Project: GNU Smalltalk
Category: bug reports
Assigned to: Unassigned
Reported by: hanno
Updated by: hanno
In gst-tool.c there is a loop that compares a given long option with the
available long options. It uses a memcmp call for that with the length
of the given option.
This will cause out of bounds heap reads (that can be detected with
address sanitizer), because many of the available options will be
shorter than a given option.
Changing memcmp to strncmp corrects this bug and will avoid reading the
option strings beyond a terminating zero. See attached patch. This patch
is against the latest test version 3.2.91.