<p>The attached file causes an out of bounds heap read.<br>
<a href="https://github.com/rpm-software-management/rpm/files/736812/rpm-heap-oob-rpmfilesFDepends.zip">rpm-heap-oob-rpmfilesFDepends.zip</a></p>
<p>asan error:</p>
<pre><code>==27195==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000011d0 at pc 0x00000056a3e5 bp 0x7fff75d8fb10 sp 0x7fff75d8fb08
READ of size 4 at 0x6020000011d0 thread T0
#0 0x56a3e4 in rpmfilesFDepends /f/rpm/rpm/lib/rpmfi.c:676:16
#1 0x56a3e4 in rpmfiFDepends /f/rpm/rpm/lib/rpmfi.c:1809
#2 0x5940b8 in rpmteColorDS /f/rpm/rpm/lib/rpmte.c:488:8
#3 0x58f783 in addTE /f/rpm/rpm/lib/rpmte.c:188:5
#4 0x58f783 in rpmteNew /f/rpm/rpm/lib/rpmte.c:241
#5 0x512642 in addPackage /f/rpm/rpm/lib/depends.c:438:9
#6 0x5122e9 in rpmtsAddInstallElement /f/rpm/rpm/lib/depends.c:493:12
#7 0x57a1d4 in rpmInstall /f/rpm/rpm/lib/rpminstall.c:584:11
#8 0x5057ae in main /f/rpm/rpm/rpmqv.c:295:12
#9 0x7efce4abc78f in __libc_start_main (/lib64/libc.so.6+0x2078f)
#10 0x41c648 in _start (/r/rpm/rpm+0x41c648)
0x6020000011d2 is located 0 bytes to the right of 2-byte region [0x6020000011d0,0x6020000011d2)
allocated by thread T0 here:
#0 0x4cc7a8 in malloc (/r/rpm/rpm+0x4cc7a8)
#1 0x67546e in rstrdup /f/rpm/rpm/rpmio/rpmmalloc.c:74:29
#2 0x5dd0f4 in copyTdEntry /f/rpm/rpm/lib/header.c:1095:28
#3 0x5d82af in intGetTdEntry /f/rpm/rpm/lib/header.c:1294:7
#4 0x5d71b1 in headerGet /f/rpm/rpm/lib/header.c:1317:10
#5 0x55f0bf in rpmfilesPopulate /f/rpm/rpm/lib/rpmfi.c:1448:2
#6 0x55f0bf in rpmfilesNew /f/rpm/rpm/lib/rpmfi.c:1576
#7 0x593a8c in getFiles /f/rpm/rpm/lib/rpmte.c:110:12
#8 0x58f5db in addTE /f/rpm/rpm/lib/rpmte.c:173:16
#9 0x58f5db in rpmteNew /f/rpm/rpm/lib/rpmte.c:241
#10 0x512642 in addPackage /f/rpm/rpm/lib/depends.c:438:9
#11 0x5122e9 in rpmtsAddInstallElement /f/rpm/rpm/lib/depends.c:493:12
#12 0x57a1d4 in rpmInstall /f/rpm/rpm/lib/rpminstall.c:584:11
#13 0x5057ae in main /f/rpm/rpm/rpmqv.c:295:12
#14 0x7efce4abc78f in __libc_start_main (/lib64/libc.so.6+0x2078f)
#15 0x41c648 in _start (/r/rpm/rpm+0x41c648)
</code></pre>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/rpm-software-management/rpm/issues/139">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ANb807HMCzM_coOmy1rUDMoPSiSyyRM1ks5rWw1NgaJpZM4Lwdyx">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/ANb80_YV9YlT5IG0rOu2jNA5U83Qwt-yks5rWw1NgaJpZM4Lwdyx.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="https://github.com/rpm-software-management/rpm/issues/139"></link>
<meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/rpm-software-management/rpm","title":"rpm-software-management/rpm","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/rpm-software-management/rpm"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"heap out of bounds read in rpmfilesFDepends() (#139)"}],"action":{"name":"View Issue","url":"https://github.com/rpm-software-management/rpm/issues/139"}}}</script>