Joachim Metz

> It’s using catch2 @simsong that would be good to mention that in the documentation and point to the catch2 documentation. But is uses more than catch2 e.g. what about...

> @joachimmetz - I downloaded the file and the test case does not crash on my mac... so a crash (or segfault) only occurs if there is a memory access...

> Running fiwalk on clusterfuzz-testcase-minimized-sleuthkit_fls_ntfs_fuzzer-5124116049166336 I get no address error. I have been able to reproduce the ossfuzz finding with valgrind, the output is in https://github.com/sleuthkit/sleuthkit/issues/3198

> I have now compiled with ./configure --enable-address-sanitizer What does this do? It only appears to set `CXXFLAGS=-fsanitize=undefined` **where does it link with libasan?** @simsong I would recommend creating an...

will take a look when time permits

@simsong issue still persists even with fix-3198-v2 ``` git pull --squash https://github.com/sleuthkit/sleuthkit fix-3198-v2 /configure CFLAGS="-fno-omit-frame-pointer -fsanitize=address -g" LDFLAGS="-fsanitize=address -g -lasan" CXXFLAGS="-fno-omit-frame-pointer -fsanitize=address -g" make ./tools/fstools/fls clusterfuzz-testcase-minimized-sleuthkit_fls_ntfs_fuzzer-5124116049166336 ================================================================= ==790073==ERROR: AddressSanitizer: heap-buffer-overflow...

@simsong PTAL at changes

``` /configure CFLAGS="-fno-omit-frame-pointer -fsanitize=address -g" LDFLAGS="-fsanitize=address -g -lasan" CXXFLAGS="-fno-omit-frame-pointer -fsanitize=address -g" make ./tools/fstools/fls /tmp/clusterfuzz-testcase-minimized-sleuthkit_fls_ntfs_fuzzer-5124116049166336 r/- 8: $BaᝤClus r/r 6: $Åitmap r/- 7: $Boot d/V 11: $ r/- 0: $MFT r/-...

I'll have a look when time permits, this is not on top of the priority list at the moment.

While working on some sanitation check https://github.com/sleuthkit/sleuthkit/pull/3199 looks like the root of the issue could be an unchecked cast of 8-bit to 16-bit before the call to tsk_UTF16toUTF8 looks like...