关键信息 Title FascinatedBox lily main-branch Heap-based Buffer Overflow Description Found a heap-buffer-overflow vulnerability in the Lily interpreter. Crash in function when generating an error message/traceback. ASAN indicates READ violation of size 1 byte before heap region (Buffer Underflow). Environment OS: Linux x86_64 Compiler: Clang Build Configuration: Release with ASan enabled Vulnerability Details Target: Lily ( ) Type: CWE-125: Out-of-bounds Read (Underflow) Function: Location: Root Cause: Crash in error handling subsystem ( ). Function likely attempts to trim characters from buffer leading to unverified access at offset -1 byte. Reproduce Steps 1. Build Lily with Release and ASAN enabled. 2. Run with crashing file: GitHub Link