New issue 48509 by ClusterFuzz-External: bind9:dns_master_load_fuzzer: Integer-overflow in genname

Detailed Report: https://oss-fuzz.com/testcase?key=5954650567737344

Project: bind9
Fuzzing Engine: libFuzzer
Fuzz Target: dns_master_load_fuzzer
Job Type: libfuzzer_ubsan_bind9
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  genname
  generate
  load_text
  
Sanitizer: undefined (UBSAN)

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_bind9&range=202202240600:202202250603

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5954650567737344

Test case:

$GENERATE 1-1 <FF> 0 type4 ${2147483647

<FF> is octet 0xff

0000000    24  47  45  4e  45  52  41  54  45  20  31  2d  31  20  ff  20
0000020    30  20  74  79  70  65  34  20  24  7b  32  31  34  37  34  38
0000040    33  36  34  37                                                
0000044

   732 					n = snprintf(numbuf, sizeof(numbuf), fmt,
   733 						     it + delta);

it + delta overflows.

Edited Jun 29, 2022 by Mark Andrews

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information