[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A heap-buffer-overflow in postprocess_termcap, ncurse
|
From: |
Thomas Dickey |
|
Subject: |
Re: A heap-buffer-overflow in postprocess_termcap, ncurse |
|
Date: |
Thu, 28 Apr 2022 04:01:42 -0400 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Wed, Apr 27, 2022 at 10:16:02PM +0800, 郑晗 wrote:
> ear developers,
>
> I'm a security researcher and is now trying to test my new fuzzer. I've just
> found an illegal memory access in the latest commit of ncurse, tic. Here are
> the informations:
>
> (1) environment
> Ubuntu 20.04.3 LTS
> gcc 9.3.0
that's a little old. The current LTS is 20.04.4, with gcc 9.4.0
> ncurse v6_3_20220423, which is also the latest commit
> 7395e6deb0a2790cb2505669b2ae74751f926e7c
>
> (2) step to reproduce:
> export CFLAGS="-fsanitze=address -g"
> export CXXFLAGS="-fsanitize=address -g"
> ./configure ; make -j$(nproc)
> ./prog/tic $POC
>
> (3) ASAN Report
> "crash.0", line 1, col 19: dubious character `]' in name or alias field
...
hmm - I can easily reproduce the warnings (from tic), but in a quick check
the asan2 warning doesn't happen.
> =================================================================
> ==3138955==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x621000003900 at pc 0x562f0dfc843f bp 0x7ffd7b41d7d0 sp 0x7ffd7b41d7c0
> READ of size 1 at 0x621000003900 thread T0
...
--
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature