Open tyler92 opened 1 week ago
The reason is that for line 115 there is no check that p++
is not out of bounds of buffer
.
That damn UTF32Encoding
class is really a source of constant amusement. See also:
#4320
I tried in VisualStudio 2022 Poco::MemoryInputStream stream(input.data(), input.size()); Poco::Net::HTTPRequest request; request.read(stream); with crash-7e3fdbcc15ad941711a3a1d2502ac293a272c267.txt proposed but I can't get the error, can be only a problem in Linux environment?
@micheleselea Did you compile with address sanitizer enabled?
I did the test in debug environment so I suppose it's enabled by default, but I double check it
so I suppose it's enabled by default, but I double check it
No, it's not, you need to enable it explicitly
Describe the bug
During a fuzzing test, ASAN reported a stack-buffer-overflow error in
TextIterator::operator * ()
. It happened due to a missing check for a buffer size.To Reproduce
with the following input: crash-7e3fdbcc15ad941711a3a1d2502ac293a272c267.txt
Expected behavior
ASAN doesn't report any errors.
Logs
I prepared two unit tests that are failing now for simplification: