Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Heap-based buffer overflow in the canonpath() function #29
While fuzzing samurai 0.7 with American Fuzzy Lop, I found a heap-based buffer overflow in the canonpath() function, in util.c.
Attaching a reproducer (gzipped so GitHub accepts it): test01.gz
Issue can be reproduced by running:
Thanks for fuzzing samurai!
I believe the buffer overflow is due to failing to reject empty paths, which it tries to canonicalize the same way as
The test case also revealed another issue, which is infinite recursion caused by a recursive rule variable definition. This still needs more investigation.