** Description changed:

- heap-buffer-overflow on matio-1.5.28/src/mat.c:2462 Mat_VarPrint when we
- run ./fuzzers/matio_fuzzer ./crashes/poc.
- 
- root@6:/fuzz# ./fuzzers/matio_fuzzer crashes/crash-104
- Reading 5045 bytes from crashes/crash-104
-       Name: easy
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[6] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- }
-       Name: easy
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[6] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- }
-       Name: easy_with_sparse_and_tag
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[14] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
-       Name: d_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-       Name: s_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-       Name: i32_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-       Name: i16_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-       Name: i8_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-       Name: c_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
-       Name: sp
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
-       Name: sp_diag
-       Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- }
-       Name: easy_with_sparse_and_tag
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[14] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
-       Name: d_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 2 3 4 
- }
-       Name: s_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i32_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i16_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i8_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: c_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- 1234
- }
-       Name: sp
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- {
-     (1,1)  3.03865e-319
-     (2,1)  3.16202e-322
-     (3,1)  1.04347e-320
-     (4,1)  2.05531e-320
-     (5,1)  2.56124e-320
-     (1,3)  4.83789e-320
-     (2,3)  5.09085e-320
-     (3,3)  5.34381e-320
-     (4,3)  5.59678e-320
-     (5,3)  5.84974e-320
-     (1,5)  6.7351e-320
-     (2,5)  6.86158e-320
-     (3,5)  6.98806e-320
-     (4,5)  7.11455e-320
-     (5,5)  7.24103e-320
-     (1,7)  7.99991e-320
-     (2,7)  8.12639e-320
-     (3,7)  4.15265e-317
-     (4,7)  8.25287e-320
-     (5,7)  4.15278e-317
-     (1,9)  4.15316e-317
-     (2,9)  8.7588e-320
-     (3,9)  4.15328e-317
-     (4,9)  8.88528e-320
-     (5,9)  4.15341e-317
- }
-       Name: sp_diag
-       Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- {
-     (1,1)  3.03865e-319
-     (2,2)  3.16202e-322
-     (3,3)  1.04347e-320
-     (4,4)  2.05531e-320
-     (5,5)  2.56124e-320
-     (6,6)  3.06716e-320
-     (7,7)  3.57308e-320
-     (8,8)  4.07901e-320
-     (9,9)  4.33197e-320
-     (10,10)  4.58493e-320
- }
- }
-       Name: struct_nested
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[2] {
-       Name: easy
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[6] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- }
-       Name: easy_with_sparse_and_tag
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[14] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
-       Name: d_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-       Name: s_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-       Name: i32_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-       Name: i16_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-       Name: i8_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-       Name: c_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
-       Name: sp
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
-       Name: sp_diag
-       Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- }
- }
-       Name: struct_nested
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[2] {
-       Name: easy
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[6] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- }
-       Name: easy_with_sparse_and_tag
-       Rank: 2
- Dimensions: 1 x 1
- Class Type: Structure
-  Data Type: Structure
- Fields[14] {
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
-       Name: d_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 2 3 4 
- }
-       Name: s_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i32_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i16_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i8_in_tag
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: c_in_tag
-       Rank: 2
- Dimensions: 1 x 4
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- 1234
- }
-       Name: sp
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- {
-     (1,1)  3.03865e-319
-     (2,1)  3.16202e-322
-     (3,1)  1.04347e-320
-     (4,1)  2.05531e-320
-     (5,1)  2.56124e-320
-     (1,3)  4.83789e-320
-     (2,3)  5.09085e-320
-     (3,3)  5.34381e-320
-     (4,3)  5.59678e-320
-     (5,3)  5.84974e-320
-     (1,5)  6.7351e-320
-     (2,5)  6.86158e-320
-     (3,5)  6.98806e-320
-     (4,5)  7.11455e-320
-     (5,5)  7.24103e-320
-     (1,7)  7.99991e-320
-     (2,7)  8.12639e-320
-     (3,7)  4.15265e-317
-     (4,7)  8.25287e-320
-     (5,7)  4.15278e-317
-     (1,9)  4.15316e-317
-     (2,9)  8.7588e-320
-     (3,9)  4.15328e-317
-     (4,9)  8.88528e-320
-     (5,9)  4.15341e-317
- }
-       Name: sp_diag
-       Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- {
-     (1,1)  3.03865e-319
-     (2,2)  3.16202e-322
-     (3,3)  1.04347e-320
-     (4,4)  2.05531e-320
-     (5,5)  2.56124e-320
-     (6,6)  3.06716e-320
