[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: heap-buffer-overflow in function postprocess_terminfo
From: |
Thomas Dickey |
Subject: |
Re: Bug: heap-buffer-overflow in function postprocess_terminfo |
Date: |
Fri, 11 Oct 2019 21:20:04 -0400 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Fri, Oct 11, 2019 at 09:04:08PM -0400, Thomas Dickey wrote:
> On Fri, Oct 11, 2019 at 08:49:12PM -0400, Thomas Dickey wrote:
> > On Fri, Oct 11, 2019 at 04:44:32PM +0800, address@hidden wrote:
> > > Version: snapshot label v6_1_20191005
> > >
> > > POC: https://github.com/zjuchenyuan/fuzzpoc/raw/master/infotocap_poc5
> > >
> > > ```
> > > # /tmp/infotocap fuzzpoc/infotocap_poc5
> > > =================================================================
> > > ==7==ERROR: AddressSanitizer: heap-buffer-overflow on address
> > > 0x62100001b500 at pc 0x0000004b9e95 bp 0x7fffffffafd0 sp 0x7fffffffafc0
> > > READ of size 1 at 0x62100001b500 thread T0
> >
> > hmm - not "heap-buffer-overflow" (that applies to writes).
>
> You might find this useful:
>
> https://cwe.mitre.org/data/definitions/122.html
>
> (I use asan occasionally, but valgrind frequently - it's slower but usually
> more accurate).
Looking at the reports, in each case asan states "buffer overflow",
but out-of-bounds-read (#125) is the apparent issue. For pocs 1,3,5,
valgrind reports "Invalid read of size xx".
The distinction is worth keeping in mind, since heap/stack buffer
overflows are a more serious issue (since they modify something
unexpectedly) than reads.
The actual problem requires some analysis of course - that's only a symptom.
--
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature