Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
CVE-2017-14731: ofxdump heap-buffer-overflow /usr/include/c++/4.9/bits/char_traits.h:263 std::char_traits<char>::length(char const*) #10
Fuzzed with: afl-2.49, afl-utils
You can create the reproducer with:
And run it with ofxdump:
On my system the input file doesn't run into problems, neither with plain starting nor with valgrind. This is from git, c426e22 (released as version 0.9.12). I've committed fad8418 which should avoid some of the problems, but since I can't reproduce orgiinally, I also don't know whether this fixed anything.