chew: heap-use-after-free

f.busse at imperial dot ac.uk Thu, 02 Oct 2025 04:33:38 -0700

https://sourceware.org/bugzilla/show_bug.cgi?id=33513


            Bug ID: 33513
           Summary: doc/chew: heap-use-after-free
           Product: binutils
           Version: 2.45
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: f.busse at imperial dot ac.uk
  Target Milestone: ---

Hi,

I tested chew with klovo.io's KLEE extension and found some issues, e.g.:

$ printf ':\x0c""\x00\x03\x03\x03' > input1
$ echo "" | ./chew '-f' input1
==552338==ERROR: AddressSanitizer: heap-use-after-free
READ of size 8 at 0x7c12a95e0d60 thread T0
    #0 0x55d1f1f3bc11 in free_words doc/chew.c:1219
    #1 0x55d1f1f3bc11 in main doc/chew.c:1607
...


$ printf '\x0c:\\\x0c""-\x01' > input2
$ printf '/**/\x00///' | ./chew '-f' input2
=================================================================
==552628==ERROR: AddressSanitizer: heap-use-after-free
READ of size 8 at 0x7b4a381e0d60 thread T0
    #0 0x55bc94344fff in lookup_word doc/chew.c:1201
    #1 0x55bc94346a21 in perform doc/chew.c:1258
    #2 0x55bc94346a21 in main doc/chew.c:1591
...

Kind regards,

Frank

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/33513] New: doc/chew: heap-use-after-free

Reply via email to