[Rpm-maint] [rpm-software-management/rpm] stack buffer overflow in glob/rpmGlob - rpm (#156)

Hanno Böck notifications at github.com
Fri Feb 17 10:42:28 UTC 2017

This does not affect the current git head code, but it affects the release It's been reported before to the red hat security team and publicly here:


ASAN stack trace:
==16566==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffe01660342 at pc 0x7fe28839a527 bp 0x7ffe01660310 sp 0x7ffe01660308
WRITE of size 1 at 0x7ffe01660342 thread T0
    #0 0x7fe28839a526 in glob /mnt/ram/rpm-rpm-
    #1 0x7fe288393eec in rpmGlob /mnt/ram/rpm-rpm-
    #2 0x7fe2886bfe4a in rpmReadPackageManifest /mnt/ram/rpm-rpm-
    #3 0x7fe2887275e8 in tryReadManifest /mnt/ram/rpm-rpm-
    #4 0x7fe2887275e8 in rpmInstall /mnt/ram/rpm-rpm-
    #5 0x50b446 in main /mnt/ram/rpm-rpm-
    #6 0x7fe2860db1e0 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.24-r1/work/glibc-2.24/csu/../csu/libc-start.c:289
    #7 0x41a429 in _start (/mnt/ram/rpm-rpm-

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170217/911651a8/attachment-0001.html>

More information about the Rpm-maint mailing list