On 22/06/2023 17:33, Frank Busse wrote:
> Hi,
> 
> 
> KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
> with:
> 
> $ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c
> 
> (even '0BA0' seems to work on my machine) ASAN confirms the issue:
> 
>> #1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized out>)
>> #2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
>> #3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at /tmp/src/coreutils-9.3/src/digest.c:1607

Nice one.
I'll push the attached later to fix this.

Marking this as done.

thanks,
Pádraig.