Hide Forgot
Created attachment 1293510 [details] It is triggered by "./pspp-convert POC1 -O csv /dev/null" Description of problem: There is a NULL Pointer Dereference in function ll_insert() of the libpspp library . Version-Release number of selected component (if applicable): <= latest How reproducible: ./pspp-convert POC1 -O csv /dev/null Steps to Reproduce: The information is as follows: $./pspp-convert POC1 -O csv /dev/null `POC1' near offset 0x1c0: Record type 7, subtype 18 has bad size 4 (expected 1). Segmentation fault The gdb debugging information is as follows: (gdb) s ll_insert (new_elem=<optimized out>, before=<optimized out>) at ./src/libpspp/ll.h:448 448 new_elem->next = before; (gdb) i r $rax rax 0x0 0 (gdb) x/3i $pc => 0x7ffff7a8ddfe <sfm_open+7358>: mov %r12,(%rax) 0x7ffff7a8de01 <sfm_open+7361>: mov %rcx,0x8(%rax) 0x7ffff7a8de05 <sfm_open+7365>: mov %rax,0x248(%r13) (gdb) si Program received signal SIGSEGV, Segmentation fault. ll_insert (new_elem=<optimized out>, before=<optimized out>) at ./src/libpspp/ll.h:448 448 new_elem->next = before; The vulnerability was triggered in function ll_insert() at ll.h:448. In assembly mode we can see that register rax has accessed 0x0. 445 ll_insert (struct ll *before, struct ll *new_elem) 446 { 447 struct ll *before_prev = ll_prev (before); 448 new_elem->next = before; 449 new_elem->prev = before_prev; 450 before_prev->next = before->prev = new_elem; 451 } Actual results: crash Expected results: crash Additional info: This vulnerability is detected by team OWL337, with our custom fuzzer collAFL. Please contact ganshuitao@gmail.com and chaoz@tsinghua.edu.cn if you need more info about the team, the tool or the vulnerability.
pspp-0.10.2-5.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-03893a3b58
pspp-0.10.2-5.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-03893a3b58
pspp-0.10.2-5.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.