Closed fcambus closed 3 years ago
Ack. In debug build, it even leads to an assertion.
Thanks for reporting it.
I'm now sitting at a Windows machine and cannot really use memory sanitizer here, but the commit fixed the assertion in the debug build. I believe it is just another manifestation of the same bug.
Feel free to reopen if you still see the same trouble with it.
This issue has been assigned CVE-2020-26148.
Looks good to me, I can confirm commit 22ca89a fixes the issue. Thanks!
For the sake of completeness, this bash command triggers it too in 0.4.5:
$ printf '\0x\n' | md2html
Hi,
While fuzzing md4c 0.4.5 with Honggfuzz, I found out that the md_push_block_bytes() function may use uninitialized memory.
Attaching a reproducer (gzipped so GitHub accepts it): test01.md.gz
Issue can be reproduced by running: