On Wed, Nov 23, 2016 at 5:22 AM, Marcel Böhme <boehme.mar...@gmail.com> wrote: > Dear all, > > We are running small 1h fuzzing sessions with AFLFast, a fork of AFL. > We’ll be reporting each found bug separately. > > On Coreutils v8.25 and trunk, the following input crashes. > Option -n was introduced with v8.8. > > $ ./split -n7/75 7 > Segmentation fault > > ASAN says: > ================================================================= > ==53143==ERROR: AddressSanitizer: negative-size-param: (size=-6) > #0 0x7f8820eb9a10 in memmove > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) > #1 0x404d12 in memmove /usr/include/x86_64-linux-gnu/bits/string3.h:57 > #2 0x404d12 in bytes_chunk_extract ../src/split.c:987 > #3 0x404d12 in main ../src/split.c:1625 > #4 0x7f881fd9cf44 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) > #5 0x4064a9 (/home/ubuntu/subjects/coreutils/obj-asan/src/split+0x4064a9) > > 0x7f8821f9a006 is located 2054 bytes inside of 135168-byte region > [0x7f8821f99800,0x7f8821fba800) > allocated by thread T0 here: > #0 0x7f8820f193a8 in __interceptor_malloc > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc23a8) > #1 0x40ec88 in xmalloc ../lib/xmalloc.c:41 > > SUMMARY: AddressSanitizer: negative-size-param > (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x62a10) in memmove
Thank you for the report. Would you please provide the contents of your file named "7"?
