New issue 48509 by ClusterFuzz-External: bind9:dns_master_load_fuzzer: Integer-overflow in genname
Detailed Report: https://oss-fuzz.com/testcase?key=5954650567737344
Project: bind9
Fuzzing Engine: libFuzzer
Fuzz Target: dns_master_load_fuzzer
Job Type: libfuzzer_ubsan_bind9
Platform Id: linux
Crash Type: Integer-overflow
Crash Address:
Crash State:
genname
generate
load_text
Sanitizer: undefined (UBSAN)
Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_bind9&range=202202240600:202202250603
Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5954650567737344
Test case:
$GENERATE 1-1 <FF> 0 type4 ${2147483647
<FF>
is octet 0xff
0000000 24 47 45 4e 45 52 41 54 45 20 31 2d 31 20 ff 20
0000020 30 20 74 79 70 65 34 20 24 7b 32 31 34 37 34 38
0000040 33 36 34 37
0000044
732 n = snprintf(numbuf, sizeof(numbuf), fmt,
733 it + delta);
it + delta
overflows.
Edited by Mark Andrews