Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid read / SIGSEGV #3

Open
stze opened this issue Apr 10, 2017 · 0 comments
Open

Invalid read / SIGSEGV #3

stze opened this issue Apr 10, 2017 · 0 comments

Comments

@stze
Copy link

stze commented Apr 10, 2017

Input for examples/simple:

00000000  45 78 61 6d 70 6c 65 4c  69 73 74 20 20 20 20 20  |ExampleList     |
00000010  20 20 27 22 6c 69 6e 65  31 27 5c 0a 09 6c 69 6e  |  '"line1'\..lin|
00000020  65 32 73 6b 64 66 6a 0a  0a 45 78 61 6d 70 6c 65  |e2skdfj..Example|
00000030  53 74 72 20 20 20 3c 3c  74 65 73 74 0a 6c 69 6e  |Str   <<test.lin|
00000040  65 20 31 0a 20 32 0a 74  65 73 74 0a 0a 49 6e 63  |e 1. 2.test..Inc|
00000050  6c 75 64 65 00 69 6e 63  6c 75 64 65 64 2e 63 6f  |lude.included.co|
00000060  6e 66 0a 0a                                       |nf..|
00000064

How to reproduce:
./simple <input>

Valgrind output:

valgrind ./simple <input> --leak-check=full
==10333== Memcheck, a memory error detector
==10333== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==10333== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==10333== Command: ./simple <input> --leak-check=full
==10333== 
crash:2: ExampleList: [  (0) "line1  (1) line2skdfj  ]
crash:7: ExampleStr: [line 1
 2]
crash:9: Missing argument to option 'Include'
==10333== Invalid read of size 1
==10333==    at 0x407F77: dotconf_cb_include (dotconf.c:1461)
==10333==    by 0x40451C: dotconf_invoke_command (dotconf.c:369)
==10333==    by 0x40451C: dotconf_handle_command (dotconf.c:706)
==10333==    by 0x404888: dotconf_command_loop (dotconf.c:745)
==10333==    by 0x401713: main (simple.c:25)
==10333==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==10333== 
==10333== 
==10333== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==10333==  Access not within mapped region at address 0x0
==10333==    at 0x407F77: dotconf_cb_include (dotconf.c:1461)
==10333==    by 0x40451C: dotconf_invoke_command (dotconf.c:369)
==10333==    by 0x40451C: dotconf_handle_command (dotconf.c:706)
==10333==    by 0x404888: dotconf_command_loop (dotconf.c:745)
==10333==    by 0x401713: main (simple.c:25)
==10333==  If you believe this happened as a result of a stack
==10333==  overflow in your program's main thread (unlikely but
==10333==  possible), you can try to increase the size of the
==10333==  main thread stack using the --main-stacksize= flag.
==10333==  The main thread stack size used in this run was 8388608.
==10333== 
==10333== HEAP SUMMARY:
==10333==     in use at exit: 1,134 bytes in 6 blocks
==10333==   total heap usage: 16 allocs, 10 frees, 6,656 bytes allocated
==10333== 
==10333== LEAK SUMMARY:
==10333==    definitely lost: 0 bytes in 0 blocks
==10333==    indirectly lost: 0 bytes in 0 blocks
==10333==      possibly lost: 0 bytes in 0 blocks
==10333==    still reachable: 1,134 bytes in 6 blocks
==10333==         suppressed: 0 bytes in 0 blocks
==10333== Rerun with --leak-check=full to see details of leaked memory
==10333== 
==10333== For counts of detected and suppressed errors, rerun with: -v
==10333== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

found with afl-fuzz
bblough pushed a commit to bblough/dotconf that referenced this issue Oct 11, 2017
Add null pointer check to correct issue williamh#3
94a6056
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stze