You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: I am aware that this project is unmaintained. However, I am still opening this issue to follow CVE's guidelines for EOL software.
There is a null dereference in the print_odf_element function when the parser handles a specially crafted Markdown file. This could be used to perform a denial-of-service attack.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==761952==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005db3b7 bp 0x000000000014 sp 0x7fffffffe030 T0)
==761952==The signal is caused by a READ memory access.
==761952==Hint: address points to the zero page.
#0 0x5db3b7 in print_odf_element /home/sanic/peg-markdown/markdown_output.c:1072:42
#1 0x5dac3a in print_odf_element_list /home/sanic/peg-markdown/markdown_output.c:892:9
#2 0x5dac3a in print_odf_element /home/sanic/peg-markdown/markdown_output.c:1054:9
#3 0x5d4c0a in print_odf_element_list /home/sanic/peg-markdown/markdown_output.c:892:9
#4 0x5d4c0a in print_element_list /home/sanic/peg-markdown/markdown_output.c:1146:26
#5 0x5dca53 in markdown_to_g_string /home/sanic/peg-markdown/markdown_lib.c:163:5
#6 0x5dce84 in markdown_to_string /home/sanic/peg-markdown/markdown_lib.c:175:11
#7 0x4c4d06 in main /home/sanic/peg-markdown/markdown.c:180:11
#8 0x7ffff7b25082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#9 0x41c50d in _start (/home/sanic/peg-markdown/markdown+0x41c50d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/sanic/peg-markdown/markdown_output.c:1072:42 in print_odf_element
==761952==ABORTING
Reproduction Steps
Compile the project using ASAN (Address Sanitizer). For example, CC=afl-clang-fast AFL_USE_ASAN=1 make.
Run ./markdown --to=odf min_null_deref_print_odf_element.md (use the proof-of-concept file attached to this report).
Observe the null dereference in the output.
The text was updated successfully, but these errors were encountered:
Problem Description
Note: I am aware that this project is unmaintained. However, I am still opening this issue to follow CVE's guidelines for EOL software.
There is a null dereference in the
print_odf_elementfunction when the parser handles a specially crafted Markdown file. This could be used to perform a denial-of-service attack.Here is a minimized proof-of-concept Markdown file that triggers the bug: min_null_deref_print_odf_element.md.
The output is as follows:
Reproduction Steps
CC=afl-clang-fast AFL_USE_ASAN=1 make../markdown --to=odf min_null_deref_print_odf_element.md(use the proof-of-concept file attached to this report).The text was updated successfully, but these errors were encountered: