[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AddressSanitizer reports a heap buffer overflow from scan_node_conte

From: Gavin Smith
Subject: Re: AddressSanitizer reports a heap buffer overflow from scan_node_contents() on malformed info file
Date: Sun, 21 Feb 2021 09:40:23 +0000
User-agent: Mutt/1.9.4 (2018-02-28)

On Sat, Feb 20, 2021 at 05:43:55PM -0500, Nathaniel Beaver wrote:
> Steps to reproduce:
> Compile with -fsanitize=address, then run:
> info -f reproduce_bug.info
> Expected behavior:
> info does not trigger AddressSanitizer errors.
> Actual behavior:
> AddressSanitizer reports a heap-buffer-overflow from scan_node_contents() in
> info/info-utils.c:1676
> Comments:
> This file was generated by afl-fuzz; I don't understand how it creates a
> heap buffer overflow.
> Valgrind also reports invalid reads in various functions (see attached).

Thank you for the report.  It is likely that we will fix it at some point
although I couldn't tell you when this would be.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]