New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap out of bounds read (large) in Pl_Buffer::write #150
Comments
|
I've reproduced this in the test suite on my branch. I'll fix it next time I have a chance, hopefully tomorrow sometime. |
|
This was an integer overflow. I have updated the code to, I believe, detect integer overflow/underflow in all cases now. This will be on master as soon as I test on Windows. It works in Linux with clang and gcc and the whole test suite, with the addition of this file and all the other ones you've provided, runs clean through address sanitizer on my work branch. |
|
This has been assigned CVE-2017-18185 |
|
Hi, What is the commit that fix this issue? I saw that commit in closed is just adding tests. Is that the fix itself? |
|
@kirotawa I would have to do some investigation to figure out exactly which one it is. I fixed this series of issues by addressing some fundamental items in the code, such as detecting integer overflows, and some of the fixes to the code fixed multiple issues. Most likely 6d46346 or 1868a10 is responsible for the actual fix. |
The attached file causes an out of bounds heap read, detectable with asan, found with libfuzzer.
qpdf-heapoob-Pl_Buffer_write.zip
ASAN error:
The text was updated successfully, but these errors were encountered: