-
-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out of bounds read with CMARK_OPT_VALIDATE_UTF8 #206
Comments
kivikakk
pushed a commit
to github/cmark-gfm
that referenced
this issue
Jun 23, 2017
kivikakk
pushed a commit
to github/cmark-gfm
that referenced
this issue
Jun 23, 2017
Thank you for the bug report!
This bug was found using a WIP branch of commonmark integration with
[1]google/oss-fuzz which can be found [2]here. I can take care of
getting the fuzzer upstreamed into the main oss-fuzz repo if you would
like.
Yes, the more fuzzing the better.
Google require one or more email addresses of maintainers to receive
crash reports. Are you happy for me to put down your email address as a
contact? Are there any other maintainers that it would be useful to CC
on crash reports?
I'd be happy to be listed as a contact.
You might also cc @kivikakk, who maintains github's cmark fork and submitted commonmark/cmark#207 fixing this issue.
|
Closed by #207. |
This was referenced Jun 27, 2017
talum
pushed a commit
to github/cmark-gfm
that referenced
this issue
Sep 14, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A single-byte out of bounds read can be triggered when a markdown file contains invalid UTF8 bytes and
--validate-utf8
is enabled. This can be reproduced with:which is this line in
S_process_line
:I don't fully understand the bug but it seems the problem is triggered when four consecutive invalid utf8 bytes are encountered.
encode_unknown
will then replace those four bytes with the three-byte replacement-character. So, maybebytes
needs to be re-initialised after callingcmark_utf8proc_check
becauseparser->curline
may not necessarily containbytes
bytes?This bug was found using a WIP branch of commonmark integration with google/oss-fuzz which can be found here. I can take care of getting the fuzzer upstreamed into the main oss-fuzz repo if you would like.
Google require one or more email addresses of maintainers to receive crash reports. Are you happy for me to put down your email address as a contact? Are there any other maintainers that it would be useful to CC on crash reports?
The text was updated successfully, but these errors were encountered: