I used clang 6.0 and AddressSanitizer to build mxml 2.12, this file can cause SEGV in function write_element in mxmldoc.c when executing this command:
This is the ASAN information:
==29979==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 0x0000004095a0 bp 0x60800000bf20 sp 0x7ffcc2981e20 T0)
#0 0x40959f in write_element /home/fouzhe/my_fuzz/mxml/mxmldoc.c:3796
#1 0x40cf4e in write_html_body /home/fouzhe/my_fuzz/mxml/mxmldoc.c:4790
#2 0x40e9cb in write_html /home/fouzhe/my_fuzz/mxml/mxmldoc.c:4551
#3 0x402e35 in main /home/fouzhe/my_fuzz/mxml/mxmldoc.c:602
#4 0x7f361bffe82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x402ff8 in _start (/home/fouzhe/my_fuzz/mxml/mxmldoc+0x402ff8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/fouzhe/my_fuzz/mxml/mxmldoc.c:3796 write_element
I used clang 6.0 and AddressSanitizer to build mxml 2.12, this file can cause SEGV in function write_element in mxmldoc.c when executing this command:
./testmxml $crash 1.xmlThis is the ASAN information:
==29979==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 0x0000004095a0 bp 0x60800000bf20 sp 0x7ffcc2981e20 T0) #0 0x40959f in write_element /home/fouzhe/my_fuzz/mxml/mxmldoc.c:3796 #1 0x40cf4e in write_html_body /home/fouzhe/my_fuzz/mxml/mxmldoc.c:4790 #2 0x40e9cb in write_html /home/fouzhe/my_fuzz/mxml/mxmldoc.c:4551 #3 0x402e35 in main /home/fouzhe/my_fuzz/mxml/mxmldoc.c:602 #4 0x7f361bffe82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x402ff8 in _start (/home/fouzhe/my_fuzz/mxml/mxmldoc+0x402ff8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/fouzhe/my_fuzz/mxml/mxmldoc.c:3796 write_element