> On Jan 15, 2019, at 11:18, Evan Miller <emmil...@gmail.com> wrote: > > >> On Jan 15, 2019, at 03:06, Moritz Muehlenhoff <j...@inutil.org> wrote: >> >> That's really strange, do you have the mail address of Zhao, could you ask >> him what happened? > > His address may be leon.zha...@gmail.com - I’ll try it. His GitHub profile is > now a 404.
Okay, email sent, I’ll let you all know if I hear from him. > > Looking at the backtraces and the commit fixing #36 and #37 > (https://github.com/evanmiller/libxls/commit/24044ad7d7cec8a6a1c2370caad27890121a776e) > it is my belief that issues #34 and #35 are NOT fixed. My revised opinion is that these issues MAY be already fixed. The commit above fixed out of bounds writes - it’s possible that such writes were corrupting the pointer that was eventually passed to free(), potentially causing both #34 and #35. I did not find any obvious logical errors in the relevant malloc/free code, but I won’t know for sure without the POC. One thing I will do in the meantime is to reach out to Google Autofuzz and try to get libxls hooked into their infrastructure. They’re pretty good at uncovering all kinds of memory issues. Evan > > I’ll look into them soon. > > Evan > >
