GNU bug report logs - #66835
Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function.

Reported by: Some Dickhead <wheneveriseefeetibeatmymeat <at> gmail.com>

Date: Mon, 30 Oct 2023 16:36:01 UTC

Severity: normal

View this message in rfc822 format

From: Some Dickhead <wheneveriseefeetibeatmymeat <at> gmail.com>
To: 66835 <at> debbugs.gnu.org
Subject: bug#66835: Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function.
Date: Sun, 29 Oct 2023 20:14:54 +0200

[Message part 1 (text/plain, inline)]

Hi! I was fuzzing expr in coreutils and found a bug. I compiled expr with
asan and ubsan. I cloned the repository from
https://github.com/coreutils/coreutils and I am using
commit f7e25d5bb53e35bcdea8512dd6db07dd7e6cf452 . After compiling expr,
just run './expr $(printf "\x30\x98\xc8\x9d") : $(printf
"\x5c\x28\x5c\x29\x2e\x2a\x5c\x53\x98\xc8\x30\x2a\x5c\x31")' and observe
the crash. I have attached the ASAN report which I got from my run to this
email.

[Message part 2 (text/html, inline)]

[asanreport.txt (text/plain, attachment)]

This bug report was last modified 1 year and 229 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #66835 Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function.

GNU bug report logs - #66835
Heap buffer overread in expr in regexec.c in the check_arrival_add_next_nodes function.