lutianxiong
lutianxiong
if used==0 in parse_int , parse->error maybe REG_NOERROR but return NULL in parse_regexp
we found NULL pointer dereference in re_case_expand() by fuzz testing. ``` ==8==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x00000057f8d9 bp 0x7ffff56ac5f0 sp 0x7ffff56ac470 T0) ==8==The signal is caused by...
we found wild-addr-write by fuzzing flac-master: ``` ==217==ERROR: AddressSanitizer: SEGV on unknown address 0xb6029a2c (pc 0x0822a2ae bp 0xffeb31e8 sp 0xffeb30a0 T0) ==217==The signal is caused by a WRITE memory access....