Using realloc on not allocated memory block (ezxml_char_content)
Status: Beta
Brought to you by:
voisine
Menu
▾
▴
1 Attachments
#17 Using realloc on not allocated memory block (ezxml_char_content)
Function ezxml_char_content() tries to realloc block, that was not allocated before leading to segmentation fault.
ASAN report (segmentation fault occurs also without ASAN):
=================================================================
==8702==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x7fa90c6ae390 in thread T0
0 0x7fa90b5c6961 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98961)
1 0x406d0b in ezxml_char_content ezxml_0.8.6/ezxml.c:248
2 0x41522d in ezxml_parse_str ezxml_0.8.6/ezxml.c:591
3 0x41810e in ezxml_parse_fd ezxml_0.8.6/ezxml.c:641
4 0x41810e in ezxml_parse_file ezxml_0.8.6/ezxml.c:659
5 0x401972 in main ezxml_0.8.6/test_ezxml.c:113
6 0x7fa90b18482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
7 0x401c78 in _start (ezxml/test_ezxml_asan.exe+0x401c78)
AddressSanitizer can not describe address in more detail (wild memory access suspected).
SUMMARY: AddressSanitizer: bad-free ??:0 realloc
==8702==ABORTING
Reproduction:
Sample XML file leading to crash:
crash_010_realloc_ezxml_char_content.raw
Code snippet for reproduction:
ezxml_t result = ezxml_parse_file("crash_010_realloc_ezxml_char_content.raw");
This issue is resolved by the patch propose in bug 15.