[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-smalltalk] [bug] Parameter parsing in gst-tool.c can cause out of
From: |
Hanno Böck |
Subject: |
[Help-smalltalk] [bug] Parameter parsing in gst-tool.c can cause out of bounds reads |
Date: |
Thu, 04 Feb 2016 12:46:16 -0700 |
Issue status update for
http://smalltalk.gnu.org/node/1006
Post a follow up:
http://smalltalk.gnu.org/project/comments/add/1006
Project: GNU Smalltalk
Version: <none>
Component: Build
Category: bug reports
Priority: normal
Assigned to: Unassigned
Reported by: hanno
Updated by: hanno
Status: active
In gst-tool.c there is a loop that compares a given long option with the
available long options. It uses a memcmp call for that with the length
of the given option.
This will cause out of bounds heap reads (that can be detected with
address sanitizer), because many of the available options will be
shorter than a given option.
Changing memcmp to strncmp corrects this bug and will avoid reading the
option strings beyond a terminating zero. See attached patch. This patch
is against the latest test version 3.2.91.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Help-smalltalk] [bug] Parameter parsing in gst-tool.c can cause out of bounds reads,
Hanno Böck <=