bug#79555: unexpand: heap-buffer-overflow

Frank Busse Thu, 02 Oct 2025 02:27:42 -0700

Hi,


KLEE found another bug in Coreutils 9.8:

$ printf '\x00\x08\x08\t    ' | unexpand '-3t +/ +6,'

ASAN confirms:

---
==516254==ERROR: heap-buffer-overflow
WRITE of size 1 at 0x7bd06c1e01f3 thread T0
    #0 0x55fbf2552614 in unexpand src/unexpand.c:195
    #1 0x55fbf2552614 in main src/unexpand.c:316
...
---


Kind regards,

Frank

bug#79555: unexpand: heap-buffer-overflow

Reply via email to