How to reproduce
$ echo '<table>0<td rowspan=0 colspan=30><img width=900000 src=0 height=0>' | ./w3m -T text/html -dump > /dev/null
*** stack smashing detected ***: ./w3m terminated
The behavior is not stable. w3m sometimes crashes and sometimes doesn't.
Usually It just segfault and sometimes stack protector says stack smashed.
I haven't debugged it, so I don't know why it's unstable and how the stack smashed. Following is my steps to compile w3m:
env AFL_HARDEN=1 AFL_USE_ASAN=1 CC=afl-clang-fast ./configure --enable-image=no
make
This is found by afl-fuzz.
How to reproduce
The behavior is not stable. w3m sometimes crashes and sometimes doesn't.
Usually It just segfault and sometimes stack protector says stack smashed.
I haven't debugged it, so I don't know why it's unstable and how the stack smashed. Following is my steps to compile w3m:
This is found by afl-fuzz.