bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47412: env: fragile argument parsing

From: Pádraig Brady
Subject: bug#47412: env: fragile argument parsing
Date: Fri, 26 Mar 2021 20:12:53 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Thunderbird/84.0 
On 26/03/2021 15:00, Frank Busse wrote:

Hi,


env crashes for some nonsensical command line arguments (reported by
KLEE), e.g.:

---

python3 -c "import os; os.execl('./src/env', 'env', b'--s=\"\"\t\x0b')"


=================================================================
==140651==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x603000000028 at pc 0x562e1cc1078a bp 0x7ffd59964dd0 sp 0x7ffd59964dc0
WRITE of size 8 at 0x603000000028 thread T0
  #0 0x562e1cc10789 in build_argv src/env.c:511
  #1 0x562e1cc10982 in parse_split_string src/env.c:548
  #2 0x562e1cc127bc in main src/env.c:849
  #3 0x7f1c167e3b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
  #4 0x562e1cc0e54d in _start (coreutils-8.32/src/env+0x654d)

0x603000000028 is located 0 bytes to the right of 24-byte region
[0x603000000010,0x603000000028)
allocated by thread T0 here:
  #0 0x7f1c16a3b459 in __interceptor_malloc 
/build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145
  #1 0x562e1cc19463 in xmalloc lib/xmalloc.c:41
  #2 0x562e1cc0ff54 in build_argv src/env.c:404
  #3 0x562e1cc10982 in parse_split_string src/env.c:548
  #4 0x562e1cc127bc in main src/env.c:849
  #5 0x7f1c167e3b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)


Confirmed on an ASAN build of the latest source.
I'll fix it up.

thanks!
Pádraig
reply via email to
[Prev in Thread] Current Thread [Next in Thread]