command in xtrabackup\_info.
    

**Useful Links¶**

*   The Percona XtraBackup installation instructions
    
*   The Percona XtraBackup downloads
    
*   The Percona XtraBackup GitHub location
    
*   To contribute to the documentation, review the Documentation Contribution Guide

CVE-2022-26944: Percona XtraBackup 2.4.25 — Percona XtraBackup 2.4 Documentation

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

CVE-2022-32200: DA's Libdwarf Vulnerabilities

RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.

master

Switch branches/tags

**1** branch **0** tags

Code

**Latest commit**

**Git stats**

*   **107** commits

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

2022

FEYE-2019-0001

FEYE-2019-0002

FEYE-2019-0003

FEYE-2019-0004

FEYE-2019-0005

FEYE-2019-0006

FEYE-2019-0007

FEYE-2019-0008

FEYE-2019-0009

FEYE-2019-0010

FEYE-2019-0011

FEYE-2019-0012

FEYE-2019-0013

FEYE-2019-0014

FEYE-2019-0015

FEYE-2020-0001

FEYE-2020-0002

FEYE-2020-0003

FEYE-2020-0004

FEYE-2020-0005

FEYE-2020-0006

FEYE-2020-0007

FEYE-2020-0008

FEYE-2020-0009

FEYE-2020-0010

FEYE-2020-0011

FEYE-2020-0012

FEYE-2020-0013

FEYE-2020-0014

FEYE-2020-0015

FEYE-2020-0016

FEYE-2020-0017

FEYE-2020-0018

FEYE-2020-0019

FEYE-2020-0020

FEYE-2021-0001

FEYE-2021-0002

FEYE-2021-0003

FEYE-2021-0004

FEYE-2021-0005

FEYE-2021-0006

FEYE-2021-0007

FEYE-2021-0008

FEYE-2021-0009

FEYE-2021-0010

FEYE-2021-0011

FEYE-2021-0012

FEYE-2021-0013

FEYE-2021-0014

FEYE-2021-0015

FEYE-2021-0016

FEYE-2021-0017

FEYE-2021-0018

FEYE-2021-0019

FEYE-2021-0020

FEYE-2021-0021

FEYE-2021-0022

FEYE-2021-0023

FEYE-2021-0024

FEYE-2021-0025

MNDT-2021-0001

MNDT-2021-0002

MNDT-2021-0003

MNDT-2021-0004

MNDT-2021-0005

MNDT-2021-0006

MNDT-2021-0007

MNDT-2021-0008

MNDT-2021-0009

MNDT-2021-0010

MNDT-2021-0011

MNDT-2021-0012

README.md

**README.md**

**Mandiant Vulnerability Disclosures**

This repository details vulnerabilities disclosed by Mandiant. These vulnerabilities were discovered by internal research, through Red Team assessments, or in use in the wild. Proof of concepts (PoCs) may or may not be provided.

**About**

No description, website, or topics provided.

**Resources**

Readme

**Stars**

**117** stars

**Watchers**

**23** watching

**Forks**

**41** forks

**Releases**

No releases published

**Packages**

No packages published  

**Contributors 3**

**Languages**

*   C++ 100.0%

CVE-2021-33615: GitHub - mandiant/Vulnerability-Disclosures

An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.

**system info**

Ubuntu x86\_64, clang 6.0, swfdump (latest master a9d5082)

**Command line**

./src/swfdump -D @@

**AddressSanitizer output**

\==28613==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000efdf at pc 0x00000047238d bp 0x7fffffffdbe0 sp 0x7fffffffdbd0  
READ of size 1 at 0x60300000efdf thread T0  
#0 0x47238c in swf\_GetBits /test/swftools-asan/lib/rfxswf.c:213  
#1 0x4346cc in swf\_GetSimpleShape modules/swfshape.c:66  
#2 0x443fbc in swf\_FontExtract\_DefineFont modules/swftext.c:163  
#3 0x44a096 in swf\_FontExtract modules/swftext.c:597  
#4 0x40c2dc in fontcallback2 /test/swftools-asan/src/swfdump.c:941  
#5 0x4433c6 in swf\_FontEnumerate modules/swftext.c:133  
#6 0x409208 in main /test/swftools-asan/src/swfdump.c:1296  
#7 0x7ffff68a683f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)  
#8 0x40c168 in \_start (/test/swftools-asan/src/swfdump+0x40c168)

