Christian Hartlage

So, I debugged some of the crashes and it seems they only have potential to crash libzint when compiled with address sanitizer.

If you want to support OSS-Fuzz integration, the static libary version needs to be integrated by you. For better conforming OSS-Fuzz rules you could also check in the fuzz target at a fitting location in the project itself (like libpng is doing here: https://github.com/glennrp/libpng/tree/libpng16/contrib/oss-fuzz). Zint might even be eligible for an integration reward by Google: https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html But I don't know exactly how they deem projects...

So, I debugged some of the crashes and it seems they only have potential to crash libzint when compiled with address sanitizer. I also found another bug in the EAN generator: inputs like this "+123456789012345678" lead to a write stack buffer overflow: ==14273==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff010dd024 at pc 0x00000048061b bp 0x7fff010dc8d0 sp 0x7fff010dc078 WRITE of size 13 at 0x7fff010dd024 thread T0 #0 0x48061a in strcat /llvmbuild/llvm-project-llvmorg-9.0.1/compiler-rt/lib/asan/asan_interceptors.cc:385:5...

CODABLOCKF crashes due to a read global buffer overflow with input 0x1c,0x1c,0x49 #0 0x5ac022 in codablock /src/zint/backend/codablock.c:993:26 #1 0x55d0f2 in reduced_charset /src/zint/backend/library.c:863:49 #2 0x555dc4 in ZBarcode_Encode /src/zint/backend/library.c:1205:20 #3 0x55b62f in ZBarcode_Encode_and_Buffer /src/zint/backend/library.c:1392:20 #4 0x5543cc in LLVMFuzzerTestOneInput /src/zint/all_barcodes_fuzzer.cpp:52:3 #5 0x45a021 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,...

Also I set up integration for OSS fuzz. In order to do so a static version of the library has to be created by cmake, since OSS-Fuzz does not support dynamic libraries at the moment https://github.com/google/oss-fuzz/issues/25. You can see the new target zint-static here: https://github.com/dende/zint/blob/oss-fuzz/backend/CMakeLists.txt#L21 You can take a look at the OSS-Fuzz integration here: https://github.com/dende/oss-fuzz/blob/zint/projects/zint/ The fuzz target which found the two bugs (and...

Hi Robin, Another bug, that I found in the Australian Post family of barcodes can be triggered when inputting the following byte sequence: 0x41 0x00 0x00 0x00, an uppercase A followed by 3 null bytes. This will lead to a heap buffer read overflow: ==11==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000004300 at pc 0x000000683a71 bp 0x7ffe2d708d80 sp 0x7ffe2d708d78 READ of size 4 at 0x611000004300 thread T0 SCARINESS: 27 (4-byte-read-heap-buffer-overflow-far-from-bounds) #0 0x683a70...

Segfault in EAN Generator