Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault with crafted sample in lib/ofx_containers_misc.cpp OfxPushUpContainer::add_attribute #11

fgeek opened this issue Nov 5, 2017 · 2 comments


Copy link

@fgeek fgeek commented Nov 5, 2017

Create reproducer file:

echo "<OFX><OO<OFX</>0</>0" > libofx-ofxdump-OfxPushUpContainer-add_attribute-segfault-min-001.ofx


./bin/ofxdump libofx-ofxdump-OfxPushUpContainer-add_attribute-segfault-min-001.ofx


(Above message occurred on Line 1, Column 20)
==7788==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f753b0db21c sp 0x7ffd7cbd5870 bp 0x60400004cea8 T0)
    #0 0x7f753b0db21b in OfxPushUpContainer::add_attribute(std::string, std::string) /home/hsalo/src/libofx/lib/ofx_containers_misc.cpp:65
    #1 0x7f753b134a7c in OFXApplication::endElement(SGMLApplication::EndElementEvent const&) /home/hsalo/src/libofx/lib/ofx_sgml.cpp:238
    #2 0x7f7539a35c2e in OpenSP::GenericEventHandler::endElement(OpenSP::EndElementEvent*) /home/hsalo/src/OpenSP-1.5.2/lib/GenericEventHandler.cxx:155
    #3 0x7f7539d18955 in OpenSP::Parser::implyCurrentElementEnd(OpenSP::Location const&) /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:1177
    #4 0x7f7539d18fe3 in OpenSP::Parser::endAllElements() /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:1124
    #5 0x7f7539d24b87 in OpenSP::Parser::endInstance() /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:59
    #6 0x7f7539d3bc1f in OpenSP::Parser::doContent() /home/hsalo/src/OpenSP-1.5.2/lib/parseInstance.cxx:93
    #7 0x7f7539afb3e7 in OpenSP::Parser::parseAll(OpenSP::EventHandler&, int const volatile*) /home/hsalo/src/OpenSP-1.5.2/lib/Parser.cxx:254
    #8 0x7f7539b11729 in OpenSP::ParserApp::parseAll(OpenSP::SgmlParser&, OpenSP::EventHandler&, int const volatile*) /home/hsalo/src/OpenSP-1.5.2/lib/ParserApp.cxx:97
    #9 0x7f7539b1ca10 in OpenSP::ParserEventGenerator::run(SGMLApplication&) /home/hsalo/src/OpenSP-1.5.2/lib/ParserEventGeneratorKit.cxx:197
    #10 0x7f753b130a0e in ofx_proc_sgml(LibofxContext*, int, char* const*) /home/hsalo/src/libofx/lib/ofx_sgml.cpp:385
    #11 0x7f753b0b69ad in ofx_proc_file(void*, char const*) /home/hsalo/src/libofx/lib/ofx_preproc.cpp:386
    #12 0x7f753b0a8762 in libofx_proc_file /home/hsalo/src/libofx/lib/file_preproc.cpp:94
    #13 0x402b82 in main /home/hsalo/src/libofx/ofxdump/ofxdump.cpp:491
    #14 0x7f753a4ddb44 in __libc_start_main (/lib/x86_64-linux-gnu/
    #15 0x40312c (/home/hsalo/builds/libofx/2017-10-31/bin/ofxdump+0x40312c)

Credit: Henri Salo from Nixu Corporation

cstim added a commit that referenced this issue Nov 6, 2017
Credit: Henri Salo from Nixu Corporation
Copy link

@cstim cstim commented Nov 6, 2017

Thanks for the description. The crash with this example is fixed.

Are you interested in commit priviledges? I'd rather like to keep away from active hacking in this library - my own involvement was too long ago. Thanks!

@cstim cstim closed this Nov 6, 2017
Copy link

@fgeek fgeek commented Nov 30, 2017

@cstim Thank you, but I can send pull requests. No need for additional privileges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.