BugId AVR:NULL+4 5d0.cfb @ acrord32.exe!acrord32.dll+0x6051E5 summary

BugId:	AVR:NULL+4 5d0.cfb
Location:	acrord32.exe!acrord32.dll+0x6051E5
Description:	An Access Violation exception happened at 0x4 while attempting to read memory at 0x4 using a NULL pointer.
Version:	AcroRd32.exe: 18.11.20040.19174 (x86) AcroRd32.dll: 18.11.20040.19174 (x86)
Security impact:	Denial of Service
Arguments:	['/n', 'AVR@NULL@0x6051E5.pdf']

BugId version 2018-11-21 19:42 by SkyLined. Licensed to netanelbs for commercial use.

Stack

AcroRd32.dll + 0x6051E5 (id: 5d0, no function symbol available)
AcroRd32.dll + 0x612C1B (id: cfb, no function symbol available)
AcroRd32.dll + 0x6055FA (no function symbol available)
AcroRd32.dll + 0x601887 (no function symbol available)
AcroRd32.dll + 0x5F8311 (no function symbol available)
AcroRd32.dll + 0x5EC789 (no function symbol available)
AcroRd32.dll + 0xB753A (no function symbol available)
AcroRd32.dll + 0xB744E (no function symbol available)
AcroRd32.dll + 0x466522 (no function symbol available)
AcroRd32.dll + 0x1DF2C2 (no function symbol available)
AcroRd32.dll + 0x1DE7F2 (no function symbol available)
AcroRd32.dll + 0x1DE6DB (no function symbol available)
AcroRd32.dll + 0x1DD60F (no function symbol available)
AcroRd32.dll + 0x1DAAAF (no function symbol available)
AcroRd32.dll + 0x1DA737 (no function symbol available)
AcroRd32.dll + 0x1C4A50 (no function symbol available)
AcroRd32.dll + 0x1C2E10 (no function symbol available)
AcroRd32.dll + 0x1B3D33 (no function symbol available)
AcroRd32.dll + 0x1B349A (no function symbol available)
AcroRd32.dll + 0x1B111C (no function symbol available)
AcroRd32.dll + 0x1B0B87 (no function symbol available)
AcroRd32.dll + 0x1B0AF0 (no function symbol available)
AcroRd32.dll + 0x1B00CC (no function symbol available)
AcroRd32.dll + 0x1AEC8C (no function symbol available)
AcroRd32.dll + 0x1AD56A (no function symbol available)
AcroRd32.dll + 0x1AB722 (no function symbol available)
AcroRd32.dll + 0x1AB4E5 (no function symbol available)
AcroRd32.dll + 0x1AA3D3 (no function symbol available)
AcroRd32.dll + 0x1A9F0A (no function symbol available)
AcroRd32.dll + 0x1A9D10 (no function symbol available)
AcroRd32.dll + 0x1A9AF3 (no function symbol available)
AcroRd32.dll + 0x7F188 (no function symbol available)
AcroRd32.dll + 0x7EFF6 (no function symbol available)
USER32.dll!_InternalCallWinProc + 0x2B
USER32.dll!UserCallWinProcCheckWow + 0x3AA
USER32.dll!DispatchClientMessage + 0xEA
USER32.dll!__fnDWORD + 0x49
ntdll.dll!KiUserCallbackDispatcher + 0x4D
USER32.dll!DispatchMessageWorker + 0x31A
USER32.dll!DispatchMessageW + 0x10
AcroRd32.dll + 0x8D9EF (no function symbol available)
AcroRd32.dll + 0x8D7FB (no function symbol available)
AcroRd32.dll + 0x2A871 (no function symbol available)
AcroRd32.dll + 0x2A14E (no function symbol available)
AcroRd32.exe + 0x7435 (no function symbol available)
AcroRd32.exe + 0xF9CF1 (no function symbol available)
KERNEL32.DLL!BaseThreadInitThunk + 0x24
ntdll.dll!__RtlUserThreadStart + 0x2F
ntdll.dll!_RtlUserThreadStart + 0x1B

⇓ click on the title of a section to open or close it.

Registers

eax = 0x1	xmm0 = 0x0
ebx = 0x0	xmm1 = 0x0
ecx = 0x0	xmm2 = 0x0
edx = 0x0	xmm3 = 0x0
esi = 0x0	xmm4 = 0x0
edi = 0x0	xmm5 = 0x0
esp = 0xDEC090	xmm6 = 0x0
ebp = 0xDEC094	xmm7 = 0x0

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 1 at AcroRd32.dll + 0x6051E5

5ee05134	7285	jb AcroRd32!CTJPEGRect::operator=+0x509a (5ee050bb)
5ee05136	8b4dc4	mov ecx,dword ptr [ebp-3Ch]
5ee05139	46	inc esi
5ee0513a	83c104	add ecx,4
5ee0513d	894dc4	mov dword ptr [ebp-3Ch],ecx
5ee05140	3b7778	cmp esi,dword ptr [edi+78h]
5ee05143	0f826cffffff	jb AcroRd32!CTJPEGRect::operator=+0x5094 (5ee050b5)
5ee05149	8b5dbc	mov ebx,dword ptr [ebp-44h]
5ee0514c	807f0414	cmp byte ptr [edi+4],14h
5ee05150	742e	je AcroRd32!CTJPEGRect::operator=+0x515f (5ee05180)
5ee05152	8b4764	mov eax,dword ptr [edi+64h]
5ee05155	33c9	xor ecx,ecx
5ee05157	6639485e	cmp word ptr [eax+5Eh],cx
5ee0515b	8b4f60	mov ecx,dword ptr [edi+60h]
5ee0515e	7406	je AcroRd32!CTJPEGRect::operator=+0x5145 (5ee05166)
5ee05160	0fb64754	movzx eax,byte ptr [edi+54h]
5ee05164	eb04	jmp AcroRd32!CTJPEGRect::operator=+0x5149 (5ee0516a)
5ee05166	0fb6405a	movzx eax,byte ptr [eax+5Ah]
5ee0516a	50	push eax
5ee0516b	ff7750	push dword ptr [edi+50h]
5ee0516e	ff774c	push dword ptr [edi+4Ch]
5ee05171	ff775c	push dword ptr [edi+5Ch]
5ee05174	e8ee1e0000	call AcroRd32!CTJPEGRect::operator=+0x7046 (5ee07067)
5ee05179	8bcf	mov ecx,edi
5ee0517b	e82fe4feff	call AcroRd32!AX_PDXlateToHostEx+0x25e381 (5edf35af)
5ee05180	ff33	push dword ptr [ebx]
5ee05182	e897aaa2ff	call AcroRd32!AcroWinMainSandbox+0x5c9a (5e82fc1e)
5ee05187	33c0	xor eax,eax
5ee05189	53	push ebx
5ee0518a	8903	mov dword ptr [ebx],eax
5ee0518c	e88daaa2ff	call AcroRd32!AcroWinMainSandbox+0x5c9a (5e82fc1e)
5ee05191	8b5db8	mov ebx,dword ptr [ebp-48h]
5ee05194	59	pop ecx
5ee05195	59	pop ecx
5ee05196	85db	test ebx,ebx
5ee05198	7410	je AcroRd32!CTJPEGRect::operator=+0x5189 (5ee051aa)
5ee0519a	8b75b0	mov esi,dword ptr [ebp-50h]
5ee0519d	8bce	mov ecx,esi
5ee0519f	e8afe9ffff	call AcroRd32!CTJPEGRect::operator=+0x3b32 (5ee03b53)
5ee051a4	83c634	add esi,34h
5ee051a7	4b	dec ebx
5ee051a8	75f3	jne AcroRd32!CTJPEGRect::operator=+0x517c (5ee0519d)
5ee051aa	ff75b0	push dword ptr [ebp-50h]
5ee051ad	e86caaa2ff	call AcroRd32!AcroWinMainSandbox+0x5c9a (5e82fc1e)
5ee051b2	59	pop ecx
5ee051b3	33c0	xor eax,eax
5ee051b5	eb1b	jmp AcroRd32!CTJPEGRect::operator=+0x51b1 (5ee051d2)
5ee051b7	834dfcff	or dword ptr [ebp-4],0FFFFFFFFh
5ee051bb	8d8d74ffffff	lea ecx,[ebp-8Ch]
5ee051c1	e82ecb0000	call AcroRd32!CTJPEGRect::operator=+0x11cd3 (5ee11cf4)
5ee051c6	e901fdffff	jmp AcroRd32!CTJPEGRect::operator=+0x4eab (5ee04ecc)
5ee051cb	6a06	push 6
5ee051cd	eb02	jmp AcroRd32!CTJPEGRect::operator=+0x51b0 (5ee051d1)
5ee051cf	6a0d	push 0Dh
5ee051d1	58	pop eax
5ee051d2	e85220a2ff	call AcroRd32!AIDE::PixelPartInfo::~PixelPartInfo+0x26229 (5e827229)
5ee051d7	c3	ret
5ee051d8	55	push ebp
5ee051d9	8bec	mov ebp,esp
5ee051db	8b4508	mov eax,dword ptr [ebp+8]
5ee051de	56	push esi
5ee051df	8bf1	mov esi,ecx
5ee051e1	85c0	test eax,eax
5ee051e3	7833	js AcroRd32!CTJPEGRect::operator=+0x51f7 (5ee05218)
5ee051e5	3b4604	cmp eax,dword ptr [esi+4] // current instruction
5ee051e8	7d2e	jge AcroRd32!CTJPEGRect::operator=+0x51f7 (5ee05218)
5ee051ea	8b550c	mov edx,dword ptr [ebp+0Ch]
5ee051ed	85d2	test edx,edx
5ee051ef	7827	js AcroRd32!CTJPEGRect::operator=+0x51f7 (5ee05218)
5ee051f1	3b16	cmp edx,dword ptr [esi]
5ee051f3	7d23	jge AcroRd32!CTJPEGRect::operator=+0x51f7 (5ee05218)
5ee051f5	8b4e24	mov ecx,dword ptr [esi+24h]
5ee051f8	0fafc8	imul ecx,eax
5ee051fb	8bc2	mov eax,edx
5ee051fd	c1f803	sar eax,3
5ee05200	83e207	and edx,7
5ee05203	03c8	add ecx,eax
5ee05205	8b4610	mov eax,dword ptr [esi+10h]
5ee05208	8a0401	mov al,byte ptr [ecx+eax]
5ee0520b	848298a4715f	test byte ptr AcroRd32!PDMediaQuerySetMediaType+0x1e06f8 (5f71a498)[edx],al
5ee05211	7405	je AcroRd32!CTJPEGRect::operator=+0x51f7 (5ee05218)
5ee05213	33c0	xor eax,eax
5ee05215	40	inc eax
5ee05216	eb02	jmp AcroRd32!CTJPEGRect::operator=+0x51f9 (5ee0521a)
5ee05218	33c0	xor eax,eax
5ee0521a	5e	pop esi
5ee0521b	5d	pop ebp
5ee0521c	c20800	ret 8
5ee0521f	56	push esi
5ee05220	8bf1	mov esi,ecx
5ee05222	e8cf150100	call AcroRd32!CTJPEGRect::operator=+0x167d5 (5ee167f6)
5ee05227	85c0	test eax,eax
5ee05229	0f85a9000000	jne AcroRd32!CTJPEGRect::operator=+0x52b7 (5ee052d8)
5ee0522f	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee05232	e87ce2feff	call AcroRd32!AX_PDXlateToHostEx+0x25e285 (5edf34b3)
5ee05237	8ad0	mov dl,al
5ee05239	f6c201	test dl,1
5ee0523c	6a04	push 4
5ee0523e	0f97c1	seta cl
5ee05241	0fb6c9	movzx ecx,cl
5ee05244	66894e68	mov word ptr [esi+68h],cx
5ee05248	8aca	mov cl,dl
5ee0524a	d0e9	shr cl,1
5ee0524c	80e103	and cl,3
5ee0524f	f6c208	test dl,8
5ee05252	884e6a	mov byte ptr [esi+6Ah],cl
5ee05255	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee05258	0f97c0	seta al
5ee0525b	0fb6c0	movzx eax,al
5ee0525e	6689466c	mov word ptr [esi+6Ch],ax
5ee05262	8ac2	mov al,dl
5ee05264	c0e804	shr al,4
5ee05267	2407	and al,7
5ee05269	f6c280	test dl,80h

