heap-buffer-overflow in ucl_maybe_parse_number function of ucl_parser.c:1010:28

vstakhov / libucl

Universal configuration library parser

BSD 2-Clause "Simplified" License

1.63k stars 139 forks source link

heap-buffer-overflow in ucl_maybe_parse_number function of ucl_parser.c:1010:28 #309

Open Terminator111 opened 5 months ago

Terminator111 commented 5 months ago

Build Env

ubuntu 20.04.6
clang 10.0.0-4ubuntu1

Build Steps

export CC=clang
export CFLAGS="-fsanitize=address -g"

cd libucl 
./autogen.sh && ./configure
make

$CC libucl-target.c -g -I ./include ./src/.libs/libucl.a -o libucl-target -lasan
./libucl-target poc

POC Files

poc file: libucl-target.zip

input: poc.zip

vstakhov / libucl

heap-buffer-overflow in ucl_maybe_parse_number function of ucl_parser.c:1010:28 #309

Build Env

Build Steps

POC Files

AddressSanitizer output