[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Gawk 4-Byte Out Of Bounds Read and Seg Fault
From: |
Adam Van Scyoc |
Subject: |
Gawk 4-Byte Out Of Bounds Read and Seg Fault |
Date: |
Tue, 24 May 2022 00:31:06 -0400 |
Hi, thanks for your work maintaining Gawk.
After fuzzing with the google address sanitizers (and reproduced in
valgrind) I discovered there's a 4-byte out-of-bounds read with a very
simple input script that uses getline (see attachment).
I wrote a patch that fixes the OOB read and still passes all tests
(including a new test that I wrote called getlnfa.awk as in "getline field
assign," which is the opcode type that was unhandled causing the bug).
I have my patch attached as a diff to this email but also you can check it
out on my github fork of gawk: https://github.com/AdamVanScyoc/gawk
This bug was reproduced both with the google address sanitizer and valgrind
on MacOS 12.3.1 and in an Ubuntu 22.04 docker container. Repro'ed on Gawk
versions 5.1.60 and 5.1.1
Let me know if there's anything further you need. Also there may be more
bugs to come as I continue fuzzing.
Thanks!
-Adam Van Scyoc
gawk_getline_field_assign_oobr.diff
Description: Binary data
gawk_getline_field_assign_oobr.color.diff
Description: Binary data
id:000000,sig:06,src:000000,time:402,execs:7398,op:havoc,rep:2
Description: Binary data
- Gawk 4-Byte Out Of Bounds Read and Seg Fault,
Adam Van Scyoc <=