On Fri, Jun 22, 2018 at 7:49 AM Hongxu Chen <leftcopy....@gmail.com> wrote: > We found with our fuzzer 2 crashes on diffutils version 576645c: one is a > heap-buffer-overflow at util.c:1249, another is an invalid read resulting > from `output_1_line' at util.c:1274. > The executing command is: `./diff -a --strip-trailing-cr $file add.wasm` > where $file is the poc file (I attached them as *.input.txt); "add.wasm" is > also attached however it seems that content of the comparison file is not > important.
Thank you for fuzz-testing diffutils. FYI, here is a reproducer for the limit[-1]-related UMR bugs: valgrind src/diff -a --strip-trailing-cr <(printf '\r') <(echo a) I've attached a patch:
diffutils-UMR.diff
Description: Binary data
