When compiling ytnef with address sanitizer enabled (a compiler feature to detect invalid memory access), it shows an out of bounds read in the function MAPIPrint. This doesn't require any malformed input, it happens with many of the test files shipped in the dir test-data.
To reproduce:
Compile ytnef 1.9.1 with address sanitizer: ./autogen.sh; ./configure; make CFLAGS="-fsanitize=address -g"
Run
ytnefprint/ytnefprint test-data/rtf.tnef
or
ytnefprint/ytnefprint test-data/winmail.dat
Here's the error message from address sanitizer:
==22088==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000eeb0 at pc 0x7f67eb0cc60a bp 0x7ffd04a671e0 sp 0x7ffd04a671d8
READ of size 8 at 0x60200000eeb0 thread T0
#0 0x7f67eb0cc609 in MAPIPrint /mnt/ram/ytnef-1.9.1-2/lib/ytnef.c:1393
#1 0x5578281d9bbc in PrintTNEF /mnt/ram/ytnef-1.9.1-2/ytnefprint/main.c:169
#2 0x5578281d9116 in main /mnt/ram/ytnef-1.9.1-2/ytnefprint/main.c:84
#3 0x7f67ead471e0 in __libc_start_main (/lib64/libc.so.6+0x201e0)
#4 0x5578281d8d79 in _start (/mnt/ram/ytnef-1.9.1-2/ytnefprint/.libs/ytnefprint+0x1d79)
0x60200000eeb4 is located 0 bytes to the right of 4-byte region [0x60200000eeb0,0x60200000eeb4)
allocated by thread T0 here:
#0 0x7f67eb3a4660 in calloc (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0xc2660)
#1 0x7f67eb0c3f2a in TNEFFillMapi /mnt/ram/ytnef-1.9.1-2/lib/ytnef.c:544
#2 0x7f67eb0c28da in TNEFMapiProperties /mnt/ram/ytnef-1.9.1-2/lib/ytnef.c:396
#3 0x7f67eb0cac16 in TNEFParse /mnt/ram/ytnef-1.9.1-2/lib/ytnef.c:1180
#4 0x7f67eb0c9ac6 in TNEFParseFile /mnt/ram/ytnef-1.9.1-2/lib/ytnef.c:1042
#5 0x5578281d90dc in main /mnt/ram/ytnef-1.9.1-2/ytnefprint/main.c:80
#6 0x7f67ead471e0 in __libc_start_main (/lib64/libc.so.6+0x201e0)
The text was updated successfully, but these errors were encountered:
Can confirm the PR fixes the bug.
I noticed that you added address sanitizer for some of your tests, but then removed it again for gcc claiming that it doesn't work with that. Not sure where you got that from, asan is available in gcc since a long time, unless you're using a really old version it should work.
When compiling ytnef with address sanitizer enabled (a compiler feature to detect invalid memory access), it shows an out of bounds read in the function MAPIPrint. This doesn't require any malformed input, it happens with many of the test files shipped in the dir test-data.
To reproduce:
ytnefprint/ytnefprint test-data/rtf.tnef
or
ytnefprint/ytnefprint test-data/winmail.dat
Here's the error message from address sanitizer:
The text was updated successfully, but these errors were encountered: