BugId AVR:NULL+8 012.d32 @ acrord32.exe!acrord32.dll+0x604E6B summary

BugId:	AVR:NULL+8 012.d32
Location:	acrord32.exe!acrord32.dll+0x604E6B
Description:	An Access Violation exception happened at 0x8 while attempting to read memory at 0x8 using a NULL pointer.
Version:	AcroRd32.exe: 18.11.20035.2003 (x86) AcroRd32.dll: 18.11.20035.2003 (x86)
Security impact:	Denial of Service
Arguments:	['/n', 'AVR@NULL@0x48C205.pdf']

BugId version 2018-11-21 19:42 by SkyLined. Licensed to netanelbs for commercial use.

Stack

AcroRd32.dll + 0x604E6B (id: 012, no function symbol available)
AcroRd32.dll + 0x60347A (id: d32, no function symbol available)
AcroRd32.dll + 0x603163 (no function symbol available)
AcroRd32.dll + 0x5F9165 (no function symbol available)
AcroRd32.dll + 0x5ED588 (no function symbol available)
AcroRd32.dll + 0xB75F5 (no function symbol available)
AcroRd32.dll + 0xB7509 (no function symbol available)
AcroRd32.dll + 0x466849 (no function symbol available)
AcroRd32.dll + 0x1DF657 (no function symbol available)
AcroRd32.dll + 0x1DEB88 (no function symbol available)
AcroRd32.dll + 0x1DEA71 (no function symbol available)
AcroRd32.dll + 0x1DD949 (no function symbol available)
AcroRd32.dll + 0x1DADE9 (no function symbol available)
AcroRd32.dll + 0x1DAA51 (no function symbol available)
AcroRd32.dll + 0x1C4AB0 (no function symbol available)
AcroRd32.dll + 0x1C2E70 (no function symbol available)
AcroRd32.dll + 0x1B3D93 (no function symbol available)
AcroRd32.dll + 0x1B34FA (no function symbol available)
AcroRd32.dll + 0x1B117C (no function symbol available)
AcroRd32.dll + 0x1B0BE7 (no function symbol available)
AcroRd32.dll + 0x1B0B50 (no function symbol available)
AcroRd32.dll + 0x1B012C (no function symbol available)
AcroRd32.dll + 0x1AECEC (no function symbol available)
AcroRd32.dll + 0x1AD5CA (no function symbol available)
AcroRd32.dll + 0x1AB782 (no function symbol available)
AcroRd32.dll + 0x1AB545 (no function symbol available)
AcroRd32.dll + 0x1AA433 (no function symbol available)
AcroRd32.dll + 0x1A9F6A (no function symbol available)
AcroRd32.dll + 0x1A9D70 (no function symbol available)
AcroRd32.dll + 0x1A9B50 (no function symbol available)
AcroRd32.dll + 0x7F218 (no function symbol available)
AcroRd32.dll + 0x7F086 (no function symbol available)
USER32.dll!_InternalCallWinProc + 0x2B
USER32.dll!UserCallWinProcCheckWow + 0x3AA
USER32.dll!DispatchClientMessage + 0xEA
USER32.dll!__fnDWORD + 0x49
ntdll.dll!KiUserCallbackDispatcher + 0x4D
win32u.dll!NtUserDispatchMessage + 0xC
USER32.dll!DispatchMessageWorker + 0x31A
USER32.dll!DispatchMessageW + 0x10
AcroRd32.dll + 0x8DACF (no function symbol available)
AcroRd32.dll + 0x8D8DE (no function symbol available)
AcroRd32.dll + 0x2A8E1 (no function symbol available)
AcroRd32.dll + 0x2A1BE (no function symbol available)
AcroRd32.exe + 0x7435 (no function symbol available)
AcroRd32.exe + 0xF92A1 (no function symbol available)
KERNEL32.DLL!BaseThreadInitThunk + 0x24
ntdll.dll!__RtlUserThreadStart + 0x2F
ntdll.dll!_RtlUserThreadStart + 0x1B

⇓ click on the title of a section to open or close it.

