Bug 2259883
Summary: | Heap-buffer-overflow at src/output.c:319 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | nu1lptr <abhishekkrsingh05kr> | ||||
Component: | indent | Assignee: | Petr Pisar <ppisar> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | ppisar, rgatica | ||||
Target Milestone: | --- | Keywords: | Desktop | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html | ||||||
Whiteboard: | |||||||
Fixed In Version: | indent-2.2.13-7.fc40 indent-2.2.13-6.fc39 indent-2.2.13-5.fc38 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2024-02-02 01:13:51 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 2260399 | ||||||
Attachments: |
|
Description
nu1lptr
2024-01-23 16:26:23 UTC
Thanks for the report. It seems the trigger is a strayed left parentheses after a comment with a text: $ printf '/*a*/(' | valgrind -- ./src/indent - -o /dev/null ==10671== Memcheck, a memory error detector ==10671== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==10671== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info ==10671== Command: ./src/indent - -o /dev/null ==10671== ==10671== Invalid read of size 2 ==10671== at 0x40812A: set_buf_break (output.c:319) ==10671== by 0x4026B7: indent_main_loop (indent.c:640) ==10671== by 0x4026B7: indent.isra.0 (indent.c:759) ==10671== by 0x401808: indent_single_file (indent.c:1004) ==10671== by 0x401808: indent_all (indent.c:1042) ==10671== by 0x401808: main (indent.c:1123) ==10671== Address 0x4a5facc is 4 bytes before a block of size 16 alloc'd ==10671== at 0x4849E60: calloc (vg_replace_malloc.c:1595) ==10671== by 0x4070AF: xmalloc (globs.c:42) ==10671== by 0x40655E: init_parser (parse.c:73) ==10671== by 0x40142F: main (indent.c:1101) Though I'm not sure it's exactly the same case as the allocation happens elsewhere. This is not about unbalanced parentheses. '/*a*/()' also triggers it. Created attachment 2010207 [details]
A proposed fix
I think I fixed this issue in the attached patch. I also sent it to indent mailing list.
@ppisar Can you please assign me a CVE? I sent a request by e-mail to secalert and added you to CC. FEDORA-2024-bfd13103eb has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-bfd13103eb FEDORA-2024-74667e499e has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-74667e499e FEDORA-EPEL-2024-8e93f1b716 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8e93f1b716 FEDORA-EPEL-2024-76443fce3f has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-76443fce3f FEDORA-EPEL-2024-8e93f1b716 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8e93f1b716 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2024-74667e499e has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-74667e499e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-74667e499e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2024-bfd13103eb has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-bfd13103eb` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-bfd13103eb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2024-76443fce3f has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-76443fce3f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. *** Bug 2260401 has been marked as a duplicate of this bug. *** FEDORA-2024-bfd13103eb has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2024-74667e499e has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. |