You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
when input a wired ini file ,there is a crash found.
int main (int argc, char** argv)
{
dictionary * ini ;
char * ini_name ;
char* filename = argv[1];
char* fuzzstr = {0xff,0x00};
ini = iniparser_load(filename);
if (ini!=NULL) {
int b = iniparser_getboolean(ini, fuzzstr, -1);
char* s = iniparser_getstring(ini, fuzzstr, NULL);
int i = iniparser_getint(ini, fuzzstr, -1);
double d = iniparser_getdouble(ini, fuzzstr, -1.0);
iniparser_dump(ini, stdout);
iniparser_freedict(ini);
}
}
input in .ini file:
"\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x42\x9e\x20\x4a\x09\x96\xe4\x6d\xf8\xb5\x6f\x35\x9b\xca\xc5\xd2\xa0\x39\x11\x21\x52\xd8\xcf\x6c\x52\x61\x7c\x3d\xd0\xad\xf7\x13\x4b\x17\x5d\x54\xad\x42\xc1\xa5\xf7\x30\xda\x92\xfa\xa0\x64\x9a\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\xa3\xf5\xf5\xa4\xa2\xf5\xf5\xa4\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x59\x1e\x33\x07\x0c\xc7\x54\x3f\x7e\xbc\x81\xf4\x61\xa0\xad\x71\x91\x89\x74\x48\x7a\xd9\xab\x79\xc2\xbf\x54\x61\x8a\x89\x3c\xe3\xa8\x6f\xea\xb4\x37\x3e\xf3\xb5\xfa\x74\xa9\x5b\x14\x56\xcd\xa5\xdf\x41\xee\x5a\x1a\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d"
==2145962==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x556d37d6dce3 bp 0x7ffedb8fc080 sp 0x7ffedb8fc040 T0)
==2145962==The signal is caused by a READ memory access.
==2145962==Hint: address points to the zero page.
#0 0x556d37d6dce3 in iniparser_getboolean ../src/iniparser.c:559 #1 0x556d37d69f57 in main /opt1/software/newtest/iniparser/test.c:19
the vuln is in function "iniparser_getboolean" miss check for function "iniparser_getstring" 's return. when iniparser_getstring return NULL, the code in 559 will cause crash .
The text was updated successfully, but these errors were encountered:
when input a wired ini file ,there is a crash found.
int main (int argc, char** argv)
{
dictionary * ini ;
char * ini_name ;
char* filename = argv[1];
char* fuzzstr = {0xff,0x00};
ini = iniparser_load(filename);
if (ini!=NULL) {
int b = iniparser_getboolean(ini, fuzzstr, -1);
char* s = iniparser_getstring(ini, fuzzstr, NULL);
int i = iniparser_getint(ini, fuzzstr, -1);
double d = iniparser_getdouble(ini, fuzzstr, -1.0);
iniparser_dump(ini, stdout);
iniparser_freedict(ini);
}
}
input in .ini file:
"\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x42\x9e\x20\x4a\x09\x96\xe4\x6d\xf8\xb5\x6f\x35\x9b\xca\xc5\xd2\xa0\x39\x11\x21\x52\xd8\xcf\x6c\x52\x61\x7c\x3d\xd0\xad\xf7\x13\x4b\x17\x5d\x54\xad\x42\xc1\xa5\xf7\x30\xda\x92\xfa\xa0\x64\x9a\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\xa3\xf5\xf5\xa4\xa2\xf5\xf5\xa4\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x59\x1e\x33\x07\x0c\xc7\x54\x3f\x7e\xbc\x81\xf4\x61\xa0\xad\x71\x91\x89\x74\x48\x7a\xd9\xab\x79\xc2\xbf\x54\x61\x8a\x89\x3c\xe3\xa8\x6f\xea\xb4\x37\x3e\xf3\xb5\xfa\x74\xa9\x5b\x14\x56\xcd\xa5\xdf\x41\xee\x5a\x1a\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x1f\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d\x0a\x0a\x5b\x5d"
compile:
gcc -fsantize=address test.c ./src/iniparser.c ./src/dictionary.c -o testdemo -I ./src/
run and find a crash:
==2145962==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x556d37d6dce3 bp 0x7ffedb8fc080 sp 0x7ffedb8fc040 T0)
==2145962==The signal is caused by a READ memory access.
==2145962==Hint: address points to the zero page.
#0 0x556d37d6dce3 in iniparser_getboolean ../src/iniparser.c:559
#1 0x556d37d69f57 in main /opt1/software/newtest/iniparser/test.c:19
the vuln is in function "iniparser_getboolean" miss check for function "iniparser_getstring" 's return. when iniparser_getstring return NULL, the code in 559 will cause crash .
The text was updated successfully, but these errors were encountered: