On Sunday 13 June 2021 at 21:22:32 +0200, Adam Lackorzynski wrote: > thanks again. I wonder why it did not reproduce for me earlier. > Could you try attached patch and report back?
Hi Adam, Thanks for the patch. It did seem better. However, when I do a case-insensitive search I now get: ================================================================= ==177613==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc43f1c280 at pc 0x56316a341202 bp 0x7ffc43f1be40 sp 0x7ffc43f1be38 WRITE of size 4 at 0x7ffc43f1c280 thread T0 #0 0x56316a341201 in upcase ../../src/minicom.c:375 #1 0x56316a341201 in StrStr ../../src/minicom.c:392 #2 0x56316a3416fd in find_next ../../src/minicom.c:348 #3 0x56316a33d4c1 in scrollback ../../src/minicom.c:546 #4 0x56316a33d4c1 in main ../../src/minicom.c:1713 #5 0x7fd5eb7c5d09 in __libc_start_main ../csu/libc-start.c:308 #6 0x56316a3400c9 in _start (/overflow/mac/nobackup/git/minicom/build/src/minicom+0x250c9) Address 0x7ffc43f1c280 is located in stack of thread T0 at offset 1056 in frame #0 0x56316a340f2f in StrStr ../../src/minicom.c:386 This frame has 2 object(s): [32, 1056) 'tmpstr1' (line 387) <== Memory access at offset 1056 overflows this variable [1184, 2208) 'tmpstr2' (line 387) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ../../src/minicom.c:375 in upcase Shadow bytes around the buggy address: 0x1000087db800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x1000087db850:[f2]f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 0x1000087db860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1000087db8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==177613==ABORTING Thanks. Mike.