In the code snippet, it seems there are no checks on cmd parameter which leads to set the variable description to NULL on L270 and then on L273 it dereferences the NULL
Attaching a reproducer (gzipped so GitHub accepts it): test1.gz
Issue can be reproduced by running:
samu -f test1
=================================================================
==2291724==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fa51cd50675 bp 0x7ffdf10454f0 sp 0x7ffdf1044ca8 T0)
==2291724==The signal is caused by a READ memory access.
==2291724==Hint: address points to the zero page.
#0 0x7fa51cd50675 (/lib/x86_64-linux-gnu/libc.so.6+0x18b675)
#1 0x4355d1 in puts (/src/samurai/samu+0x4355d1)
#2 0x4cb75f in printstatus /src/samurai-1.2/build.c:273:2
#3 0x4cc1f1 in jobstart /src/samurai-1.2/build.c:312:3
#4 0x4ca7c7 in build /src/samurai-1.2/build.c:568:19
#5 0x4dc5aa in main /src/samurai-1.2/samu.c:256:2
#6 0x7fa51cbec0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#7 0x41c42d in _start (/src/samurai/samu+0x41c42d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b675)
==2291724==ABORTING
The text was updated successfully, but these errors were encountered:
Thanks for the report! This is something that should've been caught during parsing, but it only checked whether there was any command = ... line, even if the value was NULL. ninja errors on both missing on empty command value, so now we do the same.
Hi,
While fuzzing samurai 1.2 (and git nightly repo), I found a NULL pointer dereference in the printstatus() function, in build.c.
In the code snippet, it seems there are no checks on
cmdparameter which leads to set the variabledescriptiontoNULLon L270 and then on L273 it dereferences the NULLAttaching a reproducer (gzipped so GitHub accepts it): test1.gz
Issue can be reproduced by running:
samu -f test1The text was updated successfully, but these errors were encountered: