Quantcast

[bug] Parameter parsing in gst-tool.c can cause out of bounds reads

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[bug] Parameter parsing in gst-tool.c can cause out of bounds reads

Hanno Böck
Issue status update for
http://smalltalk.gnu.org/node/1006
Post a follow up:
http://smalltalk.gnu.org/project/comments/add/1006

 Project:      GNU Smalltalk
 Version:      <none>
 Component:    Build
 Category:     bug reports
 Priority:     normal
 Assigned to:  Unassigned
 Reported by:  hanno
 Updated by:   hanno
 Status:       active

In gst-tool.c there is a loop that compares a given long option with the
available long options. It uses a memcmp call for that with the length
of the given option.
This will cause out of bounds heap reads (that can be detected with
address sanitizer), because many of the available options will be
shorter than a given option.

Changing memcmp to strncmp corrects this bug and will avoid reading the
option strings beyond a terminating zero. See attached patch. This patch
is against the latest test version 3.2.91.



_______________________________________________
help-smalltalk mailing list
[hidden email]
https://lists.gnu.org/mailman/listinfo/help-smalltalk
Loading...