[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #66052] [troff] possible 1-byte stack overwrite, heap overread
|
From: |
G. Branden Robinson |
|
Subject: |
[bug #66052] [troff] possible 1-byte stack overwrite, heap overread |
|
Date: |
Fri, 9 Aug 2024 00:27:37 -0400 (EDT) |
Update of bug #66052 (group groff):
Status: In Progress => Fixed
Open/Closed: Open => Closed
Planned Release: None => 1.24.0
_______________________________________________________
Follow-up Comment #5:
commit 568beeb2efed5299868585c9bf3c700413cf1a12
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Wed Aug 7 01:36:09 2024 -0500
[troff]: Fix Savannah #66052 (1/2).
* src/roff/troff/env.cpp (hyphenate): Fix potential one-byte stack
overwrite if attempting to hyphenate a 256-letter sequence within a
word. Reserve space for null terminator in `hbuf` character array.
Initially, this isn't necessary because the array is simply walked to
normalize hyphenation codes by their equivalence classes. However,
when we subsequently look up the (possibly partial) word in the
exception dictionaries, `hbuf` (or a pointer into it) needs to be
treatable as a C string, thus null-terminated. Respell already
correct expression later in the code to reinforce similarity.
Partially fixes <https://savannah.gnu.org/bugs/?66052>. Thanks to Lukas
Javorsky for identifying the problem using "SAST analyzers (combination
of coverity, snyk, cppcheck, gcc, clang, shellcheck, unicontrol)".
ANNOUNCE: Acknowledge Lukas.
commit 2248cf30f12892931e8df391578aa7627d7c8d1c
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Wed Aug 7 02:08:17 2024 -0500
[troff]: Fix Savannah #66052 (2/2).
* src/roff/troff/input.cpp (temp_iterator::temp_iterator): Prevent
potential heap overreads. Ensure that temporary iterators are
null-terminated when constructing them.
Fixes <https://savannah.gnu.org/bugs/?66052> (2/2). Thanks to Lukas
Javorsky for identifying the problem using "SAST analyzers {combination
of coverity, snyk, cppcheck, gcc, clang, shellcheck, unicontrol}".
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66052>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
- [bug #66052] Possible OVERRUN on two arrays in roff/troff, Lukas, 2024/08/01
- [bug #66052] [troff] possible 1-byte stack and heap overruns, G. Branden Robinson, 2024/08/01
- [bug #66052] [troff] possible 1-byte stack and heap overruns, G. Branden Robinson, 2024/08/07
- [bug #66052] [troff] possible 1-byte stack and heap overruns, G. Branden Robinson, 2024/08/07
- [bug #66052] [troff] possible 1-byte stack overwrite, heap overread, G. Branden Robinson, 2024/08/07
- [bug #66052] [troff] possible 1-byte stack overwrite, heap overread, G. Branden Robinson, 2024/08/07
- [bug #66052] [troff] possible 1-byte stack overwrite, heap overread, G. Branden Robinson, 2024/08/08
- [bug #66052] [troff] possible 1-byte stack overwrite, heap overread,
G. Branden Robinson <=
- [bug #66052] [troff] possible 1-byte stack overwrite, heap overread, Lukas Javorsky, 2024/08/21
- [bug #66052] [troff] possible 1-byte stack overwrite, heap overread, G. Branden Robinson, 2024/08/31