[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Segment fault in tic
From: |
Ziqiao Kong |
Subject: |
Segment fault in tic |
Date: |
Sun, 23 Apr 2023 22:32:39 +0200 |
Hello,
Our fuzzer finds a segment fault for tic.
Steps to reproduce:
```
wget -c
"https://invisible-island.net/archives/ncurses/current/ncurses-6.4-20230418.tgz"
tar xf ncurses-6.4-20230418.tgz
cd ncurses-6.4-20230418
./configure --enable-debug && make -j
./progs/tic -x -s /work/tmpfs/poc
```
Backtrace from gdb:
```
Program received signal SIGSEGV, Segmentation fault.
0x00007f48380af97d in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007f48380af97d in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x0000557b0635df11 in _nc_wrap_entry ()
#2 0x0000557b063584d0 in _nc_parse_entry ()
#3 0x0000557b06354ee4 in _nc_read_entry_source ()
#4 0x0000557b0633b4d6 in main ()
(gdb)
```
Environment:
```
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # uname -a
Linux 72a1b4591f81 5.4.0-147-generic #164-Ubuntu SMP Tue Mar 21
14:23:17 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # cat /etc/issue
Ubuntu 22.04.2 LTS \n \l
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # gcc --version
gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # g++ --version
g++ (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # ld --version
GNU ld (GNU Binutils for Ubuntu) 2.38
Copyright (C) 2022 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 #
```
Attached below is the poc file.
Thanks in advance!
Bests,
Ziqiao
poc.tar.xz
Description: application/xz
- Segment fault in tic,
Ziqiao Kong <=