This repository was archived by the owner on Jun 9, 2022. It is now read-only.
This repository was archived by the owner on Jun 9, 2022. It is now read-only.
ckd_calloc_[234]d() out-of-bounds read #74
Description
The following leads to an out-of-bounds read in ckd_free_2d (can be observed with valgrind of AddressSanitizer). It happens whenever the first argument to ckd_calloc_2d is 0. This also applies to the 3d and 4d counterparts.
#include <sphinxbase/ckd_alloc.h>
int main(void)
{
void* p = ckd_calloc_2d(0, 2, 3);
ckd_free_2d(p);
return 0;
}