search

jan-keller / autofuzz-bugs

1 stars 0 forks source link

Heap Out-Of-Bounds Memory Access at ParseSegmentIsoAtoms /inchi/INCHI_API/inchi_dll/ichiread.c:5003:14 #1

Open jan-keller opened 1 year ago

jan-keller commented 1 year ago

Details at issuetracker.google.com/74097108

ebradbury commented 1 year ago

@jan-keller Is this active? Seems like a very old bug in a package without clear maintainers.

ymortier1 commented 1 year ago

Hello @ebradbury, this bounty is still active. It has just been posted. Good hunting!

jan-keller commented 1 year ago

Yes, part of the challenge will be to get the fixed merged.

parvit commented 1 year ago

Hi, has anyone figured out who to contact to have the fixes merged? I've already opened a ticket on the original project on sourceforce (https://sourceforge.net/p/inchi/bugs/78/) but no replies yet.

webbdays commented 1 year ago

Any progress?

parvit commented 1 year ago

I've contacted the authors and they'll publish an updated repo to github sometime this month.

At that point we can see if the patch i prepared is still applicable and close the ticket.

Il Lun 2 Gen 2023, 15:01 Kunam Balaram Reddy @.***> ha scritto:

Any progress?

— Reply to this email directly, view it on GitHub https://github.com/jan-keller/autofuzz-bugs/issues/1#issuecomment-1368970527, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWGJD4D2W3CJDO44Y43FRXTWQLNR5ANCNFSM6AAAAAARV73V7Q . You are receiving this because you commented.Message ID: @.***>

ghost commented 1 year ago
TheScavenger13 commented 1 year ago

https://sourceforge.net/p/inchi/bugs/79/

parvit commented 1 year ago

@TheScavenger13 did you really just copy my entire ticket and point to my fork?

ghost commented 1 year ago

Funny!

ghost commented 1 year ago

Yes, part of the challenge will be to get the fixed merged.

You need to create a fork and start maintaining it. The original repo is obviously abandoned.

parvit commented 1 year ago

Last i've heard the owner of the project indicated mid june but i think its going to be a while yet for the official github repo to be published.

Il Gio 8 Giu 2023, 08:30 abebeos @.***> ha scritto:

Yes, part of the challenge will be to get the fixed merged.

You need to create a fork and start maintaining it. The original repo is obviously abandoned.

— Reply to this email directly, view it on GitHub https://github.com/jan-keller/autofuzz-bugs/issues/1#issuecomment-1581965201, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWGJD4GK2JWW2G6P2KHXNALXKFWRFANCNFSM6AAAAAARV73V7Q . You are receiving this because you commented.Message ID: @.***>

ghost commented 1 year ago

I even fail to locate the sources on SF...