search

michaelrsweet / codedoc

Documentation generator for C/C++ code
https://www.msweet.org/codedoc
Apache License 2.0
48 stars 6 forks source link

ASAN:DEADLYSIGNAL #14

Closed tianmai1 closed 7 months ago

tianmai1 commented 1 year ago

./codedoc poc24

ASAN:DEADLYSIGNAL
=================================================================
==112923==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x56156b088d08 bp 0x7fff113d0770 sp 0x7fff113d0750 T0)
==112923==The signal is caused by a READ memory access.
==112923==Hint: address points to the zero page.
    #0 0x56156b088d07 in markdown_anchor /home/tianmai/workspace/codedoc(复件)/codedoc.c:2282
    #1 0x56156b0894f2 in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2502
    #2 0x56156b08960d in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2517
    #3 0x56156b08960d in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2517
    #4 0x56156b0955f5 in write_html_body /home/tianmai/workspace/codedoc(复件)/codedoc.c:5919
    #5 0x56156b0954b9 in write_html /home/tianmai/workspace/codedoc(复件)/codedoc.c:5867
    #6 0x56156b083194 in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:625
    #7 0x7f3c236b0c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #8 0x56156b0815e9 in _start (/home/tianmai/workspace/codedoc(复件)/codedoc+0xe5e9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tianmai/workspace/codedoc(复件)/codedoc.c:2282 in markdown_anchor
==112923==ABORTING
In file: /home/tianmai/workspace/codedoc(复件)/codedoc.c
   2277 {
   2278   char          *bufptr;                /* Pointer into buffer */
   2279   static char   buffer[1024];           /* Buffer for anchor string */
   2280 
   2281 
 ► 2282   for (bufptr = buffer; *text && bufptr < (buffer + sizeof(buffer) - 1); text ++)
   2283   {
   2284     if ((*text >= '0' && *text <= '9') || (*text >= 'a' && *text <= 'z') || (*text >= 'A' && *text <= 'Z') || *text == '.' || *text == '-')
   2285       *bufptr++ = (char)tolower(*text);
   2286     else if (*text == ' ')
   2287       *bufptr++ = '-';

poc24.zip

tianmai1 commented 1 year ago

version3.7

michaelrsweet commented 7 months ago

[master 686cd0c] Fix fuzzing bugs (Issue #13, Issue #14, Issue #15)