gawk_getline_field_assign_oobr.diffDescription: Binary data
|
| From: | Adam Van Scyoc |
| Subject: | Gawk 4-Byte Out Of Bounds Read and Seg Fault |
| Date: | Tue, 24 May 2022 00:31:06 -0400 |
Hi, thanks for your work maintaining Gawk. After fuzzing with the google address sanitizers (and reproduced in valgrind) I discovered there's a 4-byte out-of-bounds read with a very simple input script that uses getline (see attachment). I wrote a patch that fixes the OOB read and still passes all tests (including a new test that I wrote called getlnfa.awk as in "getline field assign," which is the opcode type that was unhandled causing the bug). I have my patch attached as a diff to this email but also you can check it out on my github fork of gawk: https://github.com/AdamVanScyoc/gawk This bug was reproduced both with the google address sanitizer and valgrind on MacOS 12.3.1 and in an Ubuntu 22.04 docker container. Repro'ed on Gawk versions 5.1.60 and 5.1.1 Let me know if there's anything further you need. Also there may be more bugs to come as I continue fuzzing. Thanks! -Adam Van Scyoc
gawk_getline_field_assign_oobr.diff
Description: Binary data
gawk_getline_field_assign_oobr.color.diff
Description: Binary data
id:000000,sig:06,src:000000,time:402,execs:7398,op:havoc,rep:2
Description: Binary data
| [Prev in Thread] | Current Thread | [Next in Thread] |