AddressSanitizer: heap-buffer-overflow at libpff_name_to_id_map.c:801 - Githubissues

libyal / libpff

Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format

GNU Lesser General Public License v3.0

289 stars 74 forks source link

AddressSanitizer: heap-buffer-overflow at libpff_name_to_id_map.c:801 #58

Closed hongxuchen closed 6 years ago

hongxuchen commented 6 years ago

POC files: https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/hbo_libpff_name_to_id_map.c%3A801_1.input.txt https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/hbo_libpff_name_to_id_map.c%3A801_2.input.txt

ASan output: https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/hbo_libpff_name_to_id_map.c%3A801_1.err.SIG06 https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/hbo_libpff_name_to_id_map.c%3A801_2.err.SIG06

joachimmetz commented 6 years ago

This appears to be a duplicate of https://github.com/libyal/libpff/issues/64