https://github.com/openssh/openssh-portable/pull/266
Opened by: Artem Shchelkunov
found by: Svace
Project: openssh-portable
Denoscription: memory leak
Opened by: Artem Shchelkunov
found by: Svace
Project: openssh-portable
Denoscription: memory leak
GitHub
Fix memory leak bug by Shchelk · Pull Request #266 · openssh/openssh-portable
the pointer to the allocated memory is overwritten and lost on line 889
https://github.com/luigirizzo/netmap/pull/808
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap
Denoscription: Use of vulnerable function 'sprintf' at netmap
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap
Denoscription: Use of vulnerable function 'sprintf' at netmap
GitHub
used snprintf function instead of sprintf by Shchelk · Pull Request #808 · luigirizzo/netmap
sprintf function is unsafe, used snprintf instead
https://github.com/squid-cache/squid/pull/878
Opened by: Artem Shchelkunov
found by: Svace
Project: squid
Denoscription: nil pointer dereference
Opened by: Artem Shchelkunov
found by: Svace
Project: squid
Denoscription: nil pointer dereference
GitHub
Fix Cache Digest nil and cbdata-invalid pointer dereferences by Shchelk · Pull Request #878 · squid-cache/squid
The nil pointer dereference detected by Svace static analysis tool:
warn: NULL_AFTER_DEREF
Pointer 'fetch->pd' which was dereferenced at peer_digest.cc:702 is
compared to NUL...
warn: NULL_AFTER_DEREF
Pointer 'fetch->pd' which was dereferenced at peer_digest.cc:702 is
compared to NUL...
https://github.com/luigirizzo/netmap-ipfw/pull/10
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap-ipfw
Denoscription: comparison of identical expressions
Opened by: Artem Shchelkunov
found by: Svace
Project: netmap-ipfw
Denoscription: comparison of identical expressions
GitHub
fixed bug found by static analyzer by Shchelk · Pull Request #10 · luigirizzo/netmap-ipfw
Fixed bug that was found by static code analyzer
Comparison of identical expressions always evaluates to false at ip_fw_sockopt.c#L2348
Comparison of identical expressions always evaluates to false at ip_fw_sockopt.c#L2348
https://github.com/OISF/suricata/pull/6291
Opened by: Artem Shchelkunov
found by: Svace
Project: suricata
Denoscription: logic operator precedence in assignment can produce an unexpected result
Opened by: Artem Shchelkunov
found by: Svace
Project: suricata
Denoscription: logic operator precedence in assignment can produce an unexpected result
GitHub
fix: closing bracket was at wrong place by Shchelk · Pull Request #6291 · OISF/suricata
This bug was found by svace static code analyzer
warn: OP_PRECEDENCE_ASSIGN_CMP
msg: Logic operator precedence in assignment can produce an unexpected result
warn: OP_PRECEDENCE_ASSIGN_CMP
msg: Logic operator precedence in assignment can produce an unexpected result
https://github.com/NLnetLabs/unbound/pull/523
Opened by: Artem Shchelkunov
found by: Svace
Project: unbound
Denoscription: double free
State: Closed
Opened by: Artem Shchelkunov
found by: Svace
Project: unbound
Denoscription: double free
State: Closed
GitHub
fix: free() call more than once with the same pointer by Shchelk · Pull Request #523 · NLnetLabs/unbound
If in the function 'parse_create_msg' failed calls 'reply_info_alloc_rrset_keys' or 'parse_copy_decompress' than in the same place will be called rep...
https://github.com/NLnetLabs/unbound/pull/529
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: tainted int
Состояние: Закрыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: tainted int
Состояние: Закрыто
GitHub
Fix: log_assert does nothing if UNBOUND_DEBUG is undefined by Shchelk · Pull Request #529 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Integer value 'len' obtained from untrusted source at tube.c:374 by passing as 2nd parameter to function 'read...
