Invalid read / SIGSEGV #3
Description
Input for examples/simple:
00000000 45 78 61 6d 70 6c 65 4c 69 73 74 20 20 20 20 20 |ExampleList |
00000010 20 20 27 22 6c 69 6e 65 31 27 5c 0a 09 6c 69 6e | '"line1'\..lin|
00000020 65 32 73 6b 64 66 6a 0a 0a 45 78 61 6d 70 6c 65 |e2skdfj..Example|
00000030 53 74 72 20 20 20 3c 3c 74 65 73 74 0a 6c 69 6e |Str <<test.lin|
00000040 65 20 31 0a 20 32 0a 74 65 73 74 0a 0a 49 6e 63 |e 1. 2.test..Inc|
00000050 6c 75 64 65 00 69 6e 63 6c 75 64 65 64 2e 63 6f |lude.included.co|
00000060 6e 66 0a 0a |nf..|
00000064
How to reproduce:
./simple <input>
Valgrind output:
valgrind ./simple <input> --leak-check=full
==10333== Memcheck, a memory error detector
==10333== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==10333== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==10333== Command: ./simple <input> --leak-check=full
==10333==
crash:2: ExampleList: [ (0) "line1 (1) line2skdfj ]
crash:7: ExampleStr: [line 1
2]
crash:9: Missing argument to option 'Include'
==10333== Invalid read of size 1
==10333== at 0x407F77: dotconf_cb_include (dotconf.c:1461)
==10333== by 0x40451C: dotconf_invoke_command (dotconf.c:369)
==10333== by 0x40451C: dotconf_handle_command (dotconf.c:706)
==10333== by 0x404888: dotconf_command_loop (dotconf.c:745)
==10333== by 0x401713: main (simple.c:25)
==10333== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==10333==
==10333==
==10333== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==10333== Access not within mapped region at address 0x0
==10333== at 0x407F77: dotconf_cb_include (dotconf.c:1461)
==10333== by 0x40451C: dotconf_invoke_command (dotconf.c:369)
==10333== by 0x40451C: dotconf_handle_command (dotconf.c:706)
==10333== by 0x404888: dotconf_command_loop (dotconf.c:745)
==10333== by 0x401713: main (simple.c:25)
==10333== If you believe this happened as a result of a stack
==10333== overflow in your program's main thread (unlikely but
==10333== possible), you can try to increase the size of the
==10333== main thread stack using the --main-stacksize= flag.
==10333== The main thread stack size used in this run was 8388608.
==10333==
==10333== HEAP SUMMARY:
==10333== in use at exit: 1,134 bytes in 6 blocks
==10333== total heap usage: 16 allocs, 10 frees, 6,656 bytes allocated
==10333==
==10333== LEAK SUMMARY:
==10333== definitely lost: 0 bytes in 0 blocks
==10333== indirectly lost: 0 bytes in 0 blocks
==10333== possibly lost: 0 bytes in 0 blocks
==10333== still reachable: 1,134 bytes in 6 blocks
==10333== suppressed: 0 bytes in 0 blocks
==10333== Rerun with --leak-check=full to see details of leaked memory
==10333==
==10333== For counts of detected and suppressed errors, rerun with: -v
==10333== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
found with afl-fuzz