memory corruption bug

[zhunki]

Hi,
I found a memory corruption bug.
the stack trace is as shown below:

==3249== WARNING: AddressSanitizer failed to allocate 0xfff50001 bytes
=================================================================
==3249== ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x00000000,0xfff50000) and [0xb58017ce, 0xb57517ce) overlap
    #0 0xb6183b9a (/usr/lib/i386-linux-gnu/libasan.so.0+0xdb9a)
    #1 0x8063d5f in parse_string_node /home/b/asan/libplist/src/bplist.c:292
    #2 0x8063d5f in parse_bin_node /home/b/asan/libplist/src/bplist.c:646
    #3 0x8063d5f in parse_bin_node_at_index /home/b/asan/libplist/src/bplist.c:733
    #4 0x8068eb4 in plist_from_bin /home/b/asan/libplist/src/bplist.c:822
    #5 0x804a354 in main /home/b/asan/libplist/tools/plistutil.c:150
    #6 0xb5fc4a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)
    #7 0x804afa5 in _start (/home/b/asan/libplist/tools/plistutil+0x804afa5)
0xb58017ce is located 14 bytes inside of 55-byte region [0xb58017c0,0xb58017f7)
allocated by thread T0 here:
    #0 0xb618c854 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16854)
    #1 0x8049962 in main /home/b/asan/libplist/tools/plistutil.c:143
    #2 0xb5fc4a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)
SUMMARY: AddressSanitizer: memcpy-param-overlap ??:0 ??

poc.txt

[nikias]

Fixed with commit fbd8494.

[carnil]

This is CVE-2017-6435