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 2 at AcroRd32.dll + 0x612C1B

5ee12b60	7516	jne AcroRd32!CTJPEGRect::operator=+0x12b57 (5ee12b78)
5ee12b62	e88553fdff	call AcroRd32!AX_PDXlateToHostEx+0x252cbe (5ede7eec)
5ee12b67	68e8e8685f	push offset AcroRd32!PDMediaQuerySetMediaType+0x154b48 (5f68e8e8)
5ee12b6c	6aff	push 0FFFFFFFFh
5ee12b6e	e8de97b5ff	call AcroRd32!PDMediaQueriesGetCosObj+0x4731 (5e96c351)
5ee12b73	59	pop ecx
5ee12b74	59	pop ecx
5ee12b75	8b4d08	mov ecx,dword ptr [ebp+8]
5ee12b78	33d2	xor edx,edx
5ee12b7a	8955f4	mov dword ptr [ebp-0Ch],edx
5ee12b7d	8bda	mov ebx,edx
5ee12b7f	8955fc	mov dword ptr [ebp-4],edx
5ee12b82	8955e4	mov dword ptr [ebp-1Ch],edx
5ee12b85	85c9	test ecx,ecx
5ee12b87	740a	je AcroRd32!CTJPEGRect::operator=+0x12b72 (5ee12b93)
5ee12b89	8b5918	mov ebx,dword ptr [ecx+18h]
5ee12b8c	895de4	mov dword ptr [ebp-1Ch],ebx
5ee12b8f	85db	test ebx,ebx
5ee12b91	7518	jne AcroRd32!CTJPEGRect::operator=+0x12b8a (5ee12bab)
5ee12b93	e85453fdff	call AcroRd32!AX_PDXlateToHostEx+0x252cbe (5ede7eec)
5ee12b98	68e8e8685f	push offset AcroRd32!PDMediaQuerySetMediaType+0x154b48 (5f68e8e8)
5ee12b9d	6aff	push 0FFFFFFFFh
5ee12b9f	e8ad97b5ff	call AcroRd32!PDMediaQueriesGetCosObj+0x4731 (5e96c351)
5ee12ba4	59	pop ecx
5ee12ba5	59	pop ecx
5ee12ba6	8b4d08	mov ecx,dword ptr [ebp+8]
5ee12ba9	33d2	xor edx,edx
5ee12bab	8b4710	mov eax,dword ptr [edi+10h]
5ee12bae	8945f8	mov dword ptr [ebp-8],eax
5ee12bb1	8945dc	mov dword ptr [ebp-24h],eax
5ee12bb4	33c0	xor eax,eax
5ee12bb6	8955e8	mov dword ptr [ebp-18h],edx
5ee12bb9	8955ec	mov dword ptr [ebp-14h],edx
5ee12bbc	394604	cmp dword ptr [esi+4],eax
5ee12bbf	0f86ce020000	jbe AcroRd32!CTJPEGRect::operator=+0x12e72 (5ee12e93)
5ee12bc5	c745d880000000	mov dword ptr [ebp-28h],80h
5ee12bcc	66394618	cmp word ptr [esi+18h],ax
5ee12bd0	741d	je AcroRd32!CTJPEGRect::operator=+0x12bce (5ee12bef)
5ee12bd2	8b4304	mov eax,dword ptr [ebx+4]
5ee12bd5	0345d8	add eax,dword ptr [ebp-28h]
5ee12bd8	50	push eax
5ee12bd9	8b03	mov eax,dword ptr [ebx]
5ee12bdb	0345d8	add eax,dword ptr [ebp-28h]
5ee12bde	50	push eax
5ee12bdf	e881f4ffff	call AcroRd32!CTJPEGRect::operator=+0x12044 (5ee12065)
5ee12be4	8b55ec	mov edx,dword ptr [ebp-14h]
5ee12be7	0fb7c0	movzx eax,ax
5ee12bea	3145e8	xor dword ptr [ebp-18h],eax
5ee12bed	33c0	xor eax,eax
5ee12bef	833e00	cmp dword ptr [esi],0
5ee12bf2	8945f0	mov dword ptr [ebp-10h],eax
5ee12bf5	0f8671020000	jbe AcroRd32!CTJPEGRect::operator=+0x12e4b (5ee12e6c)
5ee12bfb	8b4d0c	mov ecx,dword ptr [ebp+0Ch]
5ee12bfe	8bf8	mov edi,eax
5ee12c00	2b7e10	sub edi,dword ptr [esi+10h]
5ee12c03	8bda	mov ebx,edx
5ee12c05	2b5e14	sub ebx,dword ptr [esi+14h]
5ee12c08	897de0	mov dword ptr [ebp-20h],edi
5ee12c0b	8b490c	mov ecx,dword ptr [ecx+0Ch]
5ee12c0e	8d4701	lea eax,[edi+1]
5ee12c11	50	push eax
5ee12c12	8d7301	lea esi,[ebx+1]
5ee12c15	56	push esi
5ee12c16	e8bd25ffff	call AcroRd32!CTJPEGRect::operator=+0x51b7 (5ee051d8) // call
5ee12c1b	0fb7c0	movzx eax,ax // return address
5ee12c1e	50	push eax
5ee12c1f	8d45fc	lea eax,[ebp-4]
5ee12c22	6a04	push 4
5ee12c24	50	push eax
5ee12c25	e854330000	call AcroRd32!CTJPEGRect::operator=+0x15f5d (5ee15f7e)
5ee12c2a	8b450c	mov eax,dword ptr [ebp+0Ch]
5ee12c2d	83c40c	add esp,0Ch
5ee12c30	8b480c	mov ecx,dword ptr [eax+0Ch]
5ee12c33	57	push edi
5ee12c34	56	push esi
5ee12c35	e89e25ffff	call AcroRd32!CTJPEGRect::operator=+0x51b7 (5ee051d8)
5ee12c3a	0fb7c0	movzx eax,ax
5ee12c3d	50	push eax
5ee12c3e	8d45fc	lea eax,[ebp-4]
5ee12c41	6a05	push 5
5ee12c43	50	push eax
5ee12c44	e835330000	call AcroRd32!CTJPEGRect::operator=+0x15f5d (5ee15f7e)
5ee12c49	8b450c	mov eax,dword ptr [ebp+0Ch]
5ee12c4c	83c40c	add esp,0Ch
5ee12c4f	4f	dec edi
5ee12c50	8b480c	mov ecx,dword ptr [eax+0Ch]
5ee12c53	57	push edi
5ee12c54	56	push esi
5ee12c55	e87e25ffff	call AcroRd32!CTJPEGRect::operator=+0x51b7 (5ee051d8)
5ee12c5a	0fb7c0	movzx eax,ax
5ee12c5d	50	push eax
5ee12c5e	8d45fc	lea eax,[ebp-4]
5ee12c61	6a06	push 6
5ee12c63	50	push eax
5ee12c64	e815330000	call AcroRd32!CTJPEGRect::operator=+0x15f5d (5ee15f7e)
5ee12c69	8b75e0	mov esi,dword ptr [ebp-20h]
5ee12c6c	83c40c	add esp,0Ch
5ee12c6f	8d4601	lea eax,[esi+1]
5ee12c72	50	push eax
5ee12c73	8b450c	mov eax,dword ptr [ebp+0Ch]
5ee12c76	53	push ebx
5ee12c77	8b480c	mov ecx,dword ptr [eax+0Ch]
5ee12c7a	e85925ffff	call AcroRd32!CTJPEGRect::operator=+0x51b7 (5ee051d8)
5ee12c7f	0fb7c0	movzx eax,ax
5ee12c82	50	push eax
5ee12c83	8d45fc	lea eax,[ebp-4]
5ee12c86	6a07	push 7
5ee12c88	50	push eax
5ee12c89	e8f0320000	call AcroRd32!CTJPEGRect::operator=+0x15f5d (5ee15f7e)
5ee12c8e	83c40c	add esp,0Ch
5ee12c91	56	push esi
5ee12c92	8b750c	mov esi,dword ptr [ebp+0Ch]
5ee12c95	53	push ebx
5ee12c96	8b4e0c	mov ecx,dword ptr [esi+0Ch]

