Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Can read past end of input #9

New issue
New issue
Open
Open
Can read past end of input#9
Labels
Priority-MediumType-Defectauto-migrated
@GoogleCodeExporter

Description

@GoogleCodeExporter
GoogleCodeExporter
opened on Jun 10, 2015
Hi,

The following program makes FastLZ read past the end of its input, possibly 
causing a crash:

#include <string.h>
#include <stdlib.h>
#include "fastlz.h"

int main(int argc, char** argv)
{
        char out[4096];
        char *in = (char *)malloc(6);
        in[0] = 0x23;
        in[1] = 0x00;
        in[2] = 0x00;
        in[3] = 0x00;
        in[4] = 0x00;
        in[5] = 0x40;

        return fastlz_decompress(in, 6, out, 4096);
}

You can verify the read-past-end behavior with Valgrind or similar.

Original issue reported on code.google.com by [email protected] on 1 Mar 2012 at 6:17

Metadata

Metadata

Assignees

No one assigned

    Labels

    Priority-MediumType-Defectauto-migrated

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions