sml_parser possible overflow bugs

possible overflow bugs

Open harryreps opened this issue 2 years ago • 2 comments

https://github.com/olliiiver/sml_parser/blob/ca76a0ac017601731d57d1078d0c92e730043d13/src/sml.cpp#L90-L93

Suppose currentLevel = MAX_TREE_SIZE - 1 at Line 90. Then, currentLevel = MAX_TREE_SIZE at Line 92, which leads to the following overflow bug.

==269918==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000f11e4a at pc 0x000000558309 bp 0x7ffde1d4abf0 sp 0x7ffde1d4abe8
WRITE of size 1 at 0x000000f11e4a thread T0
    #0 0x558308 in smlNewList(unsigned char) /home/parallels/sml_parser/src/sml.cpp:92:23
    #1 0x558637 in checkMagicByte(unsigned char&) /home/parallels/sml_parser/src/sml.cpp:118:5
    #2 0x559c52 in smlState(unsigned char&) /home/parallels/sml_parser/src/sml.cpp:292:5

Jan 30 '23 20:01 harryreps

sml_parser sml_parser copied to clipboard

possible overflow bugs

sml_parser
sml_parser copied to clipboard