https://bugzilla.suse.com/show_bug.cgi?id=1194245
https://bugzilla.suse.com/show_bug.cgi?id=1194245#c5
Alexander Bergmann changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(abergmann@suse.co |
|m) |
--- Comment #5 from Alexander Bergmann ---
Hi Petr,
I've checked again and found the following commit inside the mdbtools repo that
references the oss-fuzz id 35972:
commit 03391fc913d41a55b16f0204e5533db39549ab33
Author: Hans de Goede
Date: Tue Jan 25 16:25:15 2022 +0100
Always check mdb_read_table() return value
A couple of places were missing NULL return value checks for
mdb_read_table()'s return value. Add these.
This fixes a NULL pointer deref while running ./test_script.sh
on the test mdb file from oss-fuzz/35972 .
Note this does NOT fix the original problem reported in oss-fuzz/35972
which reports a "Dynamic-stack-buffer-overflow WRITE 16" issue,
which I've been unable to reproduce.
However, comment 0 was talking about a "stack-based buffer overflow" and this
commit about a "NULL pointer deref". So it's kind of a mess.
--
You are receiving this mail because:
You are on the CC list for the bug.