bug-ncurses
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A heap-buffer-overflow in postprocess_termcap, ncurse


From: Thomas Dickey
Subject: Re: A heap-buffer-overflow in postprocess_termcap, ncurse
Date: Thu, 28 Apr 2022 04:01:42 -0400
User-agent: Mutt/1.10.1 (2018-07-13)

On Wed, Apr 27, 2022 at 10:16:02PM +0800, 郑晗 wrote:
> ear developers,
> 
> I'm a security researcher and is now trying to test my new fuzzer. I've just 
> found an illegal memory access in the latest commit of ncurse, tic. Here are 
> the informations:
> 
> (1) environment
> Ubuntu 20.04.3 LTS
> gcc 9.3.0

that's a little old.  The current LTS is 20.04.4, with gcc 9.4.0

> ncurse v6_3_20220423, which is also the latest commit 
> 7395e6deb0a2790cb2505669b2ae74751f926e7c 
> 
> (2) step to reproduce: 
> export CFLAGS="-fsanitze=address -g"
> export CXXFLAGS="-fsanitize=address -g"
> ./configure ; make -j$(nproc)
> ./prog/tic $POC
> 
> (3) ASAN Report
> "crash.0", line 1, col 19: dubious character `]' in name or alias field
...

hmm - I can easily reproduce the warnings (from tic), but in a quick check
the asan2 warning doesn't happen.

> =================================================================
> ==3138955==ERROR: AddressSanitizer: heap-buffer-overflow on address 
> 0x621000003900 at pc 0x562f0dfc843f bp 0x7ffd7b41d7d0 sp 0x7ffd7b41d7c0
> READ of size 1 at 0x621000003900 thread T0
...

-- 
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]