[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSPP-BUG: [bug #61253] heap-buffer-overflow in pspp at u8-mbtoucr.c:26

From: Irfan Ariq
Subject: PSPP-BUG: [bug #61253] heap-buffer-overflow in pspp at u8-mbtoucr.c:26
Date: Thu, 30 Sep 2021 16:14:47 -0400 (EDT)
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36


                 Summary: heap-buffer-overflow in pspp at u8-mbtoucr.c:26
                 Project: PSPP
            Submitted by: irfanariq
            Submitted on: Thu 30 Sep 2021 08:14:45 PM UTC
                Category: None
                Severity: 5 - Average
                  Status: None
             Assigned to: None
             Open/Closed: Open
                 Release: None
         Discussion Lock: Any
                  Effort: 0.00




We are currently working on fuzz testing feature, and we found a
**heap-buffer-overflow** on `pspp`.

The stack traces are as follow:
==29403==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60c000000d80 at pc 0x7ff2bf7711d9 bp 0x7ffdcbb09100 sp 0x7ffdcbb090f0
READ of size 1 at 0x60c000000d80 thread T0
    #0 0x7ff2bf7711d8 in u8_mbtoucr unistr/u8-mbtoucr.c:26
    #1 0x7ff2bf9aae90 in segmenter_u8_to_uc__ src/language/lexer/segment.c:71
    #2 0x7ff2bf9ace15 in segmenter_parse_comment_2__
    #3 0x7ff2bf9b2f15 in segmenter_push src/language/lexer/segment.c:1653
    #4 0x7ff2bf9a4f98 in lex_source_get__ src/language/lexer/lexer.c:1376
    #5 0x7ff2bf9a046c in lex_get src/language/lexer/lexer.c:229
    #6 0x7ff2bf99ce10 in do_parse_command src/language/command.c:247
    #7 0x7ff2bf99c809 in cmd_parse_in_state src/language/command.c:147
    #8 0x7ff2bf99c8d9 in cmd_parse src/language/command.c:162
    #9 0x55c5ce8b6e30 in main src/ui/terminal/main.c:136
The full stack trace is attached.

**Step to reproduce**

We configured `pspp` using `CFLAGS="-g -O0 -fsanitize=address" CXXFLAGS="-g
-O0 -fsanitize=address" ./configure --prefix=$(pwd)/ --without-cairo
--without-perl-module` and built in using `make -j10`, and run it with:

./pspp <attached file> device=treminal format=odt
The input file is attached.

- OS: Ubuntu 18.04.5 LTS
- GCC version: gcc 7.5.0
- pspp version: [pspp

Thank you.


File Attachments:

Date: Thu 30 Sep 2021 08:14:45 PM UTC  Name: full_stacktrace_poc_2.zip  Size:
1KiB   By: irfanariq

Date: Thu 30 Sep 2021 08:14:45 PM UTC  Name: input_pspp_poc_2.zip  Size: 260B 
 By: irfanariq



Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]