Registers

eax = 0x1	xmm0 = 0x0
ebx = 0x5DC000	xmm1 = 0x0
ecx = 0x5DC000	xmm2 = 0x0
edx = 0x3BBC6FF8	xmm3 = 0x0
esi = 0x0	xmm4 = 0x0
edi = 0x0	xmm5 = 0x0
esp = 0x5DBF0C	xmm6 = 0x0
ebp = 0x5DBF18	xmm7 = 0x0

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 1 at AcroRd32.dll + 0x604E6B

5ee04dba	0fb6c0	movzx eax,al
5ee04dbd	66894654	mov word ptr [esi+54h],ax
5ee04dc1	6685d2	test dx,dx
5ee04dc4	753c	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x3d2e (5ee04e02)
5ee04dc6	385652	cmp byte ptr [esi+52h],dl
5ee04dc9	7521	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x3d18 (5ee04dec)
5ee04dcb	6a04	push 4
5ee04dcd	8d7e5c	lea edi,[esi+5Ch]
5ee04dd0	5b	pop ebx
5ee04dd1	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04dd4	e827f5feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04dd9	8847fc	mov byte ptr [edi-4],al
5ee04ddc	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04ddf	e81cf5feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04de4	8807	mov byte ptr [edi],al
5ee04de6	47	inc edi
5ee04de7	4b	dec ebx
5ee04de8	75e7	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x3cfd (5ee04dd1)
5ee04dea	eb16	jmp AcroRd32!CTJPEGTiledContentWriter::operator=+0x3d2e (5ee04e02)
5ee04dec	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04def	e80cf5feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04df4	884658	mov byte ptr [esi+58h],al
5ee04df7	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04dfa	e801f5feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04dff	88465c	mov byte ptr [esi+5Ch],al
5ee04e02	66837e4601	cmp word ptr [esi+46h],1
5ee04e07	7532	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x3d67 (5ee04e3b)
5ee04e09	66395e54	cmp word ptr [esi+54h],bx
5ee04e0d	752c	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x3d67 (5ee04e3b)
5ee04e0f	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04e12	e8e9f4feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04e17	884660	mov byte ptr [esi+60h],al
5ee04e1a	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04e1d	e8def4feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04e22	884662	mov byte ptr [esi+62h],al
5ee04e25	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04e28	e8d3f4feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04e2d	884661	mov byte ptr [esi+61h],al
5ee04e30	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04e33	e8c8f4feff	call AcroRd32!AX_PDXlateToHostEx+0x25ee47 (5edf4300)
5ee04e38	884663	mov byte ptr [esi+63h],al
5ee04e3b	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04e3e	6a04	push 4
5ee04e40	e8b0d1ffff	call AcroRd32!CTJPEGTiledContentWriter::operator=+0xf21 (5ee01ff5)
5ee04e45	8b4e2c	mov ecx,dword ptr [esi+2Ch]
5ee04e48	6a04	push 4
5ee04e4a	894664	mov dword ptr [esi+64h],eax
5ee04e4d	e8a3d1ffff	call AcroRd32!CTJPEGTiledContentWriter::operator=+0xf21 (5ee01ff5)
5ee04e52	5f	pop edi
5ee04e53	894668	mov dword ptr [esi+68h],eax
5ee04e56	33c0	xor eax,eax
5ee04e58	5e	pop esi
5ee04e59	5b	pop ebx
5ee04e5a	c3	ret
5ee04e5b	55	push ebp
5ee04e5c	8bec	mov ebp,esp
5ee04e5e	53	push ebx
5ee04e5f	56	push esi
5ee04e60	57	push edi
5ee04e61	8b7d08	mov edi,dword ptr [ebp+8]
5ee04e64	33c0	xor eax,eax
5ee04e66	8bd9	mov ebx,ecx
5ee04e68	40	inc eax
5ee04e69	33f6	xor esi,esi
5ee04e6b	8a4f08	mov cl,byte ptr [edi+8] // current instruction
5ee04e6e	d3e0	shl eax,cl
5ee04e70	85c0	test eax,eax
5ee04e72	7429	je AcroRd32!CTJPEGTiledContentWriter::operator=+0x3dc9 (5ee04e9d)
5ee04e74	8b4318	mov eax,dword ptr [ebx+18h]
5ee04e77	8b17	mov edx,dword ptr [edi]
5ee04e79	8b08	mov ecx,dword ptr [eax]
5ee04e7b	8a0416	mov al,byte ptr [esi+edx]
5ee04e7e	88040e	mov byte ptr [esi+ecx],al
5ee04e81	8b4318	mov eax,dword ptr [ebx+18h]
5ee04e84	8b5704	mov edx,dword ptr [edi+4]
5ee04e87	8b4804	mov ecx,dword ptr [eax+4]
5ee04e8a	8a0416	mov al,byte ptr [esi+edx]
5ee04e8d	88040e	mov byte ptr [esi+ecx],al
5ee04e90	33c0	xor eax,eax
5ee04e92	8a4f08	mov cl,byte ptr [edi+8]
5ee04e95	40	inc eax
5ee04e96	46	inc esi
5ee04e97	d3e0	shl eax,cl
5ee04e99	3bf0	cmp esi,eax
5ee04e9b	72d7	jb AcroRd32!CTJPEGTiledContentWriter::operator=+0x3da0 (5ee04e74)
5ee04e9d	5f	pop edi
5ee04e9e	5e	pop esi
5ee04e9f	5b	pop ebx
5ee04ea0	5d	pop ebp
5ee04ea1	c20400	ret 4
5ee04ea4	684c010000	push 14Ch
5ee04ea9	b88d8f5e5f	mov eax,offset AcroRd32!PDMediaQuerySetMediaType+0xafacd (5f5e8f8d)
5ee04eae	e8451da2ff	call AcroRd32!AIDE::PixelPartInfo::~PixelPartInfo+0x25bf8 (5e826bf8)
5ee04eb3	8bd9	mov ebx,ecx
5ee04eb5	899d14ffffff	mov dword ptr [ebp-0ECh],ebx
5ee04ebb	8b7d08	mov edi,dword ptr [ebp+8]
5ee04ebe	8b450c	mov eax,dword ptr [ebp+0Ch]
5ee04ec1	898510ffffff	mov dword ptr [ebp-0F0h],eax
5ee04ec7	6685ff	test di,di
5ee04eca	740c	je AcroRd32!CTJPEGTiledContentWriter::operator=+0x3e04 (5ee04ed8)
5ee04ecc	85c0	test eax,eax
5ee04ece	7508	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x3e04 (5ee04ed8)
5ee04ed0	6a0d	push 0Dh
5ee04ed2	58	pop eax
5ee04ed3	e992080000	jmp AcroRd32!CTJPEGTiledContentWriter::operator=+0x4696 (5ee0576a)
5ee04ed8	e819090000	call AcroRd32!CTJPEGTiledContentWriter::operator=+0x4722 (5ee057f6)
5ee04edd	8bf0	mov esi,eax
5ee04edf	89b51cffffff	mov dword ptr [ebp-0E4h],esi
5ee04ee5	85f6	test esi,esi
5ee04ee7	0f857d080000	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x4696 (5ee0576a)
5ee04eed	6a44	push 44h
5ee04eef	50	push eax
5ee04ef0	898528ffffff	mov dword ptr [ebp-0D8h],eax
5ee04ef6	89852cffffff	mov dword ptr [ebp-0D4h],eax

