Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

stackoverflow in deleteFrameSet() on malform input #10

Closed
kcwu opened this issue Aug 14, 2016 · 1 comment
Closed

stackoverflow in deleteFrameSet() on malform input #10

kcwu opened this issue Aug 14, 2016 · 1 comment

Comments

@kcwu
Copy link
Contributor

kcwu commented Aug 14, 2016

How to reproduce:

echo '<U><frameset><frameset>0000000000000000000000000<button type=>000<i></button>00000000000000000000000000000000000000000000' | ./w3m -T text/html -dump

ASAN output:

ASAN:SIGSEGV
=================================================================
==3819287==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd7abd6ff8 (pc 0x0000006331a5 bp 0x0000006b65e5 sp 0x7ffd7abd7000 T0)
    #0 0x6331a4  (/w3m/run/w3m.afl-asan+0x6331a4)
    #1 0x633330  (/w3m/run/w3m.afl-asan+0x633330)
    #2 0x633330  (/w3m/run/w3m.afl-asan+0x633330)
last line repeats....

This is found by afl-fuzz.

tats added a commit that referenced this issue Aug 15, 2016
@tats
Copy link
Owner

tats commented Aug 15, 2016

Fixed, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants