Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix a buffer overflow #311

Merged
merged 1 commit into from
Feb 17, 2024
Merged

Fix a buffer overflow #311

merged 1 commit into from
Feb 17, 2024

Conversation

gaborcsardi
Copy link
Contributor

It happens if raw_str_used underflows and ends up a very large number, which is then used as the size of a string.

Closes #285.

It happens if raw_str_used underflows and ends up a very large number,
which is then used as the size of a string.

Closes WizardMac#285.
@evanmiller
Copy link
Contributor

I think this should return a parse error, assuming the test cases represent invalid input?

@gaborcsardi
Copy link
Contributor Author

Yes, you do get a parse error afaict:

❯ readstat ~/Downloads/clusterfuzz-testcase-minimized-fuzz_format.sav out.csv
Failed to find VAR252
Failed to find VAR253
Failed to find VAZ255
Failed to find VAR256
Failed to find VAR252
Failed to find VAR253
Failed to find VAZ255
Failed to find VAR256
Converted 5 variables and 3 rows in 0.00 seconds
Error processing /Users/gaborcsardi/Downloads/clusterfuzz-testcase-minimized-fuzz_format.sav: Unable to convert string to the requested encoding (invalid byte sequence)

If this is what you meant.

@evanmiller
Copy link
Contributor

Cool thanks

@evanmiller evanmiller merged commit c7baae7 into WizardMac:dev Feb 17, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security: heap-buffer-overflow in readstat_convert
2 participants