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 2 at AcroRd32.dll + 0x60347A

5ee0338d	888527feffff	mov byte ptr [ebp-1D9h],al
5ee03393	33c0	xor eax,eax
5ee03395	89850cfeffff	mov dword ptr [ebp-1F4h],eax
5ee0339b	66898520feffff	mov word ptr [ebp-1E0h],ax
5ee033a2	8b4368	mov eax,dword ptr [ebx+68h]
5ee033a5	03c2	add eax,edx
5ee033a7	66898de6fdffff	mov word ptr [ebp-21Ah],cx
5ee033ae	50	push eax
5ee033af	888df4fdffff	mov byte ptr [ebp-20Ch],cl
5ee033b5	888d16feffff	mov byte ptr [ebp-1EAh],cl
5ee033bb	888d1bfeffff	mov byte ptr [ebp-1E5h],cl
5ee033c1	888d1cfeffff	mov byte ptr [ebp-1E4h],cl
5ee033c7	888d1dfeffff	mov byte ptr [ebp-1E3h],cl
5ee033cd	888d1efeffff	mov byte ptr [ebp-1E2h],cl
5ee033d3	e8da180000	call AcroRd32!CTJPEGTiledContentWriter::operator=+0x3bde (5ee04cb2)
5ee033d8	59	pop ecx
5ee033d9	888504feffff	mov byte ptr [ebp-1FCh],al
5ee033df	8d8da8feffff	lea ecx,[ebp-158h]
5ee033e5	8b432c	mov eax,dword ptr [ebx+2Ch]
5ee033e8	8985bcfeffff	mov dword ptr [ebp-144h],eax
5ee033ee	e842fa0000	call AcroRd32!CTJPEGTiledContentWriter::operator=+0x11d61 (5ee12e35)
5ee033f3	6a10	push 10h
5ee033f5	8d8da8feffff	lea ecx,[ebp-158h]
5ee033fb	e87bf90000	call AcroRd32!CTJPEGTiledContentWriter::operator=+0x11ca7 (5ee12d7b)
5ee03400	85c0	test eax,eax
5ee03402	7421	je AcroRd32!CTJPEGTiledContentWriter::operator=+0x2351 (5ee03425)
5ee03404	33db	xor ebx,ebx
5ee03406	53	push ebx
5ee03407	50	push eax
5ee03408	e8b48fb6ff	call AcroRd32!PDMediaQueriesGetCosObj+0x4731 (5e96c3c1)
5ee0340d	59	pop ecx
5ee0340e	59	pop ecx
5ee0340f	899d2cfeffff	mov dword ptr [ebp-1D4h],ebx
5ee03415	8d852cfeffff	lea eax,[ebp-1D4h]
5ee0341b	681096a85f	push offset AcroRd32!defaultCTJPEGMemoryManager+0x1b51fc (5fa89610)
5ee03420	e90efeffff	jmp AcroRd32!CTJPEGTiledContentWriter::operator=+0x215f (5ee03233)
5ee03425	33c0	xor eax,eax
5ee03427	6639434e	cmp word ptr [ebx+4Eh],ax
5ee0342b	744d	je AcroRd32!CTJPEGTiledContentWriter::operator=+0x23a6 (5ee0347a)
5ee0342d	4f	dec edi
5ee0342e	7817	js AcroRd32!CTJPEGTiledContentWriter::operator=+0x2373 (5ee03447)
5ee03430	8b5334	mov edx,dword ptr [ebx+34h]
5ee03433	8d0cba	lea ecx,[edx+edi*4]
5ee03436	8b01	mov eax,dword ptr [ecx]
5ee03438	0fb74050	movzx eax,word ptr [eax+50h]
5ee0343c	6685c0	test ax,ax
5ee0343f	7528	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x2395 (5ee03469)
5ee03441	83e904	sub ecx,4
5ee03444	4f	dec edi
5ee03445	79ef	jns AcroRd32!CTJPEGTiledContentWriter::operator=+0x2362 (5ee03436)
5ee03447	33db	xor ebx,ebx
5ee03449	53	push ebx
5ee0344a	6a0b	push 0Bh
5ee0344c	e8708fb6ff	call AcroRd32!PDMediaQueriesGetCosObj+0x4731 (5e96c3c1)
5ee03451	59	pop ecx
5ee03452	59	pop ecx
