On 23 January 2017 at 20:37, Gavin Smith <[email protected]> wrote: > On 23 January 2017 at 20:36, Hanno Böck <[email protected]> wrote: >> Hi, >> >> On Sat, 21 Jan 2017 20:58:40 +0000 >> Gavin Smith <[email protected]> wrote: >> >>> I didn't reproduce this with the latest development version. Perhaps >>> one of the other changes fixed the problem. >> >> Have you tried to reproduce this with svn trunk? >> >> I actually just noted that this doesn't reproduce with an older compile >> I have, but it does in latest svn trunk. So maybe one of the other >> fixes introduced this? >> >> From my current list of files this is the last bug, but I'll let the >> fuzzer run again to see if I find more. > > I just tried it with -fsanitize=address and got the error. For some > reason, the version of valgrind I have installed didn't see anything > wrong. I don't have a fix yet.
The difference appears to be in how 'memcmp' is run. Apparently it can access bytes after those that indicate a difference between the two operands. I'm not sure if it should be valid to use 'memcmp' to check if we are looking at a particular string within a valid area of memory, but changing it to strncmp removes the problem. 'strncmp' doesn't look at anything past a null byte at the end of the buffer.
