Closed
Description
input (xxd cases/tats-w3m-89)
00000000: 3c74 6162 6c65 3e30 3c63 6170 7469 6f6e <table>0<caption
00000010: 3e3c 6834 3e3c 6275 7474 6f6e 206e 616d ><h4><button nam
00000020: 653d 223e 2276 616c 7565 3d27 2272 6f77 e=">"value='"row
00000030: 733d 383c 2274 7970 653d 223e 273e s=8<"type=">'>
how to reproduce:
ASAN_OPTIONS=abort_on_error=1:detect_leaks=0 ./w3m-tats.asan -T text/html -dump cases/tats-w3m-89
stderr:
ASAN:DEADLYSIGNAL
=================================================================
==1554299==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x0000005ef25d bp 0x7fffcb53ed10 sp 0x7fffcb53eca0 T0)
==1554299==The signal is caused by a READ memory access.
==1554299==Hint: address points to the zero page.
#0 0x5ef25c in columnPos /targets/w3m-tats/etc.c:70:19
#1 0x64fb2b in formUpdateBuffer /targets/w3m-tats/form.c:487:9
#2 0x65143a in formResetBuffer /targets/w3m-tats/form.c:272:2
#3 0x57c038 in loadHTMLBuffer /targets/w3m-tats/file.c:6797:2
#4 0x57f0a4 in loadSomething /targets/w3m-tats/file.c:224:16
#5 0x573833 in loadGeneralFile /targets/w3m-tats/file.c:2241:6
#6 0x51967c in main /targets/w3m-tats/main.c:1017:12
#7 0x7f29d7170f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
#8 0x41cf6b in _start (/w3m-tats.asan+0x41cf6b)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /targets/w3m-tats/etc.c:70:19 in columnPos
==1554299==ABORTING
More detail to reproduce please see http://github.com/kcwu/fuzzing-w3m
For your convenience,
gdbline:
ASAN_OPTIONS=abort_on_error=1:detect_leaks=0 gdb --args ./w3m-tats.asan -T text/html -dump cases/tats-w3m-89
found by afl-fuzz
Metadata
Metadata
Assignees
Labels
No labels