[Rpm-maint] [rpm-software-management/rpm] stack buffer overflow in glob/rpmGlob - rpm 4.13.0.1 (#156)
Panu Matilainen
notifications at github.com
Fri Feb 17 11:55:18 UTC 2017
"./rpm -i rpm-stackoverflow-glob.rpm" is exactly what I was asking for - yes I assumed it must be that but then I don't know, because I cannot reproduce that. Neither could RH security IIRC.
Here's what I see:
```
[pmatilai at sopuli rpm-4.13.x]$ ./rpm -i rpm-stackoverflow-glob.rpm error: rpm-stackoverflow-glob.rpm: not an rpm package (or package manifest):
=================================================================
==24966==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 27 byte(s) in 1 object(s) allocated from:
#0 0x7f03f555ee60 in malloc (/lib64/libasan.so.3+0xc6e60)
#1 0x7f03f4f41846 in rstrdup /home/pmatilai/repos/rpm-4.13.x/rpmio/rpmmalloc.c:74
#2 0x7f03f4f32bdc in argvAppend /home/pmatilai/repos/rpm-4.13.x/rpmio/argv.c:164
#3 0x7f03f521a9d2 in rpmInstall /home/pmatilai/repos/rpm-4.13.x/lib/rpminstall.c:453
#4 0x402985 in main /home/pmatilai/repos/rpm-4.13.x/rpmqv.c:294
#5 0x7f03f2eae400 in __libc_start_main (/lib64/libc.so.6+0x20400)
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7f03f555f210 in realloc (/lib64/libasan.so.3+0xc7210)
#1 0x7f03f4f4180f in rrealloc /home/pmatilai/repos/rpm-4.13.x/rpmio/rpmmalloc.c:65
#2 0x7f03f521b220 in rpmInstall /home/pmatilai/repos/rpm-4.13.x/lib/rpminstall.c:547
#3 0x402985 in main /home/pmatilai/repos/rpm-4.13.x/rpmqv.c:294
#4 0x7f03f2eae400 in __libc_start_main (/lib64/libc.so.6+0x20400)
SUMMARY: AddressSanitizer: 43 byte(s) leaked in 2 allocation(s).
```
Maybe it's down to different compiler flags and the like - what CFLAGS etc are you using to compile?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/156#issuecomment-280630755
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170217/0249841f/attachment-0001.html>
More information about the Rpm-maint
mailing list