[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Gawk 4-Byte Out Of Bounds Read and Seg Fault
|
From: |
arnold |
|
Subject: |
Re: Gawk 4-Byte Out Of Bounds Read and Seg Fault |
|
Date: |
Tue, 24 May 2022 11:57:06 -0600 |
|
User-agent: |
Heirloom mailx 12.5 7/5/10 |
Hi.
Thanks for the report and the diff. I think it looks reasonable but
will explore some more. Please send the new test case; it wasn't in
your diff.
Arnold
Adam Van Scyoc <avanscy@g.clemson.edu> wrote:
> Hi, thanks for your work maintaining Gawk.
>
> After fuzzing with the google address sanitizers (and reproduced in
> valgrind) I discovered there's a 4-byte out-of-bounds read with a very
> simple input script that uses getline (see attachment).
>
> I wrote a patch that fixes the OOB read and still passes all tests
> (including a new test that I wrote called getlnfa.awk as in "getline field
> assign," which is the opcode type that was unhandled causing the bug).
>
> I have my patch attached as a diff to this email but also you can check it
> out on my github fork of gawk: https://github.com/AdamVanScyoc/gawk
>
> This bug was reproduced both with the google address sanitizer and valgrind
> on MacOS 12.3.1 and in an Ubuntu 22.04 docker container. Repro'ed on Gawk
> versions 5.1.60 and 5.1.1
>
> Let me know if there's anything further you need. Also there may be more
> bugs to come as I continue fuzzing.
>
> Thanks!
> -Adam Van Scyoc