Undefined behavior in __config_name_compare (libconfig.c:134)

[ChijinZ]

Undefined behavior in __config_name_compare (libconfig.c:134)

There is a undefined-behavior vulnerability in libconfig (git repository: https://github.com/hyperrealm/libconfig, Latest commit f53e5de on Dec 20, 2019).

When a malicious testcase is input into test driver, the program exits by SEGV signal. UndefinedBehaviorSanitizer provided information as below:

UndefinedBehaviorSanitizer:DEADLYSIGNAL
==18518==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000042a1f8 bp 0x00000b266290 sp 0x7ffc42848f80 T18518)
==18518==The signal is caused by a READ memory access.
==18518==Hint: address points to the zero page.
    #0 0x42a1f7 in __config_name_compare /home/fengyutong/libconfig/lib/libconfig.c:134
    #1 0x42a1f7 in __config_list_search /home/fengyutong/libconfig/lib/libconfig.c:403
    #2 0x438285 in config_setting_get_member /home/fengyutong/libconfig/lib/libconfig.c:1562
    #3 0x438285 in config_setting_add /home/fengyutong/libconfig/lib/libconfig.c:1630
    #4 0x429d47 in main /home/fengyutong/libconfig/examples/c/afl2.c:68:11
    #5 0x7fc4c1b15b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #6 0x4049e8 in _start (/home/jin/Documents/tmp/crash_summary/crash_summary/libconfig_summary/honggfuzzer2+0x4049e8)

UndefinedBehaviorSanitizer can not provide additional info.
==18518==ABORTING

test driver

attack vector

[hyperrealm]

I cannot reproduce a crash from this input file either.