Skip to content

/ dlib

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

outside bounds access during xml parsing #1844

Closed
pauldreik opened this issue Jul 26, 2019 · 7 comments
Closed

outside bounds access during xml parsing #1844

pauldreik opened this issue Jul 26, 2019 · 7 comments
Labels
inactive

Comments

@pauldreik
Copy link
Contributor

@pauldreik pauldreik commented Jul 26, 2019

Fuzzing dlib::xml_parser I found a crash after 177 milliseconds. It's a string access outside bounds in this function

I will submit a pull request with the fix (replacing str[i] with str.at(i)).
@pauldreik pauldreik mentioned this issue Jul 26, 2019
Closed
@pauldreik

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

@pauldreik pauldreik commented Jul 26, 2019

The crashing input was:

 "<?>\0"

but it can probably be minimized more.
@davisking

This comment has been minimized.

Sign in to view
Copy link
Owner

@davisking davisking commented Jul 27, 2019

Thanks for finding this. Don't replace it with str.at(i) though. That will break the contract for this method, and for the parser as a whole. In this case, you should return -1, as this is what the contract in the header for this method indicates should happen in such situations.
@dlib-issue-bot

This comment has been minimized.

Sign in to view
Copy link
Collaborator

@dlib-issue-bot dlib-issue-bot commented Sep 1, 2019

Warning: this issue has been inactive for 35 days and will be automatically closed on 2019-09-10 if there is no further activity.

If you are waiting for a response but haven't received one it's possible your question is somehow inappropriate. E.g. it is off topic, you didn't follow the issue submission instructions, or your question is easily answerable by reading the FAQ, dlib's official compilation instructions, dlib's API documentation, or a Google search.
@pauldreik

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

@pauldreik pauldreik commented Sep 6, 2019

I guess I will have to spend more than 30 s on the fix :-)
@dlib-issue-bot

This comment has been minimized.

Sign in to view
Copy link
Collaborator

@dlib-issue-bot dlib-issue-bot commented Oct 12, 2019

Warning: this issue has been inactive for 35 days and will be automatically closed on 2019-10-21 if there is no further activity.

If you are waiting for a response but haven't received one it's possible your question is somehow inappropriate. E.g. it is off topic, you didn't follow the issue submission instructions, or your question is easily answerable by reading the FAQ, dlib's official compilation instructions, dlib's API documentation, or a Google search.
@dlib-issue-bot

This comment has been minimized.

Sign in to view
Copy link
Collaborator

@dlib-issue-bot dlib-issue-bot commented Oct 20, 2019

Warning: this issue has been inactive for 43 days and will be automatically closed on 2019-10-21 if there is no further activity.

If you are waiting for a response but haven't received one it's possible your question is somehow inappropriate. E.g. it is off topic, you didn't follow the issue submission instructions, or your question is easily answerable by reading the FAQ, dlib's official compilation instructions, dlib's API documentation, or a Google search.
@dlib-issue-bot

This comment has been minimized.

Sign in to view
Copy link
Collaborator

@dlib-issue-bot dlib-issue-bot commented Oct 22, 2019

Notice: this issue has been closed because it has been inactive for 45 days. You may reopen this issue if it has been closed in error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
inactive
Projects
None yet
Milestone
No milestone
3 participants
@pauldreik @davisking @dlib-issue-bot
You can’t perform that action at this time.