This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug glob/22332] New: WRITE heap-buffer-overflow in glob()
- From: "tim.ruehsen at gmx dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sat, 21 Oct 2017 17:53:41 +0000
- Subject: [Bug glob/22332] New: WRITE heap-buffer-overflow in glob()
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=22332
Bug ID: 22332
Summary: WRITE heap-buffer-overflow in glob()
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: glob
Assignee: unassigned at sourceware dot org
Reporter: tim.ruehsen at gmx dot de
Target Milestone: ---
Created attachment 10549
--> https://sourceware.org/bugzilla/attachment.cgi?id=10549&action=edit
glob heap-buffer-overflow reproducer
There seems to be another issue:
==32482==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60d0000000c2 at pc 0x000000518166 bp 0x7fff35827050 sp 0x7fff35827048
WRITE of size 1 at 0x60d0000000c2 thread T0
#0 0x518165 in rpl_glob /home/tim/src/wget2/lib/glob.c:762:28
#1 0x50ef16 in main /home/tim/src/wget2/fuzz/ooo/glob_crash.c:58:6
#2 0x7f10b4c342e0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#3 0x4193e9 in _start (/home/tim/src/wget2/fuzz/ooo/glob_crash+0x4193e9)
0x60d0000000c2 is located 0 bytes to the right of 130-byte region
[0x60d000000040,0x60d0000000c2)
allocated by thread T0 here:
#0 0x4d73b0 in __interceptor_malloc
(/home/tim/src/wget2/fuzz/ooo/glob_crash+0x4d73b0)
#1 0x514d8f in rpl_glob /home/tim/src/wget2/lib/glob.c:734:26
#2 0x50ef16 in main /home/tim/src/wget2/fuzz/ooo/glob_crash.c:58:6
#3 0x7f10b4c342e0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
Reproducer C file attached.
--
You are receiving this mail because:
You are on the CC list for the bug.