bug#64229: closed (b2sum: heap-overflow in digest

emacs-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#64229: closed (b2sum: heap-overflow in digest_check)

From:	GNU bug Tracking System
Subject:	bug#64229: closed (b2sum: heap-overflow in digest_check)
Date:	Thu, 22 Jun 2023 20:49:02 +0000

Your message dated Thu, 22 Jun 2023 21:48:28 +0100
with message-id <11a8d10b-6e65-a36e-68c0-9198d845243e@draigBrady.com>
and subject line Re: bug#64229: b2sum: heap-overflow in digest_check
has caused the debbugs.gnu.org bug report #64229,
regarding b2sum: heap-overflow in digest_check
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
64229: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=64229
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

--- Begin Message --- Subject: b2sum: heap-overflow in digest_check Date: Thu, 22 Jun 2023 17:33:40 +0100

Hi,


KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
with:

$ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c

(even '0BA0' seems to work on my machine) ASAN confirms the issue:

> #1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, 
> c=<optimized out>)
> #2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e 
> "stdin") at /tmp/src/coreutils-9.3/src/digest.c:1216
> #3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at 
> /tmp/src/coreutils-9.3/src/digest.c:1607


Best,

Frank

--- End Message ---

--- Begin Message --- Subject: Re: bug#64229: b2sum: heap-overflow in digest_check Date: Thu, 22 Jun 2023 21:48:28 +0100 User-agent: Mozilla Thunderbird

On 22/06/2023 17:33, Frank Busse wrote:

Hi,


KLEE reported a heap-overflow in b2sum (Coreutils 9.3). When running it
with:

$ printf '\n\n0A0BA0' | coreutils-9.3/bin/b2sum -c

(even '0BA0' seems to work on my machine) ASAN confirms the issue:

#1  0x0000000000473de0 in __interceptor_strchr (s=<optimized out>, c=<optimized 
out>)
#2  0x0000000000500a81 in digest_check (checkfile_name=0x7fffffffe69e "stdin") 
at /tmp/src/coreutils-9.3/src/digest.c:1216
#3  0x00000000005005e9 in main (argc=3, argv=0x7fffffffe3a8) at 
/tmp/src/coreutils-9.3/src/digest.c:1607


Nice one.
I'll push the attached later to fix this.

Marking this as done.

thanks,
Pádraig.

b2sum-uar-fix.patch
Description: Text Data

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

bug#64229: closed (b2sum: heap-overflow in digest_check), GNU bug Tracking System <=

Prev by Date: Processed: unarchive 60467
Next by Date: bug#64233: closed (patch: Ensure that makeinfo ≥ 6.8 checks the @menu structure)
Previous by thread: Processed: unarchive 60467
Next by thread: bug#64233: closed (patch: Ensure that makeinfo ≥ 6.8 checks the @menu structure)
Index(es):
- Date
- Thread