[CVE-2024-34459] Heap buffer overflow with `xmllint --htmlout`
-
Organization Name: The OSLab of Peking University
-
Tool and Version
-
Environment
- OS: Ubuntu 18.04.6 LTS x86_64
- LLVM: 13.0.1
- AFLPlusPlus: 4.10c
-
Bug Reproduction Steps
- Compile
export FORCE_UNSAFE_CONFIGURE=1
export AFL_USE_ASAN=1
cmake -DCMAKE_C_COMPILER=afl-clang-fast -DCMAKE_CXX_COMPILER=afl-clang-fast++ .. && make -j8
- Run the command
xmllint --htmlout bug_trigger
- File
bug_trigger
and log file are attached
-
Screen Recording
- It seems that the overflow happens at
xmllint.c:563-564
for no boundary check.
while ((*cur == '\n') || (*cur == '\r'))
cur--;
bug_trigger
log.log