[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25003: Bug in SPLIT utility

From: Marcel Böhme
Subject: bug#25003: Bug in SPLIT utility
Date: Wed, 23 Nov 2016 21:22:30 +0800

Dear all,

We are running small 1h fuzzing sessions with AFLFast, a fork of AFL.
We’ll be reporting each found bug separately.

On Coreutils v8.25 and trunk, the following input crashes.
Option -n was introduced with v8.8.

$ ./split -n7/75 7
Segmentation fault

ASAN says:
==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6)
    #0 0x7f8820eb9a10 in memmove 
    #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57
    #2 0x404d12 in bytes_chunk_extract ../src/split.c:987
    #3 0x404d12 in main ../src/split.c:1625
    #4 0x7f881fd9cf44 in __libc_start_main 
    #5 0x4064a9  (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9)

0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region 
allocated by thread T0 here:
    #0 0x7f8820f193a8 in __interceptor_malloc 
    #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41

SUMMARY: AddressSanitizer: negative-size-param 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove

Best regards,
- Marcel

reply via email to

[Prev in Thread] Current Thread [Next in Thread]