[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: invalid memory access in idna_to_ascii_8z
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: invalid memory access in idna_to_ascii_8z |
|
Date: |
Mon, 4 May 2015 14:08:17 +0200 |
On Sat, Mar 28, 2015 at 12:51 PM, Nikos Mavrogiannopoulos
<address@hidden> wrote:
> Hello Simon,
> Robert reported some invalid memory access in gnutls, and one I traced
> it back to libidn. A reproducer is attached. The reproducer uses strings
> on the heap because valgrind doesn't seem to detect such accesses on the
> stack.
> ==623== Invalid read of size 1
> ==623== at 0x4E38E7F: g_utf8_to_ucs4_fast (nfkc.c:399)
> ==623== by 0x4E38E7F: stringprep_utf8_to_ucs4 (nfkc.c:1023)
> ==623== by 0x4E3A7DE: idna_to_ascii_8z (idna.c:578)
> ==623== by 0x4005FD: main (in /home/nmav/cvs/gnutls/lib/a.out)
> ==623== Address 0x541105f is 1 bytes after a block of size 30 alloc'd
> ==623== at 0x4C28C20: malloc (vg_replace_malloc.c:296)
> ==623== by 0x50E99D9: strdup (strdup.c:42)
> ==623== by 0x4005E0: main (in /home/nmav/cvs/gnutls/lib/a.out)
The attached patches handle the reported issue. However, all functions
which use g_utf8_next_char() including g_utf8_strlen() are affected.
regards,
Nikos
0001-g_utf8_to_ucs4_fast-prevent-access-past-the-end-of-s.patch
Description: Text Data
0002-Added-a-check-for-invalid-encodings.patch
Description: Text Data
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: invalid memory access in idna_to_ascii_8z,
Nikos Mavrogiannopoulos <=