| Summary: | [busybox 1.36.1] heap-use-after-free in tsort | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Frank Busse <f.busse> |
| Component: | Other | Assignee: | unassigned |
| Status: | NEW --- | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
The following input causes a use-after-free: $ printf '\x0f\n\xf0\n\xf0\n\x0f' | busybox-1.36.1/bin/busybox tsort ==2165==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000000040 at pc 0x560d7ee21afd bp 0x7fff70e3f840 sp 0x7fff70e3f830 READ of size 4 at 0x603000000040 thread T0 #0 0x560d7ee21afc in tsort_main coreutils/tsort.c:179 (found be KLEE)