| commit | 39ecf3acd60d589e7f5308e905a58717b16795b6 | |
| author | rofl0r <retnyg@gmx.net> | |
| Fri, 21 Sep 2018 16:36:06 +0000 (21 17:36 +0100) | ||
| committer | rofl0r <retnyg@gmx.net> | |
| Fri, 21 Sep 2018 16:36:06 +0000 (21 17:36 +0100) | ||
| tree | 343ddc5319ddd530379c54e888330415ba937768 | treesnapshot (tar.gz zip) |
| parent | 7959ba92b3b1fd41ff1094ca92c91ce3fe8d961a | commitdiff |
fix buffer overflow with huge number of subst args
thanks to ole tange for reporting the issue.
echo a | ./jobflow.out -exec echo {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {}
=================================================================
==5173==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd67da6970 at pc 0x7fb7c72b3904 bp 0x7ffd67d96740 sp 0x7ffd67d95ee8
WRITE of size 1 at 0x7ffd67da6970 thread T0
#0 0x7fb7c72b3903 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c903)
#1 0x4070e1 in substitute_all /home/rofl/jobflow/jobflow.c:544
#2 0x407b1b in dispatch_line /home/rofl/jobflow/jobflow.c:635
#3 0x408704 in main /home/rofl/jobflow/jobflow.c:752
#4 0x7fb7c617082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x401f18 in _start (/home/rofl/jobflow/jobflow.out+0x401f18)
Address 0x7ffd67da6970 is located in stack of thread T0 at offset 65888 in frame
#0 0x407658 in dispatch_line /home/rofl/jobflow/jobflow.c:588
This frame has 6 object(s):
[32, 48) 'line_b'
[96, 112) 'source_storage'
[160, 176) '<unknown>'
[224, 240) 'tilLastDot'
[288, 304) '<unknown>'
[352, 65888) 'subst_buf' <== Memory access at offset 65888 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __asan_memcpy
thanks to ole tange for reporting the issue.
echo a | ./jobflow.out -exec echo {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {} {}
=================================================================
==5173==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd67da6970 at pc 0x7fb7c72b3904 bp 0x7ffd67d96740 sp 0x7ffd67d95ee8
WRITE of size 1 at 0x7ffd67da6970 thread T0
#0 0x7fb7c72b3903 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c903)
#1 0x4070e1 in substitute_all /home/rofl/jobflow/jobflow.c:544
#2 0x407b1b in dispatch_line /home/rofl/jobflow/jobflow.c:635
#3 0x408704 in main /home/rofl/jobflow/jobflow.c:752
#4 0x7fb7c617082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x401f18 in _start (/home/rofl/jobflow/jobflow.out+0x401f18)
Address 0x7ffd67da6970 is located in stack of thread T0 at offset 65888 in frame
#0 0x407658 in dispatch_line /home/rofl/jobflow/jobflow.c:588
This frame has 6 object(s):
[32, 48) 'line_b'
[96, 112) 'source_storage'
[160, 176) '<unknown>'
[224, 240) 'tilLastDot'
[288, 304) '<unknown>'
[352, 65888) 'subst_buf' <== Memory access at offset 65888 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __asan_memcpy
| jobflow.c | diffblobblamehistory |