bug#66835: Heap buffer overread in expr in regexec.c in the check

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66835: Heap buffer overread in expr in regexec.c in the check_arriva

From:	Some Dickhead
Subject:	bug#66835: Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function.
Date:	Sun, 29 Oct 2023 20:14:54 +0200

Hi! I was fuzzing expr in coreutils and found a bug. I compiled expr with
asan and ubsan. I cloned the repository from
https://github.com/coreutils/coreutils and I am using
commit f7e25d5bb53e35bcdea8512dd6db07dd7e6cf452 . After compiling expr,
just run './expr $(printf "\x30\x98\xc8\x9d") : $(printf
"\x5c\x28\x5c\x29\x2e\x2a\x5c\x53\x98\xc8\x30\x2a\x5c\x31")' and observe
the crash. I have attached the ASAN report which I got from my run to this
email.

asanreport.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

bug#66835: Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function., Some Dickhead <=

Prev by Date: bug#66698: I think hex decoding with basenc -d --base16 should be case-insensitive
Previous by thread: bug#66714: [FIXED] Expr substr on plus symbol
Index(es):
- Date
- Thread