help-smalltalk
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-smalltalk] [bug] Parameter parsing in gst-tool.c can cause out of


From: Hanno Böck
Subject: [Help-smalltalk] [bug] Parameter parsing in gst-tool.c can cause out of bounds reads
Date: Thu, 04 Feb 2016 12:46:16 -0700

Issue status update for http://smalltalk.gnu.org/node/1006 Post a follow up: http://smalltalk.gnu.org/project/comments/add/1006

Project:      GNU Smalltalk
Version:      <none>
Component:    Build
Category:     bug reports
Priority:     normal
Assigned to:  Unassigned
Reported by:  hanno
Updated by:   hanno
Status:       active

In gst-tool.c there is a loop that compares a given long option with the
available long options. It uses a memcmp call for that with the length
of the given option.
This will cause out of bounds heap reads (that can be detected with
address sanitizer), because many of the available options will be
shorter than a given option.

Changing memcmp to strncmp corrects this bug and will avoid reading the
option strings beyond a terminating zero. See attached patch. This patch
is against the latest test version 3.2.91.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]