https://bugzilla.suse.com/show_bug.cgi?id=1194245 https://bugzilla.suse.com/show_bug.cgi?id=1194245#c5 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(abergmann@suse.co | |m) | --- Comment #5 from Alexander Bergmann <abergmann@suse.com> --- Hi Petr, I've checked again and found the following commit inside the mdbtools repo that references the oss-fuzz id 35972: commit 03391fc913d41a55b16f0204e5533db39549ab33 Author: Hans de Goede <hdegoede@redhat.com> Date: Tue Jan 25 16:25:15 2022 +0100 Always check mdb_read_table() return value A couple of places were missing NULL return value checks for mdb_read_table()'s return value. Add these. This fixes a NULL pointer deref while running ./test_script.sh on the test mdb file from oss-fuzz/35972 . Note this does NOT fix the original problem reported in oss-fuzz/35972 which reports a "Dynamic-stack-buffer-overflow WRITE 16" issue, which I've been unable to reproduce. However, comment 0 was talking about a "stack-based buffer overflow" and this commit about a "NULL pointer deref". So it's kind of a mess. -- You are receiving this mail because: You are on the CC list for the bug.