Project

General

Profile

Actions
Copy link

Bug #14427

closed

Fuzzer case 494958340

Added by Matthias Van Ceulebroeck 24 days ago. Updated 2 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Romain Mardulyn
Target version:
4.13.0
Start date:
03/23/2026
Due date:
% Done:

0%

Estimated time:

Description

In the WMessageResources::evalPluralCase(std::string, uint64 n) function, a Boost phoenix parser is used.
This contained various issues within the expression evaluator, caught by the fuzzer. Since it just throws random input at the parser.
One such was resolved in #12374, and #12384 was created to improve/modernize the parser.

There still remains an error, which needs to be investigated.

Input: 9088*272*3088*768*36*576*1088*36352*8*752*32*32/(1-2)

Likely this is an overflow that needs to be guarded against too.

Actions
Copy link
 #1

Updated by Romain Mardulyn 17 days ago

  • Status changed from New to InProgress
  • Assignee set to Romain Mardulyn
Actions
Copy link
 #2

Updated by Romain Mardulyn 17 days ago

  • Status changed from InProgress to Review
  • Target version set to 4.13.0
Actions
Copy link
 #3

Updated by Romain Mardulyn 17 days ago

  • Assignee deleted (Romain Mardulyn)
Actions
Copy link
 #4

Updated by Matthias Van Ceulebroeck 16 days ago

  • Assignee set to Matthias Van Ceulebroeck
Actions
Copy link
 #5

Updated by Romain Mardulyn 7 days ago

  • Status changed from Review to Implemented @Emweb
  • Assignee changed from Matthias Van Ceulebroeck to Romain Mardulyn
Actions
Copy link
 #6

Updated by Romain Mardulyn 2 days ago

  • Status changed from Implemented @Emweb to Closed
  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF