[Rpm-maint] [rpm-software-management/rpm] heap out of bounds read in rpmfilesFDepends() (#139)
Hanno Böck
notifications at github.com
Sat Jan 28 09:41:33 UTC 2017
The attached file causes an out of bounds heap read.
[rpm-heap-oob-rpmfilesFDepends.zip](https://github.com/rpm-software-management/rpm/files/736812/rpm-heap-oob-rpmfilesFDepends.zip)
asan error:
```
==27195==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000011d0 at pc 0x00000056a3e5 bp 0x7fff75d8fb10 sp 0x7fff75d8fb08
READ of size 4 at 0x6020000011d0 thread T0
#0 0x56a3e4 in rpmfilesFDepends /f/rpm/rpm/lib/rpmfi.c:676:16
#1 0x56a3e4 in rpmfiFDepends /f/rpm/rpm/lib/rpmfi.c:1809
#2 0x5940b8 in rpmteColorDS /f/rpm/rpm/lib/rpmte.c:488:8
#3 0x58f783 in addTE /f/rpm/rpm/lib/rpmte.c:188:5
#4 0x58f783 in rpmteNew /f/rpm/rpm/lib/rpmte.c:241
#5 0x512642 in addPackage /f/rpm/rpm/lib/depends.c:438:9
#6 0x5122e9 in rpmtsAddInstallElement /f/rpm/rpm/lib/depends.c:493:12
#7 0x57a1d4 in rpmInstall /f/rpm/rpm/lib/rpminstall.c:584:11
#8 0x5057ae in main /f/rpm/rpm/rpmqv.c:295:12
#9 0x7efce4abc78f in __libc_start_main (/lib64/libc.so.6+0x2078f)
#10 0x41c648 in _start (/r/rpm/rpm+0x41c648)
0x6020000011d2 is located 0 bytes to the right of 2-byte region [0x6020000011d0,0x6020000011d2)
allocated by thread T0 here:
#0 0x4cc7a8 in malloc (/r/rpm/rpm+0x4cc7a8)
#1 0x67546e in rstrdup /f/rpm/rpm/rpmio/rpmmalloc.c:74:29
#2 0x5dd0f4 in copyTdEntry /f/rpm/rpm/lib/header.c:1095:28
#3 0x5d82af in intGetTdEntry /f/rpm/rpm/lib/header.c:1294:7
#4 0x5d71b1 in headerGet /f/rpm/rpm/lib/header.c:1317:10
#5 0x55f0bf in rpmfilesPopulate /f/rpm/rpm/lib/rpmfi.c:1448:2
#6 0x55f0bf in rpmfilesNew /f/rpm/rpm/lib/rpmfi.c:1576
#7 0x593a8c in getFiles /f/rpm/rpm/lib/rpmte.c:110:12
#8 0x58f5db in addTE /f/rpm/rpm/lib/rpmte.c:173:16
#9 0x58f5db in rpmteNew /f/rpm/rpm/lib/rpmte.c:241
#10 0x512642 in addPackage /f/rpm/rpm/lib/depends.c:438:9
#11 0x5122e9 in rpmtsAddInstallElement /f/rpm/rpm/lib/depends.c:493:12
#12 0x57a1d4 in rpmInstall /f/rpm/rpm/lib/rpminstall.c:584:11
#13 0x5057ae in main /f/rpm/rpm/rpmqv.c:295:12
#14 0x7efce4abc78f in __libc_start_main (/lib64/libc.so.6+0x2078f)
#15 0x41c648 in _start (/r/rpm/rpm+0x41c648)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/139
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170128/1210fd6f/attachment-0001.html>
More information about the Rpm-maint
mailing list