Opened 7 years ago
Last modified 7 years ago
#7127 closed defect
kml heap-use-after-free found by fuzzer — at Version 1
| Reported by: | Kurt Schwehr | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | default | Version: | unspecified |
| Severity: | normal | Keywords: | kml fuzzing |
| Cc: |
Description (last modified by )
==475427==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000092900 at pc 0x0000007c611a bp 0x7ffcbfe18a90 sp 0x7ffcbfe18a88
READ of size 8 at 0x606000092900 thread T0
#0 0x7c6119 in KMLNode::~KMLNode() third_party/gdal/ogr/ogrsf_frmts/kml/kmlnode.cpp:132:20
#1 0x7d365d in KML::parse() third_party/gdal/ogr/ogrsf_frmts/kml/kml.cpp:134:17
#2 0x5ec22c in OGRKMLDataSource::Open(char const*, int) third_party/gdal/ogr/ogrsf_frmts/kml/ogrkmldatasource.cpp:149:22
#3 0x50ac05 in LLVMFuzzerTestOneInput third_party/gdal/autotest2/cpp/ogr/ogrsf_frmts/kml/kmldataset_fuzzer.cc:38:31
Minimized crash case for the fuzzer
<i/>
Change History (2)
by , 7 years ago
| Attachment: | minimized-from-283e30738ba30188bd38bec4419f1069da29a6ee.kml added |
|---|
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
minimal crash case