Hi, i found an stack overflow vulnerability in UTF8Util.hpp.
I put the POC in the attachment, prove it like this. (compile opencc_phrase_extract with address sanitizer).
./opencc_phrase_extract -o tmp.txt minpoc
Then, ASAN would catch the error:
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/work/OpenCC/src/UTF8Util.hpp:49:15 in opencc::UTF8Util::NextCharLengthNoException(char const*) Shadow bytes around the buggy address:
0x0c067fff8080: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa
0x0c067fff8090: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00
0x0c067fff80a0: 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
0x0c067fff80b0: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa
0x0c067fff80c0: fa fa 00 00 00 fa fa fa fd fd fd fd fa fa 00 00
=>0x0c067fff80d0: 00 00 fa fa fd fd fd fd fa[fa]00 00 00 07 fa fa
0x0c067fff80e0: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa
0x0c067fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
When the last input character is 0xF0/0xE0/0xF8/0xFC/0xFE, the NextCharLengthNoException() will return a value greater than 1. Then, it will read more memory in the stack, cause a stack overflow.
Hi, i found an stack overflow vulnerability in UTF8Util.hpp.
I put the POC in the attachment, prove it like this. (compile opencc_phrase_extract with address sanitizer). ./opencc_phrase_extract -o tmp.txt minpoc
Then, ASAN would catch the error:
When the last input character is 0xF0/0xE0/0xF8/0xFC/0xFE, the NextCharLengthNoException() will return a value greater than 1. Then, it will read more memory in the stack, cause a stack overflow.
minpoc.zip