probably the ordering of start/end should be checked before memcpy:
$ printf '+SEQ><\n' > A
$ yaml-0.2.5/bin/run-emitter-test-suite "--directive" "1.1" "--flow" "keep" "A"
==1542==ERROR: AddressSanitizer: negative-size-param: (size=-2)
gdb backtrace:
#17 0x0000000000500952 in get_tag (line=0x7fffffffd590 "+SEQ><", tag=0x7fffffffdf00 "\300\220^") at yaml-0.2.5/tests/run-emitter-test-suite.c:228
#18 0x0000000000500522 in main (argc=6, argv=0x7fffffffe348) at yaml-0.2.5/tests/run-emitter-test-suite.c:125
In
get_tag:https://github.com/yaml/libyaml/blob/f8f760f7387d2cc56a2fc7b1be313a3bf3f7f58c/tests/run-emitter-test-suite.c#L224
probably the ordering of
start/endshould be checked beforememcpy:gdb backtrace:
(found by KLEE)