Ticket #4642 (new defect) — at Initial Version
Buffer overflow in vfs_parse_ls_lga
| Reported by: | zaytsev | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 4.8.34 |
| Component: | mc-vfs | Version: | master |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Branch state: | on review | Votes for changeset: |
Description
Found in Alpine/musl on s390x, confirmed on aarch64 using valgrind - introduced in 65a7278d:
==156518== Invalid read of size 1 ==156518== at 0x413BE0: vfs_parse_ls_lga (parse_ls_vga.c:863) ==156518== by 0x4076C3: process_ls_line (mc_parse_ls_l.c:350) ==156518== by 0x4076C3: process_input (mc_parse_ls_l.c:376) ==156518== by 0x40736B: main (mc_parse_ls_l.c:404) ==156518== Address 0x536be6f is 1 bytes before a block of size 2 alloc'd ==156518== at 0x48854F0: malloc (vg_replace_malloc.c:446) ==156518== by 0x4CF4FCB: g_malloc (gmem.c:100) ==156518== by 0x4D0E99B: g_strdup (gstrfuncs.c:323) ==156518== by 0x413887: g_strdup_inline (gstrfuncs.h:321) ==156518== by 0x413887: vfs_parse_ls_lga (parse_ls_vga.c:848) ==156518== by 0x4076C3: process_ls_line (mc_parse_ls_l.c:350) ==156518== by 0x4076C3: process_input (mc_parse_ls_l.c:376) ==156518== by 0x40736B: main (mc_parse_ls_l.c:404)
https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/79071
Note: See
TracTickets for help on using
tickets.
