<html>
<body>
<script type="application/ld+json">
{
  "@context": "http://schema.org",
  "@type": "EmailMessage",
  "potentialAction": {
    "@type": "ViewAction",
    "name": "View Issue",
    "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3727"
  },
  "description": ""
}
</script>

<div style="font-family: arial, sans-serif"><br/>Comment #3 on issue 3727 by <a href="mailto:kcc@google.com">kcc@google.com</a>: llvm/llvm-special-case-list-fuzzer: Global-buffer-overflow in p_bracket<br/><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3727#c3">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3727#c3</a><br/><br/>Of course, this is just regexp: <br/>==1==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000006a18bc at pc 0x00000057f8e9 bp 0x7ffc38c8faf0 sp 0x7ffc38c8fae8<br/>READ of size 1 at 0x0000006a18bc thread T0<br/>SCARINESS: 12 (1-byte-read-global-buffer-overflow)<br/>#0 0x57f8e8 in p_b_coll_elem /src/llvm/lib/Support/regcomp.c:889:42<br/>#1 0x57f8e8 in p_b_eclass /src/llvm/lib/Support/regcomp.c:848<br/>#2 0x57f8e8 in p_b_term /src/llvm/lib/Support/regcomp.c:783<br/> #3 0x57f8e8 in p_bracket /src/llvm/lib/Support/regcomp.c:698<br/> #4 0x56d884 in p_ere_exp /src/llvm/lib/Support/regcomp.c:377:3<br/> #5 0x56d884 in p_ere /src/llvm/lib/Support/regcomp.c:277<br/> #6 0x56e1fb in p_ere_exp /src/llvm/lib/Support/regcomp.c:331:4<br/> #7 0x56e1fb in p_ere /src/llvm/lib/Support/regcomp.c:277<br/>#8 0x56b074 in llvm_regcomp /src/llvm/lib/Support/regcomp.c:232:3<br/>#9 0x56a6dd in llvm::Regex::Regex(llvm::StringRef, unsigned int) /src/llvm/lib/Support/Regex.cpp:34:11<br/><br/>-- <br/>You received this message because:<br/>  1. You were specifically CC'd on the issue<br/><br/>You may adjust your notification preferences at:<br/><a href="https://bugs.chromium.org/hosting/settings">https://bugs.chromium.org/hosting/settings</a><br/><br/>Reply to this email to add a comment.</div>
</body>
</html>