Segment fault in tic

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Segment fault in tic

From:	Ziqiao Kong
Subject:	Segment fault in tic
Date:	Sun, 23 Apr 2023 22:32:39 +0200

Hello,

Our fuzzer finds a segment fault for tic.

Steps to reproduce:

```
wget -c 
"https://invisible-island.net/archives/ncurses/current/ncurses-6.4-20230418.tgz";
tar xf ncurses-6.4-20230418.tgz
cd ncurses-6.4-20230418
./configure --enable-debug && make -j
./progs/tic -x -s /work/tmpfs/poc
```

Backtrace from gdb:

```
Program received signal SIGSEGV, Segmentation fault.
0x00007f48380af97d in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007f48380af97d in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x0000557b0635df11 in _nc_wrap_entry ()
#2  0x0000557b063584d0 in _nc_parse_entry ()
#3  0x0000557b06354ee4 in _nc_read_entry_source ()
#4  0x0000557b0633b4d6 in main ()
(gdb)
```

Environment:

```
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # uname -a
Linux 72a1b4591f81 5.4.0-147-generic #164-Ubuntu SMP Tue Mar 21
14:23:17 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # cat /etc/issue
Ubuntu 22.04.2 LTS \n \l

[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # gcc --version
gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # g++ --version
g++ (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[afl++ 72a1b4591f81] /ncurses-6.4-20230418 # ld --version
GNU ld (GNU Binutils for Ubuntu) 2.38
Copyright (C) 2022 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.
[afl++ 72a1b4591f81] /ncurses-6.4-20230418 #
```

Attached below is the poc file.

Thanks in advance!

Bests,
Ziqiao

poc.tar.xz
Description: application/xz

[Prev in Thread]

Current Thread

[Next in Thread]

Segment fault in tic, Ziqiao Kong <=
- Re: Segment fault in tic, Thomas Dickey, 2023/04/23
- Re: Segment fault in tic, Thomas Dickey, 2023/04/23
  - Re: Segment fault in tic, Thomas Dickey, 2023/04/23
    - Re: Segment fault in tic, Thomas Dickey, 2023/04/23
    - Re: Segment fault in tic, Ziqiao Kong, 2023/04/23
    - Re: Segment fault in tic, Ziqiao Kong, 2023/04/23
    - Re: Segment fault in tic, Thomas Dickey, 2023/04/24

Prev by Date: no patch tonight
Next by Date: Re: Segment fault in tic
Previous by thread: no patch tonight
Next by thread: Re: Segment fault in tic
Index(es):
- Date
- Thread