Re: Bug: heap-buffer-overflow in captoinfo.c:321

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug: heap-buffer-overflow in captoinfo.c:321

From:	Thomas Dickey
Subject:	Re: Bug: heap-buffer-overflow in captoinfo.c:321
Date:	Mon, 25 May 2020 17:13:24 -0400
User-agent:	NeoMutt/20170113 (1.7.2)

On Tue, May 26, 2020 at 12:45:28AM +0800, address@hidden wrote:
> Version:  ncurses 6.2.20200212OS: Ubuntu 16.04 LTSPOC: 
> https://github.com/puppet-meteor/NLP_POC/blob/master/infotocap/POC_13_000511cmd:
>  ./infotocap POC ASAN 
> log:=================================================================
> ==35739==ERROR: AddressSanitizer: heap-buffer-overflow on address 
> 0x62100001c900 at pc 0x000000438979 bp 0x7fffffffbc10 sp 0x7fffffffbc00
> READ of size 1 at 0x62100001c900 thread T0

This one's the easy one to reproduce.  As you can see by the "READ",
it's not a "heap-buffer-overflow" but what someone referred to as
an over-read (read past the end of the buffer).

-- 
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Bug: heap-buffer-overflow in captoinfo.c:321, puppet, 2020/05/25
- Re: Bug: heap-buffer-overflow in captoinfo.c:321, Thomas Dickey <=

Prev by Date: Re: Bug: heap-buffer-overflow in dump_entry.c
Next by Date: Re: Bug: heap-buffer-overflow in lib_tparm.c
Previous by thread: Bug: heap-buffer-overflow in captoinfo.c:321
Next by thread: Bug: SEGV in lib_tparm.c:611
Index(es):
- Date
- Thread