⇓ click on the title of a section to open or close it.

Binary information

AcroRd32.exe

Loaded symbol image file	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Image path	AcroRd32.exe
Image name	AcroRd32.exe
Timestamp	Fri May 11 00:19:40 2018 (5AF4C57C)
CheckSum	0022F148
ImageSize	00230000
File version	18.11.20040.19174
Product version	18.11.20040.19174
File flags	0 (Mask 3F)
File OS	50004 CE Win32
File type	1.0 App
File date	00000000.00000000
Translations	0409.04e4
CompanyName	Adobe Systems Incorporated
ProductName	Adobe Acrobat Reader DC
OriginalFilename	AcroRd32.exe
ProductVersion	18.11.20040.281318
FileVersion	18.11.20040.281318
FileDescription	Adobe Acrobat Reader DC
LegalCopyright	Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved.

AcroRd32.dll

Loaded symbol image file	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Image path	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Image name	AcroRd32.dll
Timestamp	Fri May 11 00:19:00 2018 (5AF4C554)
CheckSum	016EAE0A
ImageSize	01722000
File version	18.11.20040.19174
Product version	18.11.20040.19174
File flags	0 (Mask 3F)
File OS	50004 CE Win32
File type	2.0 Dll
File date	00000000.00000000
Translations	0409.04e4

⇓ click on the title of a section to open or close it.

Application and cdb output log

*** wait with pending attach
************* Path validation summary **************
Response Time (ms) Location
Deferred cache*
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred symsrv*symsrv.dll*C:\Windows\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: cache*;srv*http://msdl.microsoft.com/download/symbols;symsrv*symsrv.dll*C:\Windows\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Page heap: pid 0x47CC: page heap enabled with flags 0x3.
Page heap: pid 0x47CC: page heap enabled with flags 0x3.
(47cc.5170): Break instruction exception - code 80000003 (first chance)
Proxy object acquired for read by thread 20412.
Thread 20412 releasing Proxy object acquired for read.
(47cc.1994): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll -

⇓ click on the title of a section to open or close it.