fceval

icon location Fuzzing , Software security

Results 2 issues of fceval

stack-buffer-overflow bug in src/xml_string.c:100:8 xml_strcat

1 comment

More detail is depicted in [bug detail]( https://github.com/fceval/romefuzz-appendix/tree/e7d003eaf202552523e244413a6bf661d257dc2a/realbugs/simple_xml) xml file : runinfosqlites/simple_xml/fca/1/crashes/4ec6278ef2903cfd0a07c806495846fd59044943919b3e536e60de02b9d5059d Memory in xml stack total : 157 blocks : 1 ================================================================= ==2295070==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffd55bc260 at...

MemorySanitizer: use-of-uninitialized-value

**Describe the bug** ==2620602==WARNING: MemorySanitizer: use-of-uninitialized-value FUNCTIONSTARTstd::_Rb_tree::_M_lower_bound(std::_Rb_tree_node*, std::_Rb_tree_node_base*, Json::Value::CZString const&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:1933:7LOCATIONEND----FRAMESTART0FRAMEEND FUNCTIONSTARTstd::_Rb_tree::lower_bound(Json::Value::CZString const&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_tree.h:1287:16LOCATIONEND----FRAMESTART1FRAMEEND FUNCTIONSTARTstd::map::lower_bound(Json::Value::CZString const&)FUNCTIONEND----LOCATIONSTART/usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_map.h:1258:21LOCATIONEND----FRAMESTART2FRAMEEND FUNCTIONSTARTJson::Value::resolveReference(char const*, char const*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_value.cpp:1099:26LOCATIONEND----FRAMESTART3FRAMEEND FUNCTIONSTARTJson::Value::operator[](char const*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_value.cpp:1201:10LOCATIONEND----FRAMESTART4FRAMEEND FUNCTIONSTARTJson::CharReaderBuilder::setDefaults(Json::Value*)FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_reader.cpp:1940:3LOCATIONEND----FRAMESTART5FRAMEEND FUNCTIONSTARTJson::CharReaderBuilder::CharReaderBuilder()FUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/src/lib_json/json_reader.cpp:1867:42LOCATIONEND----FRAMESTART6FRAMEEND FUNCTIONSTARTLLVMFuzzerTestOneInputFUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/build/../src/test_lib_json/fuzz.cpp:19:27LOCATIONEND----FRAMESTART7FRAMEEND FUNCTIONSTARTmainFUNCTIONEND----LOCATIONSTARTout_jsoncpp/CRASHMSAN/repo/build/../standaloneengine.cc:50:11LOCATIONEND----FRAMESTART8FRAMEEND FUNCTIONSTART__libc_start_mainFUNCTIONEND----LOCATIONSTART/build/glibc-B3wQXB/glibc-2.31/csu/../csu/libc-start.c:308:16LOCATIONEND----FRAMESTART9FRAMEEND FUNCTIONSTART_startFUNCTIONEND----LOCATIONSTARTLOCATIONEND----FRAMESTART10FRAMEEND Uninitialized value was created...