Static analyzer message: Integer value 'len' obtained from untrusted source at tube.c:374 by passing as 2nd parameter to function 'read...
https://github.com/NLnetLabs/unbound/pull/531
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: passed to proc after free
Состояние: Закрыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: passed to proc after free
Состояние: Закрыто
GitHub
Fix: passed to proc after free by Shchelk · Pull Request #531 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Pointer 'dp' is passed to a function at iter_hints.c:401 after the referenced memory was deallocated at iter_hints.c:174 by p...
Static analyzer message: Pointer 'dp' is passed to a function at iter_hints.c:401 after the referenced memory was deallocated at iter_hints.c:174 by p...
https://github.com/NLnetLabs/unbound/pull/530
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: dereferencing a null pointer
Состояние: Открыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: dereferencing a null pointer
Состояние: Открыто
GitHub
Fix: dereferencing a null pointer by Shchelk · Pull Request #530 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Return value of a function 'reply_info_copy' is dereferenced at dns64.c:923 without checking, but it is usually checked for t...
Static analyzer message: Return value of a function 'reply_info_copy' is dereferenced at dns64.c:923 without checking, but it is usually checked for t...
https://github.com/NLnetLabs/unbound/pull/532
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: buffer overflow
Состояние: Открыто
Автор: Артем Щелкунов @kolabach (Айдеко)
Анализатор кода: SVACE
Проект: unbound
Описание бага: buffer overflow
Состояние: Открыто
GitHub
Fix: buffer overflow bug by Shchelk · Pull Request #532 · NLnetLabs/unbound
Found by static analyzer svace
Static analyzer message: Array 'token' of size 65536 bytes passed to function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as...
Static analyzer message: Array 'token' of size 65536 bytes passed to function 'rrinternal_parse_rdata' at str2wire.c:679 by passing as...
Уважаемые подписчики! если кто-то желает быть соавтором канала - пишите мне (@socketpair), выдам права на постинг в этот канал.
https://github.com/tarantool/tarantool/pull/6614
Автор: Алексей Вишняков @SweetVishnya
Анализатор кода: Crusher (sydr-fuzz)
Проект: tarantool
Состояние: Закрыто
Автор: Алексей Вишняков @SweetVishnya
Анализатор кода: Crusher (sydr-fuzz)
Проект: tarantool
Состояние: Закрыто
GitHub
swim: fix out of bounds access in proto decode by SweetVishnya · Pull Request #6614 · tarantool/tarantool
I was playing with libFuzzer and found heap-buffer-overflow.
**pos is dereferenced before it is checked via *pos == end. This leads
to out of bounds access when *pos == end.
You can build Docker fr...
**pos is dereferenced before it is checked via *pos == end. This leads
to out of bounds access when *pos == end.
You can build Docker fr...
https://github.com/tfussell/xlnt/issues/592
https://github.com/tfussell/xlnt/issues/593
https://github.com/tfussell/xlnt/issues/594
https://github.com/tfussell/xlnt/issues/595
https://github.com/tfussell/xlnt/issues/596
https://github.com/tfussell/xlnt/issues/597
https://github.com/tfussell/xlnt/issues/598
Автор: Даниил Куц @dkutz
Анализатор кода: Crusher (sydr-fuzz)
Проект: xlnt
Состояние: Открыто
https://github.com/tfussell/xlnt/issues/593
https://github.com/tfussell/xlnt/issues/594
https://github.com/tfussell/xlnt/issues/595
https://github.com/tfussell/xlnt/issues/596
https://github.com/tfussell/xlnt/issues/597
https://github.com/tfussell/xlnt/issues/598
Автор: Даниил Куц @dkutz
Анализатор кода: Crusher (sydr-fuzz)
Проект: xlnt
Состояние: Открыто
GitHub
Segmentation fault in xlsx_consumer::read_office_document() · Issue #592 · tfussell/xlnt
Hi, I was playing with libFuzzer and found crash when opening xlsx-file with xlnt::workbook::load function. Segmentation fault occurs when loading crash-3bb6db12fd7659ef690ddb7208a1cb990feda70b.txt...