0x60300000efdf is located 1 bytes to the left of 22-byte region \[0x60300000efe0,0x60300000eff6)  
allocated by thread T0 here:  
#0 0x7ffff6f02602 in malloc (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x98602)  
#1 0x532fa7 in rfx\_alloc /test/swftools-asan/lib/mem.c:30  
#2 0x541396 (/test/swftools-asan/src/swfdump+0x541396)

SUMMARY: AddressSanitizer: heap-buffer-overflow /test/swftools-asan/lib/rfxswf.c:213 swf\_GetBits  
Shadow bytes around the buggy address:  
0x0c067fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
\=>0x0c067fff9df0: fa fa fa fa fa fa fd fd fd fd fa\[fa\]00 00 06 fa  
0x0c067fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c067fff9e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
Addressable: 00  
Partially addressable: 01 02 03 04 05 06 07  
Heap left redzone: fa  
Heap right redzone: fb  
Freed heap region: fd  
Stack left redzone: f1  
Stack mid redzone: f2  
Stack right redzone: f3  
Stack partial redzone: f4  
Stack after return: f5  
Stack use after scope: f8  
Global redzone: f9  
Global init order: f6  
Poisoned by user: f7  
Container overflow: fc  
Array cookie: ac  
Intra object redzone: bb  
ASan internal: fe  
\==28613==ABORTING

POC  
swf\_GetBits\_bof\_poc

CVE-2021-42204: heap-buffer-overflow exists in the function swf_GetBits in rfxswf.c · Issue #169 · matthiaskramm/swftools

An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.

**system info**

Ubuntu x86\_64, clang 6.0, swfdump (latest master a9d5082)

**Command line**

./src/swfdump -D @@

**AddressSanitizer output**

\==25679==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600000d6a0 at pc 0x00000044059d bp 0x7fffffffd270 sp 0x7fffffffd260  
WRITE of size 2 at 0x60600000d6a0 thread T0  
#0 0x44059c in swf\_FontExtract\_DefineTextCallback modules/swftext.c:508  
#1 0x449c46 in swf\_FontExtract\_DefineText modules/swftext.c:532  
#2 0x44a355 in swf\_FontExtract modules/swftext.c:617  
#3 0x40c2dc in fontcallback2 /test/swftools-asan/src/swfdump.c:941  
#4 0x4433c6 in swf\_FontEnumerate modules/swftext.c:133  
#5 0x409208 in main /test/swftools-asan/src/swfdump.c:1296  
#6 0x7ffff68a683f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)  
#7 0x40c168 in \_start (/test/swftools-asan/src/swfdump+0x40c168)

0x60600000d6a0 is located 0 bytes inside of 56-byte region \[0x60600000d6a0,0x60600000d6d8)  
freed by thread T0 here:  
#0 0x7ffff6f022ca in \_\_interceptor\_free (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x982ca)  
#1 0x47db2c in swf\_ReadTag /test/swftools-asan/lib/rfxswf.c:1234  
#2 0x541396 (/test/swftools-asan/src/swfdump+0x541396)

previously allocated by thread T0 here:  
#0 0x7ffff6f0279a in \_\_interceptor\_calloc (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x9879a)  
#1 0x53318c in rfx\_calloc /test/swftools-asan/lib/mem.c:69  
#2 0x541396 (/test/swftools-asan/src/swfdump+0x541396)

SUMMARY: AddressSanitizer: heap-use-after-free modules/swftext.c:508 swf\_FontExtract\_DefineTextCallback  
Shadow bytes around the buggy address:  
0x0c0c7fff9a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c0c7fff9a90: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 fa  
0x0c0c7fff9aa0: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa  
0x0c0c7fff9ab0: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00  
0x0c0c7fff9ac0: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00  
\=>0x0c0c7fff9ad0: fa fa fa fa\[fd\]fd fd fd fd fd fd fa fa fa fa fa  
0x0c0c7fff9ae0: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00  
0x0c0c7fff9af0: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 fa  
0x0c0c7fff9b00: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa  
0x0c0c7fff9b10: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00  
0x0c0c7fff9b20: 00 00 00 04 fa fa fa fa 00 00 00 00 00 00 00 fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
Addressable: 00  
Partially addressable: 01 02 03 04 05 06 07  
Heap left redzone: fa  
Heap right redzone: fb  
Freed heap region: fd  
Stack left redzone: f1  
Stack mid redzone: f2  
Stack right redzone: f3  
Stack partial redzone: f4  
Stack after return: f5  
Stack use after scope: f8  
Global redzone: f9  
Global init order: f6  
Poisoned by user: f7  
Container overflow: fc  
Array cookie: ac  
Intra object redzone: bb  
ASan internal: fe  
\==25679==ABORTING

POC  
swf\_FontExtract\_DefineTextCallback\_uaf\_poc

CVE-2021-42203: heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback in swftext.c · Issue #176 · matthiaskramm/swftools

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.

