[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: global-buffer-overflow in infocmp
From: |
Thomas Dickey |
Subject: |
Re: global-buffer-overflow in infocmp |
Date: |
Tue, 7 Jul 2020 16:19:09 -0400 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Tue, Jul 07, 2020 at 08:02:54PM +0800, Zhang Gen wrote:
> > -----Original Messages-----
> > From: "Thomas Dickey" <dickey@his.com>
> > Sent Time: 2020-07-07 15:55:39 (Tuesday)
> > To: "Zhang Gen" <zhanggen@nudt.edu.cn>
> > Cc: bug-ncurses@gnu.org
> > Subject: Re: global-buffer-overflow in infocmp
> >
> > On Tue, Jul 07, 2020 at 03:30:10PM +0800, Zhang Gen wrote:
> > > # Summary
> > > ```
> > > =================================================================
> > > ==5462==ERROR: AddressSanitizer: global-buffer-overflow on address
> > > 0x00000057af47 at pc 0x000000460e86 bp 0x7ffd205f2c00 sp 0x7ffd205f23b0
> >
> > This doesn't tell me much.
> >
> > It lacks the necessary information to reproduce the problem:
> >
> > a) which version (and patch-date)
> Version: ftp://ftp.invisible-island.net/ncurses/ncurses-6.2.tar.gz
> Patch: 2020-2-12
Development sources are in
ftp://ftp.invisible-island.net/ncurses/current/
At the moment, the current source is
ftp://ftp.invisible-island.net/ncurses/current/ncurses-6.2-20200704.tgz
> > b) how ncurses was built (configure-script options)
> CC=clang CXX=clang++ ../configure --prefix=`pwd`/mybin CFLAGS="-g -O0
> -fsanitize=address" CXXFLAGS="-g -O0 -fsanitize=address"
hmm - whether clang works with static linking and sanitize depends upon
the platform (it doesn't work with Debian 9). In most cases, the choice
of compiler doesn't matter much. It doesn't in this one.
> > c) line-numbers for source code
> infocmp+0x460c85
0x460c85 is not a line-number (you'd use "-g" option when compiling/linking)
> > d) data used in the test-case
> infocmp --help
"--help" isn't a valid option ("man infocmp" lists the options).
However, the problem occurs in current code. The compiler writers didn't
think it important to point out that this statement:
static const char options[][45] =
caused a terminating null on this line:
," -x unknown capabilities are user-defined"
to be omitted. Changing it to
static const char options[][46] =
makes the problem go away, for now.
By the way, this is another instance of the sanitizer's incorrect messages.
The problem is _reading_ past the end of a string, not _writing_.
--
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature
- global-buffer-overflow in infocmp, Zhang Gen, 2020/07/07
- Re: global-buffer-overflow in infocmp, Thomas Dickey, 2020/07/07
- Re: Re: global-buffer-overflow in infocmp, Zhang Gen, 2020/07/07
- Re: global-buffer-overflow in infocmp,
Thomas Dickey <=
- Re: Re: global-buffer-overflow in infocmp, Zhang Gen, 2020/07/07
- Re: Re: global-buffer-overflow in infocmp, Zhang Gen, 2020/07/07
- Re: global-buffer-overflow in infocmp, Thomas Dickey, 2020/07/08
- Re: Re: global-buffer-overflow in infocmp, Zhang Gen, 2020/07/08
- stack-buffer-overflow in progs/dump_entry.c:1144 in fmt_entry, Zhang Gen, 2020/07/08
- Re: stack-buffer-overflow in progs/dump_entry.c:1144 in fmt_entry, Thomas Dickey, 2020/07/08