save_remap_init_segments buffer overflow #91
Description
==19624==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000b00 at pc 0x0001000020d3 bp 0x7ffeefbc6960 sp 0x7ffeefbc6958
READ of size 8 at 0x606000000b00 thread T0
#0 0x1000020d2 in save_remap_init_segments save.c:91
#1 0x100007f90 in save_process save.c:640
#2 0x1000aae50 in main main.c:731
The logic in this function doesn't really make sense. It repeatedly sets seg->entries to newly allocated buffers of size sizeof(remap_entry_ctx_t) (i.e. only one element), then at the end tries to use it like an array (seg->entries[seg->entry_count - 1]).