[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: heap-buffer-overflow in function postprocess_terminfo
From: |
Thomas Dickey |
Subject: |
Re: Bug: heap-buffer-overflow in function postprocess_terminfo |
Date: |
Fri, 11 Oct 2019 20:49:12 -0400 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Fri, Oct 11, 2019 at 04:44:32PM +0800, address@hidden wrote:
> Version: snapshot label v6_1_20191005
>
> POC: https://github.com/zjuchenyuan/fuzzpoc/raw/master/infotocap_poc5
>
> ```
> # /tmp/infotocap fuzzpoc/infotocap_poc5
> =================================================================
> ==7==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100001b500
> at pc 0x0000004b9e95 bp 0x7fffffffafd0 sp 0x7fffffffafc0
> READ of size 1 at 0x62100001b500 thread T0
hmm - not "heap-buffer-overflow" (that applies to writes).
This is an old bug (in logic used for compatibility with ancient
AIX terminfo), which reads past the end of a string.
--
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature