Closed
Description
Hello, we recently found a memory issue parsing and executing fuzzed ical file in last revision of libical (#19acf43794ad4c99f7e6687cb39424a82b737828).
We tested this issue on Ubuntu 14.04 but other configurations could be affected.
Technical details about the issue are:
==8557==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000caa3 at pc 0x7ffff7b187ce bp 0x7fffffff87f0 sp 0x7fffffff87e8
READ of size 1 at 0x60300000caa3 thread T0
gdb backtrace is as follows:
#0 0x00007ffff61cfc37 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff61d3028 in __GI_abort () at abort.c:89
#2 0x00000000004b12b6 in __sanitizer::Abort() ()
#3 0x00000000004a1f97 in __asan::AsanDie() ()
#4 0x00000000004a89cf in __sanitizer::Die() ()
#5 0x00000000004a062b in __asan::ScopedInErrorReport::~ScopedInErrorReport() ()
#6 0x00000000004a0171 in __asan_report_error ()
#7 0x00000000004a0db7 in __asan_report_load1 ()
#8 0x00007ffff7b187ce in icaltime_from_string (str=<optimized out>)
at /home/agustin/Code/libical/src/libical/icaltime.c:448
#9 0x00007ffff7b5756f in icalvalue_new_from_string_with_error (kind=<optimized out>,
str=<optimized out>, error=<optimized out>)
at /home/agustin/Code/libical/src/libical/icalvalue.c:637
#10 0x00007ffff7b548db in icalvalue_new_from_string (kind=ICAL_DATETIME_VALUE,
str=0x60300000ca90 "18640529T011608z")
at /home/agustin/Code/libical/src/libical/icalvalue.c:756
#11 0x00007ffff7ad080a in icalparser_add_line (parser=<optimized out>,
line=<optimized out>) at /home/agustin/Code/libical/src/libical/icalparser.c:1147
#12 0x00000000004b8c3f in main (argc=2, argv=0x7fffffffdf08)
at /home/agustin/Code/libical/src/test/icaltestparser.c:104
This issue was found using QuickFuzz, the file to reproduce it is attached.
Regards.