[Rpm-maint] [rpm-software-management/rpm] stack buffer overflow in glob/rpmGlob - rpm 4.13.0.1 (#156)

Panu Matilainen notifications at github.com
Fri Feb 17 11:55:18 UTC 2017


 "./rpm -i rpm-stackoverflow-glob.rpm" is exactly what I was asking for - yes I assumed it must be that but then I don't know, because I cannot reproduce that. Neither could RH security IIRC.

Here's what I see:
```
[pmatilai at sopuli rpm-4.13.x]$ ./rpm -i rpm-stackoverflow-glob.rpm error: rpm-stackoverflow-glob.rpm: not an rpm package (or package manifest): 

=================================================================
==24966==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 27 byte(s) in 1 object(s) allocated from:
    #0 0x7f03f555ee60 in malloc (/lib64/libasan.so.3+0xc6e60)
    #1 0x7f03f4f41846 in rstrdup /home/pmatilai/repos/rpm-4.13.x/rpmio/rpmmalloc.c:74
    #2 0x7f03f4f32bdc in argvAppend /home/pmatilai/repos/rpm-4.13.x/rpmio/argv.c:164
    #3 0x7f03f521a9d2 in rpmInstall /home/pmatilai/repos/rpm-4.13.x/lib/rpminstall.c:453
    #4 0x402985 in main /home/pmatilai/repos/rpm-4.13.x/rpmqv.c:294
    #5 0x7f03f2eae400 in __libc_start_main (/lib64/libc.so.6+0x20400)

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x7f03f555f210 in realloc (/lib64/libasan.so.3+0xc7210)
    #1 0x7f03f4f4180f in rrealloc /home/pmatilai/repos/rpm-4.13.x/rpmio/rpmmalloc.c:65
    #2 0x7f03f521b220 in rpmInstall /home/pmatilai/repos/rpm-4.13.x/lib/rpminstall.c:547
    #3 0x402985 in main /home/pmatilai/repos/rpm-4.13.x/rpmqv.c:294
    #4 0x7f03f2eae400 in __libc_start_main (/lib64/libc.so.6+0x20400)

SUMMARY: AddressSanitizer: 43 byte(s) leaked in 2 allocation(s).
```

Maybe it's down to different compiler flags and the like - what CFLAGS etc are you using to compile?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/156#issuecomment-280630755
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170217/0249841f/attachment-0001.html>


More information about the Rpm-maint mailing list