--- Begin Message ---
Subject: |
b2sum: heap-overflow in digest_check |
Date: |
Thu, 22 Jun 2023 17:33:40 +0100 |
Hi,
KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
with:
$ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c
(even '0BA0' seems to work on my machine) ASAN confirms the issue:
> #1 0x0000000000473de0 in __interceptor_strchr (s=<optimized out>,
> c=<optimized out>)
> #2 0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e
> "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
> #3 0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at
> /tmp/src/coreutils-9.3/src/digest.c:1607
Best,
Frank
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#64229: b2sum: heap-overflow in digest_check |
Date: |
Thu, 22 Jun 2023 21:48:28 +0100 |
User-agent: |
Mozilla Thunderbird |
On 22/06/2023 17:33, Frank Busse wrote:
Hi,
KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
with:
$ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c
(even '0BA0' seems to work on my machine) ASAN confirms the issue:
#1 0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized
out>)
#2 0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin")
at /tmp/src/coreutils-9.3/src/digest.c:1216
#3 0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at
/tmp/src/coreutils-9.3/src/digest.c:1607
Nice one.
I'll push the attached later to fix this.
Marking this as done.
thanks,
Pádraig.
b2sum-uar-fix.patch
Description: Text Data
--- End Message ---