Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix integer overflow in fuzzed dwarf rendering in graphs ##crash
* Reported by @solid-snail via huntrdev * BountyID: c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2/ * Reproducer: `intof_mod`
- Loading branch information
Showing
2 changed files
with
7 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b53a158
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think theoretically
flen
could already be overflowed at that point.If I recall correctly, when I tried testing with source line of that length (2~4 GB) I had crashes earlier on in the startup process, so I couldn't validate it.
Might be worth using a different type for
flen
andidx
(the 64bit unsigned counterpart), using pointers to track the locations, or limiting line length (or checking for overflow) in the line slurping process.