On Wed, Oct 27, 2021 at 08:19:30AM +0000, Thomas Dickey wrote: > 2021-10-24 (2.9.0dev.10) > * several fixes for problems found using asan2 with fuzzer-generated data > (report/testcases by Kuang-che Wu) -TD
Sample test cases: (all below cases are zstd compressed and base64 encoded) This case crashed lynx 2.9.0dev.9 (heap-buffer-write) KLUv/WRsAxUCADQDPHNlbGVjdDxvcHRpb248ZGw+MDxtZXRhIGNoYXJzZXQ9Z2IyMzEyPjAg MA0IMAgICAgIBADr3Up82leXGf0cGOsMXxI= There are several similar variances, like wild-address-write QlpoOTFBWSZTWQ8PW/QAAA19hIBAABBBAHgHCAA6whwAABAACCAAMUGjRoMgNBpT1D1GTygP J6oUdQEZoUAQbZo/TxBVlmbHE1XhIoD8XckU4UJAPD1v0A== And it could write to a pointer inside already free'd block KLUv/WQwDm0CAIQDPE9sPGRsPjA8ZGQ8PG1ldGEgY2hhcnNldD1nYjIzMTI+PGltZyB1c2Vt YXA9MKQwMD48bGk+MAgGILDjAccrccmwwC5XU+Yf+VcP7ovzBg== This case makes lynx free() a not-allocated pointer. KLUv/WQ1B10DANLEERiQxQ0ok27RPd7dyrd09a6m6d3N0vVUFAEBUm+AgqQmYUjGUs/MW3bg PndqwdI14ceQSEWKex1ubi56eG23o9gDj9+4a4kCDADEQSXYvlWPqoAumOIku3niZQM0Jc3A d4Al4/NlHFwBbcBmUQ== Other less scary cases, like null-deref and buffer-overflow-read, are omitted here. Regards, kcwu
