[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#78507: [Security] Heap Buffer Overflow in GNU Coreutils sort (CWE-12
|
From: |
Pádraig Brady |
|
Subject: |
bug#78507: [Security] Heap Buffer Overflow in GNU Coreutils sort (CWE-122) |
|
Date: |
Tue, 20 May 2025 18:15:48 +0100 |
|
User-agent: |
Mozilla Thunderbird Beta |
On 20/05/2025 16:15, Pádraig Brady wrote:
Indeed. I introduced this in coreutils 7.2 (2009).
One can repro on Fedora for e.g. with:
_POSIX2_VERSION=200809 LC_ALL=C valgrind sort +0.18446744073709551615R
poc_input.txt
==984625== Memcheck, a memory error detector
==984625== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==984625== Command: sort +0.18446744073709551615R poc_input.txt
==984625==
==984625== Invalid read of size 1
Going back to the more verbose code from coreutils 7.1 avoids the issue.
I'll test a bit more here and post a full patch in a while.
The attached patch addresses the issue here,
and includes a test verified to trigger with ASAN or valgrind available.
I'll push this later.
thanks,
Pádraig
sort-under-read.patch
Description: Text Data