**system info**

Ubuntu x86\_64, clang 6.0, swfdump (latest master a9d5082)

**Command line**

./src/swfdump -D @@

**AddressSanitizer output**

\==47344==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x000000488d17 bp 0x000000000000 sp 0x7fffffffdd20 T0)  
#0 0x488d16 in traits\_parse as3/abc.c:482  
#1 0x495d41 in swf\_ReadABC as3/abc.c:946  
#2 0x409045 in main /test/swftools-asan/src/swfdump.c:1577  
#3 0x7ffff68a683f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)  
#4 0x40c168 in \_start (/test/swftools-asan/src/swfdump+0x40c168)

AddressSanitizer can not provide additional info.  
SUMMARY: AddressSanitizer: SEGV as3/abc.c:482 traits\_parse  
\==47344==ABORTING

POC  
traits\_parse\_poc

CVE-2021-42196: A NULL pointer dereference exists in the function traits_parse  in abc.c · Issue #172 · matthiaskramm/swftools

An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.

**system info**

Ubuntu x86\_64, clang 6.0, swfdump (latest master a9d5082)

**Command line**

./src/swfdump -D @@

**AddressSanitizer output**

\==43305==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 63245 byte(s) in 2 object(s) allocated from:  
#0 0x7ffff6f02602 in malloc (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x98602)  
#1 0x532fa7 in rfx\_alloc /test/swftools-asan/lib/mem.c:30  
#2 0x7fffffffe2bf ()

Indirect leak of 144 byte(s) in 3 object(s) allocated from:  
#0 0x7ffff6f0279a in \_\_interceptor\_calloc (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x9879a)  
#1 0x53318c in rfx\_calloc /test/swftools-asan/lib/mem.c:69  
#2 0x7fffffffe2bf ()

SUMMARY: AddressSanitizer: 63389 byte(s) leaked in 5 allocation(s).

POC  
memory\_leaks\_poc

CVE-2021-42197: memory leaks in swftools when we use swfdump · Issue #177 · matthiaskramm/swftools

An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.

**system info**

Ubuntu x86\_64, clang 6.0, swfdump (latest master a9d5082)

**Command line**

./src/swfdump -D @@

**AddressSanitizer output**

\==29246==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61600000ffa0 at pc 0x00000044059d bp 0x7fffffffd270 sp 0x7fffffffd260  
WRITE of size 2 at 0x61600000ffa0 thread T0  
#0 0x44059c in swf\_FontExtract\_DefineTextCallback modules/swftext.c:508  
#1 0x449c46 in swf\_FontExtract\_DefineText modules/swftext.c:532  
#2 0x44a355 in swf\_FontExtract modules/swftext.c:617  
#3 0x40c2dc in fontcallback2 /test/swftools-asan/src/swfdump.c:941  
#4 0x4433c6 in swf\_FontEnumerate modules/swftext.c:133  
#5 0x409208 in main /test/swftools-asan/src/swfdump.c:1296  
#6 0x7ffff68a683f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)  
#7 0x40c168 in \_start (/test/swftools-asan/src/swfdump+0x40c168)

AddressSanitizer can not describe address in more detail (wild memory access suspected).  
SUMMARY: AddressSanitizer: heap-buffer-overflow modules/swftext.c:508 swf\_FontExtract\_DefineTextCallback  
Shadow bytes around the buggy address:  
0x0c2c7fff9fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0c2c7fff9fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0c2c7fff9fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0c2c7fff9fd0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa  
0x0c2c7fff9fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
\=>0x0c2c7fff9ff0: fa fa fa fa\[fa\]fa fa fa fa fa fa fa fa fa fa fa  
0x0c2c7fffa000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c2c7fffa010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c2c7fffa020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c2c7fffa030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c2c7fffa040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
Addressable: 00  
Partially addressable: 01 02 03 04 05 06 07  
Heap left redzone: fa  
Heap right redzone: fb  
Freed heap region: fd  
Stack left redzone: f1  
Stack mid redzone: f2  
Stack right redzone: f3  
Stack partial redzone: f4  
Stack after return: f5  
Stack use after scope: f8  
Global redzone: f9  
Global init order: f6  
Poisoned by user: f7  
Container overflow: fc  
Array cookie: ac  
Intra object redzone: bb  
ASan internal: fe  
\==29246==ABORTING  
POC  
swf\_FontExtract\_DefineTextCallback\_poc

