rdkit:mol_data_stream_to_mol_fuzzer: Heap-use-after-free in RDKit::SGroupParsing::ParseSGroupV2000SAPLine


Project: https://github.com/rdkit/rdkit.git Detailed Report: https://oss-fuzz.com/testcase?key=5976509373480960 Project: rdkit Fuzzing Engine: afl Fuzz Target: mol_data_stream_to_mol_fuzzer Job Type: afl_asan_rdkit Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x607000002194 Crash State: RDKit::SGroupParsing::ParseSGroupV2000SAPLine RDKit::ParseMolBlockProperties RDKit::FileParserUtils::ParseV2000CTAB Sanitizer: address (ASAN) Recommended Security Severity: High Crash Revision: https://oss-fuzz.com/revisions?job=afl_asan_rdkit&revision=202005260636 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5976509373480960 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.

Affected Software

CPE Name Name Version
rdkit 2020.03.1b
rdkit 2019.09.1
rdkit 2019.09.1b
rdkit 2019.03.1
rdkit 2019.03.1b
rdkit 2018.09.1
rdkit 2018.09.1b
rdkit 2018.03.1b
rdkit 2017.09.1b
rdkit 2017.03.1
rdkit 2017.03.1b
rdkit 2016.09.1
rdkit 2016.09.1b
rdkit 2016.09.1a
rdkit 2016.03.1
rdkit 2016.03.1b
rdkit 2015.09.1
rdkit 2015.09.1beta
rdkit 2015.03.1
rdkit 2015.03.1beta
rdkit 2014.09.1
rdkit 2014.09.1beta
rdkit 2014.03.1
rdkit 2014.03.1beta
rdkit 2013.09.1
rdkit 2013.09.1beta
rdkit 2013.09.1pre
rdkit 2013.06.1
rdkit 2013.06.1beta
rdkit 2.4.0-Binary