Ticket #4425 (closed defect: fixed)

Opened 22 months ago

Last modified 22 months ago

(lib.c) fix heap buffer overflow

Reported by: and Owned by: andrew_b
Priority: major Milestone: 4.8.29
Component: mc-search Version: master
Keywords: Cc:
Blocked By: Blocking:
Branch state: no branch Votes for changeset: committed-master

Description (last modified by andrew_b) (diff)

Normal start result in this AddressSanitizer? hit.

==17167==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200005b251 at pc 0x5983b1c3be5f bp 0x7ffcc27f4310 sp 0x7ffcc27f4308
WRITE of size 1 at 0x60200005b251 thread T0
    #0 0x5983b1c3be5e in mc_search__change_case_str /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/lib.c:84:14
    #1 0x5983b1c3c03f in mc_search__toupper_case_str /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/lib.c:200:12
    #2 0x5983b1d1b434 in mc_search__cond_struct_new_regex_hex_add /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/regex.c:130:11
    #3 0x5983b1d1ad7f in mc_search__cond_struct_new_regex_accum_append /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/regex.c:180:17
    #4 0x5983b1d147c9 in mc_search__cond_struct_new_regex_ci_str /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/regex.c:251:5
    #5 0x5983b1d136fa in mc_search__cond_struct_new_init_regex /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/regex.c:817:39
    #6 0x5983b1c3d7f0 in mc_search__cond_struct_new /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/search.c:80:9
    #7 0x5983b1c3d2e5 in mc_search_prepare /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/search.c:219:26
    #8 0x5983b1c3d9c3 in mc_search_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/search/search.c:297:10
    #9 0x5983b1c359f2 in mc_fhl_get_color_regexp /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/filehighlight/get-color.c:243:9
    #10 0x5983b1c35385 in mc_fhl_get_color /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/filehighlight/get-color.c:278:19
    #11 0x5983b1a1208f in file_compute_color /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/panel.c:784:12
    #12 0x5983b1a10bfd in format_file /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/panel.c:814:17
    #13 0x5983b1a0fb17 in repaint_file /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/panel.c:954:15
    #14 0x5983b1a0c0b6 in paint_dir /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/panel.c:1071:9
    #15 0x5983b19fab96 in panel_callback /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/panel.c:3731:9
    #16 0x5983b1d08775 in widget_draw /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/widget-common.c:539:19
    #17 0x5983b1d078eb in widget_default_set_state /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/widget-common.c:841:17
    #18 0x5983b1cb3c0b in widget_set_state /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/../../lib/widget/widget-common.h:383:12
    #19 0x5983b1cb286c in group_default_set_state /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/group.c:691:17
    #20 0x5983b1caa8ab in widget_set_state /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/../../lib/widget/widget-common.h:383:12
    #21 0x5983b1cacd14 in dlg_init /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:540:5
    #22 0x5983b1cada9d in dlg_run /tmp/portage/app-misc/mc-9999/work/mc-9999/lib/widget/dialog.c:601:5
    #23 0x5983b19cddd9 in do_nc /tmp/portage/app-misc/mc-9999/work/mc-9999/src/filemanager/filemanager.c:1827:16
    #24 0x5983b1999605 in main /tmp/portage/app-misc/mc-9999/work/mc-9999/src/main.c:455:21
    #25 0x7d3944d620cb  (/lib64/libc.so.6+0x220cb)
    #26 0x7d3944d6217b in __libc_start_main (/lib64/libc.so.6+0x2217b)
    #27 0x5983b18d7d10 in _start (/usr/bin/mc+0x277d10)

Attachments

mc-4425-fix-heap-buffer-overflow.patch (9.2 KB) - added by and 22 months ago.

Change History

Changed 22 months ago by and

comment:1 Changed 22 months ago by andrew_b

  • Component changed from mc-core to mc-search
  • Description modified (diff)

comment:2 Changed 22 months ago by andrew_b

  • Status changed from new to accepted
  • Owner set to andrew_b
  • Milestone changed from Future Releases to 4.8.29

comment:3 Changed 22 months ago by andrew_b

  • Status changed from accepted to testing
  • Votes for changeset set to committed-master
  • Resolution set to fixed

Thanks! Applied with trivial changes as [8a6b2cb91cf6953ad1af42563e705e21fd767929].

comment:4 Changed 22 months ago by andrew_b

  • Status changed from testing to closed
Note: See TracTickets for help on using tickets.