-     (7,7)  3.57308e-320
-     (8,8)  4.07901e-320
-     (9,9)  4.33197e-320
-     (10,10)  4.58493e-320
- }
- }
- }
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
-       Name: d
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Double Precision Array
-  Data Type: IEEE 754 double-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
-       Name: s
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: Single Precision Array
-  Data Type: IEEE 754 single-precision
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
-       Name: i32
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 32-bit, signed integer array
-  Data Type: 32-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
-       Name: i16
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 16-bit, signed integer array
-  Data Type: 16-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
-       Name: i8
-       Rank: 2
- Dimensions: 5 x 10
- Class Type: 8-bit, signed integer array
-  Data Type: 8-bit, signed integer
- {
- 1 6 11 16 21 26 31 36 41 46 
- 2 7 12 17 22 27 32 37 42 47 
- 3 8 13 18 23 28 33 38 43 48 
- 4 9 14 19 24 29 34 39 44 49 
- 5 10 15 20 25 30 35 40 45 50 
- }
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
-       Name: c
-       Rank: 2
- Dimensions: 2 x 11
- Class Type: Character Array
-  Data Type: Unicode UTF-8 Encoded Character Data
- {
- char array1
- char array2
- }
- -E- ossfuzz: InflateData: inflate returned data error
-       Name: sp_diag
-       Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
-       Name: sp_diag
-       Rank: 2
- Dimensions: 10 x 10
- Class Type: Sparse Array
-  Data Type: IEEE 754 double-precision
- {
-     (1,1)  3.03865e-319
-     (1,2)  3.16202e-322
- =================================================================
- ==7571==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x602000007598 at pc 0x5dcdd60ed578 bp 0x7fffca418920 sp 0x7fffca418918
- READ of size 4 at 0x602000007598 thread T0
-     #0 0x5dcdd60ed577 in Mat_VarPrint /fuzz/matio/matio/src/mat.c:2462:69
-     #1 0x5dcdd60d6bd9 in MatioRead(char const*) 
/fuzz/matio/matio/ossfuzz/./matio_wrap.h:48:9
-     #2 0x5dcdd60d6ee0 in LLVMFuzzerTestOneInput 
/fuzz/matio/matio/ossfuzz/./matio_fuzzer.cpp:30:12
-     #3 0x5dcdd60d7571 in ExecuteFilesOnyByOne 
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:256:7
-     #4 0x5dcdd60d79ec in LLVMFuzzerRunDriver 
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:377:12
-     #5 0x5dcdd60167e6 in main 
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:312:10
-     #6 0x7f8a86498d8f in __libc_start_call_main 
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
-     #7 0x7f8a86498e3f in __libc_start_main csu/../csu/libc-start.c:392:3
-     #8 0x5dcdd6016854 in _start (/fuzz/fuzzers/matio_fuzzer+0x44c854) 
(BuildId: 47398e734cfc645e953c20da47ea4b4044050bf5)
- 
- 0x602000007599 is located 0 bytes to the right of 9-byte region 
[0x602000007590,0x602000007599)
- allocated by thread T0 here:
-     #0 0x5dcdd6099888 in __interceptor_calloc 
(/fuzz/fuzzers/matio_fuzzer+0x4cf888) (BuildId: 
47398e734cfc645e953c20da47ea4b4044050bf5)
-     #1 0x5dcdd6111f45 in ReadSparse /fuzz/matio/matio/src/mat5.c:528:26
-     #2 0x5dcdd610be59 in Mat_VarRead5 /fuzz/matio/matio/src/mat5.c:3391:26
-     #3 0x5dcdd60d6baa in MatioRead(char const*) 
/fuzz/matio/matio/ossfuzz/./matio_wrap.h:43:9
-     #4 0x5dcdd60d6ee0 in LLVMFuzzerTestOneInput 
/fuzz/matio/matio/ossfuzz/./matio_fuzzer.cpp:30:12
-     #5 0x5dcdd60d7571 in ExecuteFilesOnyByOne 
/fuzz/tools/afl-build/utils/aflpp_driver/aflpp_driver.c:256:7
- 
- SUMMARY: AddressSanitizer: heap-buffer-overflow 
/fuzz/matio/matio/src/mat.c:2462:69 in Mat_VarPrint
- Shadow bytes around the buggy address:
-   0x0c047fff8e60: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
-   0x0c047fff8e70: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
-   0x0c047fff8e80: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
-   0x0c047fff8e90: fa fa fd fa fa fa fd fa fa fa fd fd fa fa fd fd
-   0x0c047fff8ea0: fa fa fd fa fa fa fd fa fa fa fd fd fa fa 00 00
- =>0x0c047fff8eb0: fa fa 00[01]fa fa fa fa fa fa fa fa fa fa fa fa
-   0x0c047fff8ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-   0x0c047fff8ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-   0x0c047fff8ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-   0x0c047fff8ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
-   0x0c047fff8f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
- Shadow byte legend (one shadow byte represents 8 application bytes):
-   Addressable:           00
-   Partially addressable: 01 02 03 04 05 06 07 
-   Heap left redzone:       fa
-   Freed heap region:       fd
-   Stack left redzone:      f1
-   Stack mid redzone:       f2
-   Stack right redzone:     f3
-   Stack after return:      f5
-   Stack use after scope:   f8
-   Global redzone:          f9
-   Global init order:       f6
-   Poisoned by user:        f7
-   Container overflow:      fc
-   Array cookie:            ac
-   Intra object redzone:    bb
-   ASan internal:           fe
-   Left alloca redzone:     ca
-   Right alloca redzone:    cb
- ==7571==ABORTING
+  tset

** Summary changed:

- heap-buffer-overflow on matio-1.5.28/src/mat.c:2462:69 in Mat_VarPrint
+ test

** Attachment removed: "crash-104"
   
https://bugs.launchpad.net/ubuntu/+bug/2095070/+attachment/5852015/+files/crash-104

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2095070

Title:
  test

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2095070/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to