emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#24996: closed (Bug in PR utility)

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#24996: closed (Bug in PR utility)
Date: Wed, 23 Nov 2016 08:11:02 +0000 
Your message dated Wed, 23 Nov 2016 00:10:12 -0800
with message-id <address@hidden>
and subject line Re: bug#24996: Bug in PR utility
has caused the debbugs.gnu.org bug report #24996,
regarding Bug in PR utility
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
24996: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=24996
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: Bug in PR utility Date: Wed, 23 Nov 2016 10:34:11 +0800 
Dear all,

There is an integer overflow in pr.c:1880 which results in memory exhaustion. 
The bug was found with AFLFast, a fork of AFL.

How to reproduce:
$ pr -l55555555 -5

I was actually fuzzing Coreutils 6.10 as part of ongoing experiments.
Also confirmed for Coreutils 8.25.

Best regards,
- Marcel

--- End Message ---
--- Begin Message --- Subject: Re: bug#24996: Bug in PR utility Date: Wed, 23 Nov 2016 00:10:12 -0800 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 
Marcel Böhme wrote:

There is an integer overflow in pr.c:1880 which results in memory exhaustion. 
The bug was found with AFLFast, a fork of AFL.
Did it find only one such problem? I found half a dozen in the neighborhood. I guess it gave up after the first one. I fixed the bugs I found, by installing the attached patch. No doubt there are more bugs like this; please send more.

Attachment: 0001-pr-fix-integer-overflow-in-buffer-size-calcs.txt
Description: Text document


--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]