Description

Multiple use-of-uninitialized-memory (UUM) issues found while testing this project. The errors occur in:

• .dwg_free_LAYER_INDEX_private() in dwg.spec:5577
• strcmp()' from dwg_version_hdr_type2()`
• dwg_free_LAYER_INDEX_private() in dwg.spec:5578
• in_postprocess_SEQEND()
• strcmp()' from dwg_version_hdr_type2()`Error number 2 and number 5 seem to be related by looking at the error site, but analysis of internal logs hinted that they might be different, so we reported both of them.

Reproduce

In the attached archive you will find the ASan log and the testcases to reproduce the errors. Also, you will find and a compiled version of your fuzzing harness, compiled with clang 20.1 and AFL++ 4.32.

These errors require a memory safety tool like valgrind to be detected. To reproduce the errors use a command like the following: valgrind --expensive-definedness-checks=yes ./llvmfuzz_afl uninitialized/5/testcase. The --expensive-definedness-checks=yes flag on valgrind ensures that you have an accurate report in case of UUM errors, and is not enabled by default on older version of valgrind (e.g., the default one for ubuntu 20.04).