21607dfb75
The `ObjFileParser::getFace` method failed to recognize the vertical tab character (`\v`, 0x0b) as a separator. While the `IsSpaceOrNewLine` utility handles most whitespace (space, tab, CR, LF, FF), it excludes `\v`. When encountering a vertical tab, the parser fell through to an `else` block that calls `::atoi(&(*m_DataIt))`. Because `atoi` treats `\v` as whitespace per the C standard, it skips the character and continues reading. If `\v` is located at the end of the buffer (e.g., followed by a newline at the buffer boundary), `atoi` can read past the allocated memory, triggering a heap-buffer-overflow. This fix explicitly checks for `\v` and treats it as a separator, resetting the position counter and preventing the invalid `atoi` call. Verified with AddressSanitizer and confirmed that all 584 existing unit tests pass. Fixes: https://issues.oss-fuzz.com/issues/476180586 Signed-off-by: Bill Wendling <morbo@google.com> Co-authored-by: Meder Kydyraliev <meder@google.com> Co-authored-by: CodeMender <codemender-patching@google.com>
29 KiB
29 KiB