GNU bug report logs - #32082
heap buffer overflow in sed/execute.c, line 992

Previous Next

Package: sed;

Reported by: bugs <at> feusi.co

Date: Sat, 7 Jul 2018 14:01:03 UTC

Severity: normal

Tags: fixed

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Assaf Gordon <assafgordon <at> gmail.com>
To: Jim Meyering <jim <at> meyering.net>
Cc: bugs <at> feusi.co, 32082 <at> debbugs.gnu.org
Subject: bug#32082: heap buffer overflow in sed/execute.c, line 992
Date: Sun, 8 Jul 2018 20:14:17 -0600

[Message part 1 (text/plain, inline)]

On 08/07/18 10:36 AM, Jim Meyering wrote:
> On Sat, Jul 7, 2018 at 9:28 PM, Assaf Gordon <assafgordon <at> gmail.com> wrote:
>> On 07/07/18 05:01 AM, bugs <at> feusi.co wrote:
>>>
>>> I am working on a project in which I use the afl fuzzer to fuzz
>>> different open-source software. In doing so, I discovered a
>>> heap buffer overflow in sed/execute.c, line 992.
>>
>> Attached is a suggested fix.
>>
>> comments very welcomed,
> 
> Here are some suggested comment adjustments:

Thanks.

Attached updated version.
I will push it tomorrow if there are no further comments.


regards,
 - assaf

[0001-sed-fix-heap-buffer-overflow-from-invalid-references.patch (text/x-patch, attachment)]

This bug report was last modified 6 years and 318 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #32082 heap buffer overflow in sed/execute.c, line 992

GNU bug report logs - #32082
heap buffer overflow in sed/execute.c, line 992