--- Begin Message ---
Subject: |
Bug in PR utility |
Date: |
Wed, 23 Nov 2016 10:34:11 +0800 |
Dear all,
There is an integer overflow in pr.c:1880 which results in memory exhaustion.
The bug was found with AFLFast, a fork of AFL.
How to reproduce:
$ pr -l55555555 -5
I was actually fuzzing Coreutils 6.10 as part of ongoing experiments.
Also confirmed for Coreutils 8.25.
Best regards,
- Marcel
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#24996: Bug in PR utility |
Date: |
Wed, 23 Nov 2016 00:10:12 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 |
Marcel Böhme wrote:
There is an integer overflow in pr.c:1880 which results in memory exhaustion.
The bug was found with AFLFast, a fork of AFL.
Did it find only one such problem? I found half a dozen in the neighborhood. I
guess it gave up after the first one. I fixed the bugs I found, by installing
the attached patch. No doubt there are more bugs like this; please send more.
0001-pr-fix-integer-overflow-in-buffer-size-calcs.txt
Description: Text document
--- End Message ---