When load the poc file with gdb . I got that It call CopyData function to copy file data to memory buf. But the ap->buf + ap->cur is out of memory , it could lead crash
pwndbg> list
128 }
129
130 static void
131 CopyData(Parser_t *ap, unsigned char * to, size_t size)
132 {
133 memcpy(to, ap->buf + ap->cur, size);
134 ap->cur += size;
135 return;
136 }
137
pwndbg> p/x ap->buf + ap->cur
$6 = 0x3f05320
pwndbg> x/xg 0x3f05320
0x3f05320: Cannot access memory at address 0x3f05320
pwndbg> bt
#0 CopyData (ap=0x3eed9f0, to=0x3eedc00 "", size=572) at AxmlParser.c:133
#1 0x0000000000429d20 in ParseStringChunk (ap=0x3eed9f0) at AxmlParser.c:252
#2 0x0000000000429508 in AxmlOpen (buffer=0x3ee5280 "\003", size=1868) at AxmlParser.c:329
#3 0x000000000042c1a8 in AxmlToXml (outbuf=0x7fffffffe3b0, outsize=0x7fffffffe3a8, inbuf=0x3ee5280 "\003", insize=1868) at AxmlParser.c:900
#4 0x000000000042de66 in main (argc=2, argv=0x7fffffffe4c8) at main.c:68
#5 0x00007ffff6ee5830 in __libc_start_main (main=0x42da80 <main>, argc=2, argv=0x7fffffffe4c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe4b8) at ../csu/libc-start.c:291
#6 0x0000000000403e69 in _start ()
pwndbg>
https://gitee.com/hac425/fuzz_data/blob/master/axml_binary_pocs.rar
When load the poc file with gdb . I got that It call
CopyDatafunction to copy file data to memory buf. But theap->buf + ap->curis out of memory , it could lead crashThe poc and the binary