Closed gutiniao closed 4 years ago
No need to report fuzzing issues since matio is on OSS-Fuzz with still about 40 open issues.
Instead of v1.5.17, please rerun the test against current master and reopen if the issue is still reproducible.
No need to report fuzzing issues since matio is on OSS-Fuzz with still about 40 open issues.
Instead of v1.5.17, please rerun the test against current master and reopen if the issue is still reproducible.
Yes, I just use 'git clone' to fetch the current master of the matio,the issue is still reproducible.
i 'm sure the issue is different from the fuzzing issues on OSS-fuzz.
Should be fixed now.
CVE-2019-20020 has been assigned for this issue.
OK, need to mention those CVE numbers in the changelog when making the new release.
A crafted input will lead to crash in mat5.c at matio 1.5.17. Triggered by ./matdump POC
Poc 002-stackover-ReadNextStructField-mat51393
The ASAN information is as follows:
about code (1393):