Re: Bug: heap-buffer-overflow in lib

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug: heap-buffer-overflow in lib_tparm.c

From:	Thomas Dickey
Subject:	Re: Bug: heap-buffer-overflow in lib_tparm.c
Date:	Mon, 25 May 2020 20:51:48 -0400
User-agent:	NeoMutt/20170113 (1.7.2)

On Tue, May 26, 2020 at 12:30:04AM +0800, address@hidden wrote:
> Version:  ncurses 6.2.20200212OS: Ubuntu 16.04 LTSPOC: 
> https://github.com/puppet-meteor/NLP_POC/blob/master/infotocap/POC_4_000017a 
> similar POC: 
> https://github.com/puppet-meteor/NLP_POC/blob/master/infotocap/POC_11_000057cmd:
>  ./infotocap POC ASAN log:==34710==WARNING: unexpected format specifier in 
> printf interceptor: %#########################################.#
> =================================================================
> ==34710==ERROR: AddressSanitizer: heap-buffer-overflow on address 
> 0x60200000ef76 at pc 0x7ffff6ecb9f5 bp 0x7ffffffea7e0 sp 0x7ffffffe9f70
> WRITE of size 25 at 0x60200000ef76 thread T0
>     #0 0x7ffff6ecb9f4 in __interceptor_vsprintf 
> (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x619f4)
>     #1 0x7ffff6ecbcc9 in __interceptor_sprintf 
> (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x61cc9)

This one's arguably a bug in glibc (technically "undefined behavior",
so one could waste a lot of time arguing), for which I can make a workaround.

-- 
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Bug: heap-buffer-overflow in lib_tparm.c, puppet, 2020/05/25
- Re: Bug: heap-buffer-overflow in lib_tparm.c, Thomas Dickey <=

Prev by Date: Re: Bug: heap-buffer-overflow in captoinfo.c:321
Next by Date: New linux-s terminfo entry: Linux Console with a status line at bottom.
Previous by thread: Bug: heap-buffer-overflow in lib_tparm.c
Next by thread: Bug: heap-buffer-overflow in dump_entry.c
Index(es):
- Date
- Thread