5ee03453	899d38feffff	mov dword ptr [ebp-1C8h],ebx
5ee03459	8d8538feffff	lea eax,[ebp-1C8h]
5ee0345f	681096a85f	push offset AcroRd32!defaultCTJPEGMemoryManager+0x1b51fc (5fa89610)
5ee03464	e9cafdffff	jmp AcroRd32!CTJPEGTiledContentWriter::operator=+0x215f (5ee03233)
5ee03469	8b04ba	mov eax,dword ptr [edx+edi*4]
5ee0346c	8d8da8feffff	lea ecx,[ebp-158h]
5ee03472	ff7070	push dword ptr [eax+70h]
5ee03475	e8e1190000	call AcroRd32!CTJPEGTiledContentWriter::operator=+0x3d87 (5ee04e5b) // call
5ee0347a	6a10	push 10h // return address
5ee0347c	e808a3a2ff	call AcroRd32!AcroWinMainSandbox+0x3795 (5e82d789)
5ee03481	8bf8	mov edi,eax
5ee03483	89bdccfeffff	mov dword ptr [ebp-134h],edi
5ee03489	89bdc4feffff	mov dword ptr [ebp-13Ch],edi
5ee0348f	59	pop ecx
5ee03490	85ff	test edi,edi
5ee03492	7522	jne AcroRd32!CTJPEGTiledContentWriter::operator=+0x23e2 (5ee034b6)
5ee03494	33db	xor ebx,ebx
5ee03496	53	push ebx
5ee03497	6a03	push 3
5ee03499	e8238fb6ff	call AcroRd32!PDMediaQueriesGetCosObj+0x4731 (5e96c3c1)
5ee0349e	59	pop ecx
5ee0349f	59	pop ecx
5ee034a0	899d9cfeffff	mov dword ptr [ebp-164h],ebx
5ee034a6	8d859cfeffff	lea eax,[ebp-164h]
5ee034ac	681096a85f	push offset AcroRd32!defaultCTJPEGMemoryManager+0x1b51fc (5fa89610)
5ee034b1	e97dfdffff	jmp AcroRd32!CTJPEGTiledContentWriter::operator=+0x215f (5ee03233)
5ee034b6	ff7368	push dword ptr [ebx+68h]
5ee034b9	8bcf	mov ecx,edi
5ee034bb	ff7368	push dword ptr [ebx+68h]
5ee034be	e821f80000	call AcroRd32!CTJPEGTiledContentWriter::operator=+0x11c10 (5ee12ce4)
5ee034c3	85c0	test eax,eax
5ee034c5	7421	je AcroRd32!CTJPEGTiledContentWriter::operator=+0x2414 (5ee034e8)
5ee034c7	33db	xor ebx,ebx
5ee034c9	53	push ebx
5ee034ca	50	push eax
5ee034cb	e8f18eb6ff	call AcroRd32!PDMediaQueriesGetCosObj+0x4731 (5e96c3c1)
5ee034d0	59	pop ecx
5ee034d1	59	pop ecx
5ee034d2	899d30feffff	mov dword ptr [ebp-1D0h],ebx
5ee034d8	8d8530feffff	lea eax,[ebp-1D0h]
5ee034de	681096a85f	push offset AcroRd32!defaultCTJPEGMemoryManager+0x1b51fc (5fa89610)
5ee034e3	e94bfdffff	jmp AcroRd32!CTJPEGTiledContentWriter::operator=+0x215f (5ee03233)
5ee034e8	57	push edi
5ee034e9	8bce	mov ecx,esi
5ee034eb	e8c9fbffff	call AcroRd32!CTJPEGTiledContentWriter::operator=+0x1fe5 (5ee030b9)
5ee034f0	33c0	xor eax,eax
5ee034f2	8d4de8	lea ecx,[ebp-18h]
5ee034f5	8985f0feffff	mov dword ptr [ebp-110h],eax
5ee034fb	8d535c	lea edx,[ebx+5Ch]
5ee034fe	668945cc	mov word ptr [ebp-34h],ax
5ee03502	8a4352	mov al,byte ptr [ebx+52h]
5ee03505	8845d8	mov byte ptr [ebp-28h],al
5ee03508	33c0	xor eax,eax
5ee0350a	6a04	push 4
5ee0350c	8945da	mov dword ptr [ebp-26h],eax
5ee0350f	5f	pop edi
5ee03510	8a42fc	mov al,byte ptr [edx-4]
5ee03513	8841fc	mov byte ptr [ecx-4],al

