[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-ed] invalid free on malformed commands
From: |
Antonio Diaz Diaz |
Subject: |
Re: [Bug-ed] invalid free on malformed commands |
Date: |
Mon, 09 Jan 2017 12:42:14 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 |
Hi Hanno,
Hanno Böck wrote:
ed can be crashed with some malformed commands:
echo -e "H\n?\{" | ed
Thank you very much for reporting this.
The bug seems to be a call of free on a nonallocated pointer. The bug
was found with the fuzzing tool american fuzzy lop in ed 1.14.
Yes, it was a stupid overlook. I changed a malloc'd buffer for a static
one and forgot to remove the corresponding 'free'. I'll release a
corrected version shortly.
Best regards,
Antonio.