segfault / null pointer access in config file parser #550

Closed
hannob opened this Issue Sep 25, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@hannob
Contributor

hannob commented Sep 25, 2016

Attached file will crash irssi's config file parser. Test:

irssi --config=[path_to_file]

It contains just this string:

settings{core(0

This was found with american fuzzy lop. I've zip'ed the file because github doesn't allow attachments with arbitrary file types.

Here's the stack trace from address sanitizer:

==2681==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000503ce9 sp 0x7ffec32d57b0 bp 0x000000000000 T0)
    #0 0x503ce8 in g_istr_hash /var/tmp/portage/net-irc/irssi-0.8.20/work/irssi-0.8.20/src/core/misc.c:480
    #1 0x7fc8e00c8ee2 in g_hash_table_lookup (/usr/lib64/libglib-2.0.so.0+0x38ee2)
    #2 0x51fbce in settings_check_module /var/tmp/portage/net-irc/irssi-0.8.20/work/irssi-0.8.20/src/core/settings.c:520
    #3 0x4f924c in core_init /var/tmp/portage/net-irc/irssi-0.8.20/work/irssi-0.8.20/src/core/core.c:266
    #4 0x419187 in textui_init /var/tmp/portage/net-irc/irssi-0.8.20/work/irssi-0.8.20/src/fe-text/irssi.c:161
    #5 0x419187 in main /var/tmp/portage/net-irc/irssi-0.8.20/work/irssi-0.8.20/src/fe-text/irssi.c:320
    #6 0x7fc8de2e06ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
    #7 0x41a998 in _start (/usr/bin/irssi+0x41a998)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /var/tmp/portage/net-irc/irssi-0.8.20/work/irssi-0.8.20/src/core/misc.c:480 g_istr_hash
==2681==ABORTING

irssi-configfile-nullptr.zip

@ailin-nemui

This comment has been minimized.

Show comment
Hide comment
@ailin-nemui

ailin-nemui Sep 25, 2016

Contributor

thanks for the report

Contributor

ailin-nemui commented Sep 25, 2016

thanks for the report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment