PSPP-BUG: [bug #62980] reachable assertion in read

bug-gnu-pspp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSPP-BUG: [bug #62980] reachable assertion in read_string

From:	han zheng
Subject:	PSPP-BUG: [bug #62980] reachable assertion in read_string
Date:	Mon, 29 Aug 2022 13:39:48 -0400 (EDT)

URL:
  <https://savannah.gnu.org/bugs/?62980>

                 Summary: reachable assertion in read_string
                 Project: PSPP
               Submitter: kdsj
               Submitted: Mon 29 Aug 2022 05:39:47 PM UTC
                Category: None
                Severity: 5 - Average
                  Status: None
             Assigned to: None
             Open/Closed: Open
                 Release: None
         Discussion Lock: Any
                  Effort: 0.00


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Mon 29 Aug 2022 05:39:47 PM UTC By: han zheng <kdsj>
## short summary
Hello, I was testing my fuzzer and find a reachable assertion in read_string,
pspp-1.6.2.

## Environment
Ubuntu 21.10
gcc 11.2.0
pspp-1.6.2

## step to reproduce
./configure --disable-shared --without-gui && make -j$(nproc)
./pspp-dump-sav $POC

## output

File header record:
             Product name: @(#) SPSS DATA FILE GNU pspp 0.13.1 -
x86_64-unknown-linux-g
              Layout code: 2
               Compressed: 1 (simple compression)
             Weight index: 0
          Number of cases: 40
         Compression bias: 100
            Creation date: 03 Sep 17
            Creation time: 09:57:13
               File label: ""
000000b4: Record 7, subtype 21, size=603979777, count=70
000000c0: long string value labels
        000000c0: , width 1, 16777215 values
                000000d4: "" (0 bytes) => "" (1 bytes)
pspp-dump-sav: utilities/pspp-dump-sav.c:1659: read_string: Assertion `size >
0' failed.
Aborted

## Credit
Han Zheng(NCNIPC of China, Hexhive)






    _______________________________________________________
File Attachments:


-------------------------------------------------------
Date: Mon 29 Aug 2022 05:39:47 PM UTC  Name: poc1.zip  Size: 307B   By: kdsj

<http://savannah.gnu.org/bugs/download.php?file_id=53628>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?62980>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

PSPP-BUG: [bug #62980] reachable assertion in read_string, han zheng <=

Prev by Date: PSPP-BUG: [bug #62977] heap-buffer-overflow in read_bytes_internal, different from CVE-2018-20230
Next by Date: PSPP-BUG: [bug #62981] divide by zero in xtimes
Previous by thread: PSPP-BUG: [bug #62977] heap-buffer-overflow in read_bytes_internal, different from CVE-2018-20230
Next by thread: PSPP-BUG: [bug #62981] divide by zero in xtimes
Index(es):
- Date
- Thread