[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #54980] buffer overread in jhash_string

From: Hanno Boeck
Subject: [bug #54980] buffer overread in jhash_string
Date: Wed, 7 Nov 2018 04:55:14 -0500 (EST)
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.30 Safari/537.36


                 Summary: buffer overread in jhash_string
                 Project: make
            Submitted by: hanno
            Submitted on: Wed 07 Nov 2018 10:55:13 AM CET
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
       Component Version: None
        Operating System: None
           Fixed Release: None
           Triage Status: None



Compiling make with address sanitize (-fsanitize=address in CFLAGS)
immediately leads to a crash caused by a buffer overread in jhead_string.
Current git code.

ASAN error:

==28371==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55b34a423950 at pc 0x55b34a3c508c bp 0x7ffe7c390690 sp 0x7ffe7c390680
READ of size 4 at 0x55b34a423950 thread T0
    #0 0x55b34a3c508b in jhash_string src/hash.c:464
    #1 0x55b34a406bef in str_hash_1 src/strcache.c:163
    #2 0x55b34a3c2e25 in hash_find_slot src/hash.c:89
    #3 0x55b34a406c8c in add_hash src/strcache.c:193
    #4 0x55b34a40707a in strcache_add_len src/strcache.c:253
    #5 0x55b34a3f596f in construct_include_path src/read.c:2938
    #6 0x55b34a3d9bc5 in main src/main.c:1747
    #7 0x7fcd3619eae6 in __libc_start_main (/lib64/libc.so.6+0x21ae6)
    #8 0x55b34a3a3a29 in _start (/tmp/make+0x22a29)

0x55b34a423950 is located 48 bytes to the left of global variable '*.LC1'
defined in 'src/read.c' (0x55b34a423980) of size 17
  '*.LC1' is ascii string '/usr/gnu/include'
0x55b34a423953 is located 0 bytes to the right of global variable '*.LC0'
defined in 'src/read.c' (0x55b34a423940) of size 19
  '*.LC0' is ascii string '/usr/local/include'


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]