Could you please provide a reproducer? The easiest to create it would be following decoding-invalid-pkcs7 lines in tests/
On Wed, Mar 29, 2017 at 3:39 PM, Brandon Perry <[email protected]> wrote: > Hi, while fuzzing another piece of software (FreeTDS), I came across a crash > that was in libtasn1, not the software I was fuzzing. It looks like a double > free. > > > Faulting Frame: > None @ 0x00007ffff512e22a: in /usr/lib/x86_64-linux-gnu/libtasn1.so.6.5.1 > Disassembly: > Stack Head (13 entries): > __GI_raise @ 0x00007ffff6530428: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > __GI_abort @ 0x00007ffff653202a: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > __libc_message @ 0x00007ffff65727ea: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > malloc_printerr @ 0x00007ffff657b477: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > _int_free @ 0x00007ffff657b477: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > __GI___libc_free @ 0x00007ffff657e98c: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > None @ 0x00007ffff512e22a: in > /usr/lib/x86_64-linux-gnu/libtasn1.so.6.5.1 > asn1_delete_structure2 @ 0x00007ffff512f418: in > /usr/lib/x86_64-linux-gnu/libtasn1.so.6.5.1 > None @ 0x00007ffff720e27c: in > /usr/lib/x86_64-linux-gnu/libgnutls.so.30.6.2 > _dl_fini @ 0x00007ffff7de7c17: in > /lib/x86_64-linux-gnu/ld-2.23.so > __run_exit_handlers @ 0x00007ffff6534ff8: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > __GI_exit @ 0x00007ffff6535045: in > /lib/x86_64-linux-gnu/libc-2.23.so (BL) > main @ 0x00000000004070bd: in > /root/freetds/build/src/apps/tsql > Registers: > rax=0x0000000000000000 rbx=0x0000000000000067 rcx=0x00007ffff6530428 > rdx=0x0000000000000006 > rsi=0x0000000000003221 rdi=0x0000000000003221 rbp=0x00007fffffffdb30 > rsp=0x00007fffffffd798 > r8=0x0000000000000004 r9=0x0000000000000000 r10=0x0000000000000008 > r11=0x0000000000000206 > r12=0x0000000000000067 r13=0x00007fffffffd948 r14=0x00007fffffffd948 > r15=0x0000000000000002 > rip=0x00007ffff6530428 efl=0x0000000000000206 cs=0x0000000000000033 > ss=0x000000000000002b > ds=0x0000000000000000 es=0x0000000000000000 fs=0x0000000000000000 > gs=0x0000000000000000 > > > Since this is potentially security sensitive, how can I get the details to > the proper person/people?
