Re: [Bug-ed] invalid free on malformed commands

bug-ed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-ed] invalid free on malformed commands

From:	Antonio Diaz Diaz
Subject:	Re: [Bug-ed] invalid free on malformed commands
Date:	Mon, 09 Jan 2017 12:42:14 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14

Hi Hanno,

Hanno Böck wrote:

ed can be crashed with some malformed commands:
echo -e "H\n?\{" | ed


Thank you very much for reporting this.

The bug seems to be a call of free on a nonallocated pointer. The bug
was found with the fuzzing tool american fuzzy lop in ed 1.14.

Yes, it was a stupid overlook. I changed a malloc'd buffer for a staticone and forgot to remove the corresponding 'free'. I'll release acorrected version shortly.



Best regards,
Antonio.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-ed] invalid free on malformed commands, Hanno Böck, 2017/01/08
- Re: [Bug-ed] invalid free on malformed commands, Antonio Diaz Diaz <=

Prev by Date: [Bug-ed] invalid free on malformed commands
Next by Date: [Bug-ed] GNU ed 1.14.1 released
Previous by thread: [Bug-ed] invalid free on malformed commands
Next by thread: [Bug-ed] GNU ed 1.14.1 released
Index(es):
- Date
- Thread