Segmentation fault due to invalid pointer dereferences when calling ply_fparse

Question

Segmentation fault due to invalid pointer dereferences when calling ply_fparse

jvijtiuk opened this issue 4 years ago · 0 comments

Hello,

the files attached below cause a segmentation fault in ply. The crashes were found by fuzzing ply_fparse, like #55 and the crashes can be reproduced the same way, by feeding the files into ply.
crashes.zip

The first input, in the invalidptr1 file causes a null pointer dereference in node_nloc_valid. However, checking whether n is NULL in node_vfprintxf doesn't prevent all the crashes.

The second file invalidptr2 still causes the same crash, and bypasses the NULL pointer check, as n in that case takes a value of 1.

If any additional information is needed regarding the crash, please let me know.

Regards,
Juraj