New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A heap overflow in peglib.h:347 #122
Comments
|
@seviezhou, thanks for the feedback. Could you give me more detailed information about it? Thanks! |
|
Well, this bug is found by fuzzing. I compiled the code with Address Sanitizer and mutate the I am sorry, I am not very familiar with the project code, so I cannot analyze the actually cause of this bug. |
|
@seviezhou, ok. How did you mutate the pl0.peg? |
|
Just some randomly bit/byte flipping, or substitute some parts of inputs with a set of predefined strings. |
|
@seviezhou, does it mean that the mutated file is no longer a valid text UTF-8 file? |
|
It is possible that some part of the mutated file is not valid text file, but for this case, you can see that most of the content is still text, and the bug was triggered by these text content: |
|
@seviezhou, thanks for the info! |
|
I'm glad that it helps. |
|
CVE-2020-23915 has been assigned for this issue. |
System info
Ubuntu x86_64, gcc (Ubuntu 5.5.0-12ubuntu1), peglint (latest master 14305f)
Configure
cmake .. -DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address"
Command line
./build/lint/peglint --ast --opt ./heap-overflow-resolve_escape_sequence-peglib-347 ./pl0/samples/fib.pas
AddressSanitizer output
POC
heap-overflow-resolve_escape_sequence-peglib-347.zip
The text was updated successfully, but these errors were encountered: