GNU bug report logs - #31935
2 crashes in diffutills commit version 576645c

Previous Next

Package: diffutils;

Reported by: Hongxu Chen <leftcopy.chx <at> gmail.com>

Date: Fri, 22 Jun 2018 14:35:01 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Jim Meyering <jim <at> meyering.net>
To: Hongxu Chen <leftcopy.chx <at> gmail.com>
Cc: 31935 <at> debbugs.gnu.org
Subject: bug#31935: [bug-diffutils] bug#31935: 2 crashes in diffutills commit version 576645c
Date: Fri, 28 Dec 2018 17:13:10 -0800

[Message part 1 (text/plain, inline)]

On Fri, Jun 22, 2018 at 7:49 AM Hongxu Chen <leftcopy.chx <at> gmail.com> wrote:
>     We found with our fuzzer 2 crashes on diffutils version 576645c: one is a heap-buffer-overflow at util.c:1249, another is an invalid read resulting from `output_1_line' at util.c:1274.
>     The executing command is: `./diff -a --strip-trailing-cr $file add.wasm` where $file is the poc file (I attached them as  *.input.txt); "add.wasm" is also attached however it seems that content of the comparison file is not important.

Thank you for fuzz-testing diffutils.
FYI, here is a reproducer for the limit[-1]-related UMR bugs:

  valgrind src/diff -a --strip-trailing-cr <(printf '\r') <(echo a)

I've attached a patch:

[diffutils-UMR.diff (application/octet-stream, attachment)]

This bug report was last modified 6 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #31935 2 crashes in diffutills commit version 576645c

GNU bug report logs - #31935
2 crashes in diffutills commit version 576645c