⇓ click on the title of a section to open or close it.

Binary information

AcroRd32.exe

Loaded symbol image file	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Image path	AcroRd32.exe
Image name	AcroRd32.exe
Timestamp	Fri Feb 2 20:19:02 2018 (5A74AB96)
CheckSum	00233D1F
ImageSize	0022F000
File version	18.11.20035.2003
Product version	18.11.20035.2003
File flags	0 (Mask 3F)
File OS	50004 CE Win32
File type	1.0 App
File date	00000000.00000000
Translations	0409.04e4
CompanyName	Adobe Systems Incorporated
ProductName	Adobe Acrobat Reader DC
OriginalFilename	AcroRd32.exe
ProductVersion	18.11.20035.264147
FileVersion	18.11.20035.264147
FileDescription	Adobe Acrobat Reader DC
LegalCopyright	Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved.

AcroRd32.dll

Loaded symbol image file	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Image path	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Image name	AcroRd32.dll
Timestamp	Fri Feb 2 20:18:25 2018 (5A74AB71)
CheckSum	016F4F23
ImageSize	01722000
File version	18.11.20035.2003
Product version	18.11.20035.2003
File flags	0 (Mask 3F)
File OS	50004 CE Win32
File type	2.0 Dll
File date	00000000.00000000
Translations	0409.04e4

⇓ click on the title of a section to open or close it.

Application and cdb output log

*** wait with pending attach
************* Path validation summary **************
Response Time (ms) Location
Deferred cache*
Deferred srv*http://msdl.microsoft.com/download/symbols
Deferred symsrv*symsrv.dll*C:\Windows\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: cache*;srv*http://msdl.microsoft.com/download/symbols;symsrv*symsrv.dll*C:\Windows\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Page heap: pid 0x5004: page heap enabled with flags 0x3.
Page heap: pid 0x5004: page heap enabled with flags 0x3.
Proxy object acquired for read by thread 12012.
Thread 12012 releasing Proxy object acquired for read.
(5004.23b4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll -

⇓ click on the title of a section to open or close it.