Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb.zip Tested version 3.5.0 and commit ed6b00a Might be related to: https://bugzilla.redhat.com/show_bug.cgi?id=1582024 Credit: Henri Salo Tools: american fuzzy lop 2.52b, afl-utils Thanks to Kapsi internet-käyttäjät ry for providing valuable fuzzing resources.
./lou_checktable 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:1: error: opcode '000' not defined. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:3: error: opcode '0' not defined. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:5: error: invalid dot number '0'. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:6: error: opcode '0000000000000' not defined. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:7: error: Exactly two Unicode characters and at least one cell are required. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. 5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb:8: warning: invalid UTF-8. Assuming Latin-1. ================================================================= ==31674==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc64214142 at pc 0x7fa79f9917b9 bp 0x7ffc6420d470 sp 0x7ffc6420d468 WRITE of size 2 at 0x7ffc64214142 thread T0 #0 0x7fa79f9917b8 in parseChars /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:1146 #1 0x7fa79f994170 in getRuleCharsText /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:1314 #2 0x7fa79f9d2a45 in compileUplow /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:2779 #3 0x7fa79f9d2a45 in compileRule /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:4166 #4 0x7fa79f9e88a2 in compileFile /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:4501 #5 0x7fa79f9e97c7 in compileTranslationTable /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:4606 #6 0x7fa79f9e97c7 in lou_getTable /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:4691 #7 0x5593eb49cf13 in main /home/hsalo/src/liblouis-3.5.0/tools/lou_checktable.c:112 #8 0x7fa79f6002e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0) #9 0x5593eb49d179 in _start (/home/hsalo/builds/liblouis/3.5.0/bin/lou_checktable+0x2179) Address 0x7ffc64214142 is located in stack of thread T0 at offset 23298 in frame #0 0x7fa79f9caaff in compileRule /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:3138 This frame has 17 object(s): [32, 34) 'c' [96, 98) 'c' [160, 164) 'lastToken' [224, 228) 'after' [288, 292) 'before' [352, 356) 'holdOffset' [416, 432) 'dict' [480, 2528) 'includeThis' [2560, 6658) 'token' [6720, 10818) 'ruleChars' [10880, 14978) 'ruleDots' [15040, 19138) 'name' [19200, 23298) 'ruleChars' <== Memory access at offset 23298 overflows this variable [23360, 27458) 'ruleDots' [27520, 31618) 'upperDots' [31680, 35778) 'lowerDots' [35840, 39984) 'nested' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow /home/hsalo/src/liblouis-3.5.0/liblouis/compileTranslationTable.c:1146 in parseChars Shadow bytes around the buggy address: 0x10000c83a7d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a7f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10000c83a820: 00 00 00 00 00 00 00 00[02]f4 f4 f4 f2 f2 f2 f2 0x10000c83a830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000c83a870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==31674==ABORTING
The text was updated successfully, but these errors were encountered:
This issue has been assigned http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11440
Sorry, something went wrong.
4417bad
No branches or pull requests
5ce93fef85b68c5ecb4561bf1aedb52d1b1f368e.ctb.zip
Tested version 3.5.0 and commit ed6b00a
Might be related to: https://bugzilla.redhat.com/show_bug.cgi?id=1582024
Credit: Henri Salo
Tools: american fuzzy lop 2.52b, afl-utils
Thanks to Kapsi internet-käyttäjät ry for providing valuable fuzzing resources.
The text was updated successfully, but these errors were encountered: