[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-diffutils] bug#31935: bug#31935: 2 crashes in diffutills commit ver
From: |
Jim Meyering |
Subject: |
[bug-diffutils] bug#31935: bug#31935: 2 crashes in diffutills commit version 576645c |
Date: |
Fri, 28 Dec 2018 17:13:10 -0800 |
On Fri, Jun 22, 2018 at 7:49 AM Hongxu Chen <address@hidden> wrote:
> We found with our fuzzer 2 crashes on diffutils version 576645c: one is a
> heap-buffer-overflow at util.c:1249, another is an invalid read resulting
> from `output_1_line' at util.c:1274.
> The executing command is: `./diff -a --strip-trailing-cr $file add.wasm`
> where $file is the poc file (I attached them as *.input.txt); "add.wasm" is
> also attached however it seems that content of the comparison file is not
> important.
Thank you for fuzz-testing diffutils.
FYI, here is a reproducer for the limit[-1]-related UMR bugs:
valgrind src/diff -a --strip-trailing-cr <(printf '\r') <(echo a)
I've attached a patch:
diffutils-UMR.diff
Description: Binary data
- [bug-diffutils] bug#31935: bug#31935: 2 crashes in diffutills commit version 576645c,
Jim Meyering <=