[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: global-buffer-overflow in infocmp
|
From: |
Zhang Gen |
|
Subject: |
Re: Re: global-buffer-overflow in infocmp |
|
Date: |
Wed, 8 Jul 2020 11:41:32 +0800 (GMT+08:00) |
> -----Original Messages-----
> From: "Thomas Dickey" <dickey@his.com>
> Sent Time: 2020-07-08 04:19:09 (Wednesday)
> To: "Zhang Gen" <zhanggen@nudt.edu.cn>
> Cc: dickey@his.com, bug-ncurses@gnu.org
> Subject: Re: global-buffer-overflow in infocmp
>
> On Tue, Jul 07, 2020 at 08:02:54PM +0800, Zhang Gen wrote:
> > > -----Original Messages-----
> > > From: "Thomas Dickey" <dickey@his.com>
> > > Sent Time: 2020-07-07 15:55:39 (Tuesday)
> > > To: "Zhang Gen" <zhanggen@nudt.edu.cn>
> > > Cc: bug-ncurses@gnu.org
> > > Subject: Re: global-buffer-overflow in infocmp
> > >
> > > On Tue, Jul 07, 2020 at 03:30:10PM +0800, Zhang Gen wrote:
> > > > # Summary
> > > > ```
> > > > =================================================================
> > > > ==5462==ERROR: AddressSanitizer: global-buffer-overflow on address
> > > > 0x00000057af47 at pc 0x000000460e86 bp 0x7ffd205f2c00 sp 0x7ffd205f23b0
> > >
> > > This doesn't tell me much.
> > >
> > > It lacks the necessary information to reproduce the problem:
> > >
> > > a) which version (and patch-date)
> > Version: ftp://ftp.invisible-island.net/ncurses/ncurses-6.2.tar.gz
> > Patch: 2020-2-12
>
> Development sources are in
>
> ftp://ftp.invisible-island.net/ncurses/current/
>
> At the moment, the current source is
>
> ftp://ftp.invisible-island.net/ncurses/current/ncurses-6.2-20200704.tgz
>
> > > b) how ncurses was built (configure-script options)
> > CC=clang CXX=clang++ ../configure --prefix=`pwd`/mybin CFLAGS="-g -O0
> > -fsanitize=address" CXXFLAGS="-g -O0 -fsanitize=address"
>
> hmm - whether clang works with static linking and sanitize depends upon
> the platform (it doesn't work with Debian 9). In most cases, the choice
> of compiler doesn't matter much. It doesn't in this one.
>
> > > c) line-numbers for source code
> > infocmp+0x460c85
>
> 0x460c85 is not a line-number (you'd use "-g" option when compiling/linking)
I got several more bugs when testing, but I still have problem in getting
the line number.
You mean adding "-g" in the ./configure options? I did so but fail to get
the line.
Interestinglly, I succeeded in other programs I tested...
Could you please show me how to do it in ncurses?
Best,
Gen
>
> > > d) data used in the test-case
> > infocmp --help
>
> "--help" isn't a valid option ("man infocmp" lists the options).
>
> However, the problem occurs in current code. The compiler writers didn't
> think it important to point out that this statement:
>
> static const char options[][45] =
>
> caused a terminating null on this line:
>
> ," -x unknown capabilities are user-defined"
>
> to be omitted. Changing it to
>
> static const char options[][46] =
>
> makes the problem go away, for now.
>
> By the way, this is another instance of the sanitizer's incorrect messages.
> The problem is _reading_ past the end of a string, not _writing_.
>
> --
> Thomas E. Dickey <dickey@invisible-island.net>
> https://invisible-island.net
> ftp://ftp.invisible-island.net
- global-buffer-overflow in infocmp, Zhang Gen, 2020/07/07
- Re: global-buffer-overflow in infocmp, Thomas Dickey, 2020/07/07
- Re: Re: global-buffer-overflow in infocmp, Zhang Gen, 2020/07/07
- Re: global-buffer-overflow in infocmp, Thomas Dickey, 2020/07/07
- Re: Re: global-buffer-overflow in infocmp, Zhang Gen, 2020/07/07
- Re: Re: global-buffer-overflow in infocmp,
Zhang Gen <=
- Re: global-buffer-overflow in infocmp, Thomas Dickey, 2020/07/08
- Re: Re: global-buffer-overflow in infocmp, Zhang Gen, 2020/07/08
- stack-buffer-overflow in progs/dump_entry.c:1144 in fmt_entry, Zhang Gen, 2020/07/08
- Re: stack-buffer-overflow in progs/dump_entry.c:1144 in fmt_entry, Thomas Dickey, 2020/07/08