CVE-2021-42199: heap-buffer-overflow exists in the function swf_FontExtract_DefineTextCallback  in swftext.c · Issue #173 · matthiaskramm/swftools

An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.

**system info**

Ubuntu x86\_64, clang 6.0, swfdump (latest master a9d5082)

**Command line**

./src/swfdump -D @@

**AddressSanitizer output**

\==8687==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000aff8 at pc 0x000000473b4e bp 0x7fffffffdc10 sp 0x7fffffffdc00  
READ of size 8 at 0x60b00000aff8 thread T0  
#0 0x473b4d in swf\_GetD64 /test/swftools-asan/lib/rfxswf.c:520  
#1 0x4a7851 in pool\_read as3/pool.c:1119  
#2 0x4935ec in swf\_ReadABC as3/abc.c:748  
#3 0x409045 in main /test/swftools-asan/src/swfdump.c:1577  
#4 0x7ffff68a683f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)  
#5 0x40c168 in \_start (/test/swftools-asan/src/swfdump+0x40c168)

0x60b00000affd is located 0 bytes to the right of 109-byte region \[0x60b00000af90,0x60b00000affd)  
allocated by thread T0 here:  
#0 0x7ffff6f02602 in malloc (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x98602)  
#1 0x532fa7 in rfx\_alloc /test/swftools-asan/lib/mem.c:30  
#2 0x541396 (/test/swftools-asan/src/swfdump+0x541396)

SUMMARY: AddressSanitizer: heap-buffer-overflow /test/swftools-asan/lib/rfxswf.c:520 swf\_GetD64  
Shadow bytes around the buggy address:  
0x0c167fff95a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff95b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff95c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff95d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff95e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
\=>0x0c167fff95f0: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00\[05\]  
0x0c167fff9600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff9610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff9620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff9630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c167fff9640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
Addressable: 00  
Partially addressable: 01 02 03 04 05 06 07  
Heap left redzone: fa  
Heap right redzone: fb  
Freed heap region: fd  
Stack left redzone: f1  
Stack mid redzone: f2  
Stack right redzone: f3  
Stack partial redzone: f4  
Stack after return: f5  
Stack use after scope: f8  
Global redzone: f9  
Global init order: f6  
Poisoned by user: f7  
Container overflow: fc  
Array cookie: ac  
Intra object redzone: bb  
ASan internal: fe  
\==8687==ABORTING

POC  
swf\_GetD64\_poc

CVE-2021-42201: heap-buffer-overflow exists in the function swf_GetD64 in rfxswf.c · Issue #175 · matthiaskramm/swftools

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.

**system info**

Ubuntu x86\_64, clang 6.0, swfdump (latest master a9d5082)

**Command line**

./src/swfdump -D @@

**AddressSanitizer output**

\==41593==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000471fac bp 0x0ffffed896e0 sp 0x7fffffffdd30 T0)  
#0 0x471fab in swf\_GetBits /test/swftools-asan/lib/rfxswf.c:213  
#1 0x478bf8 in swf\_GetMatrix /test/swftools-asan/lib/rfxswf.c:867  
#2 0x414975 in handlePlaceObject /test/swftools-asan/src/swfdump.c:831  
#3 0x409acd in main /test/swftools-asan/src/swfdump.c:1604  
#4 0x7ffff68a683f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2083f)  
#5 0x40c168 in \_start (/test/swftools-asan/src/swfdump+0x40c168)

AddressSanitizer can not provide additional info.  
SUMMARY: AddressSanitizer: SEGV /test/swftools-asan/lib/rfxswf.c:213 swf\_GetBits  
\==41593==ABORTING

POC  
swf\_GetBits\_null\_poc

Tag

#c++