stackoverflow in deleteFrameSet() on malform input

How to reproduce:

echo '<U><frameset><frameset>0000000000000000000000000<button type=>000<i></button>00000000000000000000000000000000000000000000' | ./w3m -T text/html -dump

ASAN output:

ASAN:SIGSEGV
=================================================================
==3819287==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd7abd6ff8 (pc 0x0000006331a5 bp 0x0000006b65e5 sp 0x7ffd7abd7000 T0)
    #0 0x6331a4  (/w3m/run/w3m.afl-asan+0x6331a4)
    #1 0x633330  (/w3m/run/w3m.afl-asan+0x633330)
    #2 0x633330  (/w3m/run/w3m.afl-asan+0x633330)
last line repeats....

This is found by afl-fuzz.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

stackoverflow in deleteFrameSet() on malform input #10

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

stackoverflow in deleteFrameSet() on malform input #10

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions