Buffer Overflow in the yylex() function (READ of size 4)
Hi,
While fuzzing dpic 68ab9432 with Hongfuzz, I found a Buffer Overflow in the yylex() function, in main.c.
Attaching a reproducer, the issue can be reproduced by running:test01
dpic test01
=================================================================
==1522236==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000610ea0 at pc 0x0000004e33bf bp 0x7ffca53b4d50 sp 0x7ffca53b4d48
READ of size 4 at 0x000000610ea0 thread T0
#0 0x4e33be in yylex /src/dpic/main.c:1424:16
#1 0x4e7abd in yyparse /src/dpic/dpic.tab.c:1940:16
#2 0x4e67b3 in main /src/dpic/main.c:1795:13
#3 0x7f307db360b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#4 0x41c48d in _start (/src/dpic/dpic+0x41c48d)
0x000000610ea0 is located 0 bytes to the right of global variable 'entrytv' defined in 'main.c:38:8' (0x610ca0) of size 512
SUMMARY: AddressSanitizer: global-buffer-overflow /src/dpic/main.c:1424:16 in yylex
Shadow bytes around the buggy address:
0x0000800ba180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800ba190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800ba1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800ba1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800ba1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000800ba1d0: 00 00 00 00[f9]f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
0x0000800ba1e0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800ba1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800ba200: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0000800ba210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0000800ba220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1522236==ABORTING