Ticket #4642 (accepted defect) — at Version 2

Opened 3 weeks ago

Last modified 3 weeks ago

Buffer overflow in vfs_parse_ls_lga

Reported by: zaytsev Owned by: zaytsev
Priority: major Milestone: 4.8.34
Component: mc-vfs Version: master
Keywords: Cc:
Blocked By: Blocking:
Branch state: merged Votes for changeset:

Description (last modified by zaytsev) (diff)

Found in Alpine/musl on s390x, confirmed on aarch64 using valgrind - introduced in 65a7278d8a34abe804299d721749bc747e4a4833:

==156518== Invalid read of size 1
==156518==    at 0x413BE0: vfs_parse_ls_lga (parse_ls_vga.c:863)
==156518==    by 0x4076C3: process_ls_line (mc_parse_ls_l.c:350)
==156518==    by 0x4076C3: process_input (mc_parse_ls_l.c:376)
==156518==    by 0x40736B: main (mc_parse_ls_l.c:404)
==156518==  Address 0x536be6f is 1 bytes before a block of size 2 alloc'd
==156518==    at 0x48854F0: malloc (vg_replace_malloc.c:446)
==156518==    by 0x4CF4FCB: g_malloc (gmem.c:100)
==156518==    by 0x4D0E99B: g_strdup (gstrfuncs.c:323)
==156518==    by 0x413887: g_strdup_inline (gstrfuncs.h:321)
==156518==    by 0x413887: vfs_parse_ls_lga (parse_ls_vga.c:848)
==156518==    by 0x4076C3: process_ls_line (mc_parse_ls_l.c:350)
==156518==    by 0x4076C3: process_input (mc_parse_ls_l.c:376)
==156518==    by 0x40736B: main (mc_parse_ls_l.c:404)

https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/79071

Change History

comment:1 Changed 3 weeks ago by zaytsev

  • Status changed from new to accepted
  • Owner set to zaytsev

comment:2 Changed 3 weeks ago by zaytsev

  • Description modified (diff)
Note: See TracTickets for help on using tickets.