|
| From: | Hanno Boeck |
| Subject: | [bug #45049] Invalid read / heap overflow in function parse_variable_definition() |
| Date: | Thu, 07 May 2015 22:10:52 +0000 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.60 Safari/537.36 |
URL:
<http://savannah.gnu.org/bugs/?45049>
Summary: Invalid read / heap overflow in function
parse_variable_definition()
Project: make
Submitted by: hanno
Submitted on: Fri 08 May 2015 12:10:49 AM CEST
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Component Version: None
Operating System: None
Fixed Release: None
Triage Status: None
_______________________________________________________
Details:
Attached sample file (which is just a $ character) will cause an invalid read
/ heap overflow in make.
This can be seen with either address sanitizer or valgrind. I've attached full
address sanitizer output.
This was found with the tool american fuzzy lop.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Fri 08 May 2015 12:10:49 AM CEST Name:
Makefile.heapoverflow-parse_variable_definition Size: 1B By: hanno
<http://savannah.gnu.org/bugs/download.php?file_id=33958>
-------------------------------------------------------
Date: Fri 08 May 2015 12:10:49 AM CEST Name:
Makefile.heapoverflow-parse_variable_definition.asan.txt Size: 3kB By:
hanno
<http://savannah.gnu.org/bugs/download.php?file_id=33959>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?45049>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |