Skip to content
This repository was archived by the owner on Jun 9, 2022. It is now read-only.
This repository was archived by the owner on Jun 9, 2022. It is now read-only.

ckd_calloc_[234]d() out-of-bounds read #74

Open
Open
ckd_calloc_[234]d() out-of-bounds read#74
@guidovranken

Description

@guidovranken
guidovranken
opened on Mar 21, 2020

The following leads to an out-of-bounds read in ckd_free_2d (can be observed with valgrind of AddressSanitizer). It happens whenever the first argument to ckd_calloc_2d is 0. This also applies to the 3d and 4d counterparts.

#include <sphinxbase/ckd_alloc.h>

int main(void)
{
    void* p = ckd_calloc_2d(0, 2, 3);
    ckd_free_2d(p);
    return 0;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions