lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] ANN: lynx2.9.0dev.10

From: Kuang-che Wu
Subject: Re: [Lynx-dev] ANN: lynx2.9.0dev.10
Date: Sat, 30 Oct 2021 16:43:42 +0800 
On Wed, Oct 27, 2021 at 08:19:30AM +0000, Thomas Dickey wrote:
> 2021-10-24 (2.9.0dev.10)
> * several fixes for problems found using asan2 with fuzzer-generated data
>   (report/testcases by Kuang-che Wu) -TD

Sample test cases:
(all below cases are zstd compressed and base64 encoded)

This case crashed lynx 2.9.0dev.9 (heap-buffer-write)
KLUv/WRsAxUCADQDPHNlbGVjdDxvcHRpb248ZGw+MDxtZXRhIGNoYXJzZXQ9Z2IyMzEyPjAg
MA0IMAgICAgIBADr3Up82leXGf0cGOsMXxI=

There are several similar variances, like wild-address-write
QlpoOTFBWSZTWQ8PW/QAAA19hIBAABBBAHgHCAA6whwAABAACCAAMUGjRoMgNBpT1D1GTygP
J6oUdQEZoUAQbZo/TxBVlmbHE1XhIoD8XckU4UJAPD1v0A==

And it could write to a pointer inside already free'd block
KLUv/WQwDm0CAIQDPE9sPGRsPjA8ZGQ8PG1ldGEgY2hhcnNldD1nYjIzMTI+PGltZyB1c2Vt
YXA9MKQwMD48bGk+MAgGILDjAccrccmwwC5XU+Yf+VcP7ovzBg==

This case makes lynx free() a not-allocated pointer.
KLUv/WQ1B10DANLEERiQxQ0ok27RPd7dyrd09a6m6d3N0vVUFAEBUm+AgqQmYUjGUs/MW3bg
PndqwdI14ceQSEWKex1ubi56eG23o9gDj9+4a4kCDADEQSXYvlWPqoAumOIku3niZQM0Jc3A
d4Al4/NlHFwBbcBmUQ==

Other less scary cases, like null-deref and buffer-overflow-read, are
omitted here.

Regards,
kcwu
reply via email to
[Prev in Thread] Current Thread [Next in Thread]