AddressSanitizer: heap-buffer-overflow

[tianmai1]

./codedoc poc225
version 3.7

=================================================================
==43141==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000012f at pc 0x55e9e1ae8aa6 bp 0x7ffefd45f8d0 sp 0x7ffefd45f8c0
READ of size 1 at 0x60200000012f thread T0
    #0 0x55e9e1ae8aa5 in highlight_c_string /home/tianmai/workspace/codedoc(复件)/codedoc.c:1742
    #1 0x55e9e1aea2ac in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2434
    #2 0x55e9e1aea60d in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2517
    #3 0x55e9e1af65f5 in write_html_body /home/tianmai/workspace/codedoc(复件)/codedoc.c:5919
    #4 0x55e9e1af64b9 in write_html /home/tianmai/workspace/codedoc(复件)/codedoc.c:5867
    #5 0x55e9e1ae4194 in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:625
    #6 0x7f7850eb5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #7 0x55e9e1ae25e9 in _start (/home/tianmai/workspace/codedoc(复件)/codedoc+0xe5e9)

0x60200000012f is located 1 bytes to the left of 1-byte region [0x602000000130,0x602000000131)
allocated by thread T0 here:
    #0 0x7f7851726538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538)
    #1 0x55e9e1b024bc in mmd_add /home/tianmai/workspace/codedoc(复件)/mmd.c:1312
    #2 0x55e9e1afe436 in mmdLoadFile /home/tianmai/workspace/codedoc(复件)/mmd.c:660
    #3 0x55e9e1b0226c in mmdLoadString /home/tianmai/workspace/codedoc(复件)/mmd.c:1232
    #4 0x55e9e1aed7ec in scan_file /home/tianmai/workspace/codedoc(复件)/codedoc.c:3575
    #5 0x55e9e1ae3b8e in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:531
    #6 0x7f7850eb5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/tianmai/workspace/codedoc(复件)/codedoc.c:1742 in highlight_c_string
Shadow bytes around the buggy address:
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff8000: fa fa 00 fa fa fa fd fd fa fa 06 fa fa fa 00 02
  0x0c047fff8010: fa fa fd fa fa fa 02 fa fa fa 06 fa fa fa 00 07
=>0x0c047fff8020: fa fa 00 07 fa[fa]01 fa fa fa 01 fa fa fa 01 fa
  0x0c047fff8030: fa fa 06 fa fa fa 05 fa fa fa 05 fa fa fa 03 fa
  0x0c047fff8040: fa fa 00 fa fa fa 04 fa fa fa 07 fa fa fa 00 fa
  0x0c047fff8050: fa fa 00 01 fa fa 00 01 fa fa 00 01 fa fa 04 fa
  0x0c047fff8060: fa fa 02 fa fa fa 02 fa fa fa 00 03 fa fa 00 02
  0x0c047fff8070: fa fa 00 fa fa fa 05 fa fa fa 07 fa fa fa 04 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==43141==ABORTING

poc225.zip

[michaelrsweet]

[master 686cd0c] Fix fuzzing bugs (Issue #13, Issue #14, Issue #15)