Created attachment 1498273 [details]
Trigger by "./captoinfo POC1"
There is a Segmentation fault on unknown address in function _nc_parse_entry in libncurses.
The asan debug is as follows:
==84668==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f91e96dea73 sp 0x7ffe1ffc7318 bp 0x7ffe1ffc7350 T0)
==84668==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
#0 0x7f91e96dea72 (/lib/x86_64-linux-gnu/libc.so.6+0x89a72)
#1 0x4587b2 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4587b2)
#2 0x4ff3ca (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4ff3ca)
#3 0x4ee143 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4ee143)
#4 0x482739 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x482739)
#5 0x7f91e9675a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#6 0x47e428 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x47e428)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
normal execution as below:
Program received signal SIGSEGV, Segmentation fault.
__strchr_avx2 () at ../sysdeps/x86_64/multiarch/strchr-avx2.S:57
57 ../sysdeps/x86_64/multiarch/strchr-avx2.S: No such file or directory.
#0 __strchr_avx2 () at ../sysdeps/x86_64/multiarch/strchr-avx2.S:57
#1 0x000000000047e240 in _nc_parse_entry ()
#2 0x0000000000471394 in _nc_read_entry_source ()
#3 0x0000000000406505 in main ()
In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream mailing list?
Hello shuitao and Miroslav,
Is this maybe a duplicate of CVE-2018-10754?
It doesn't crash with current ncurses, and as noted is not relevant to RHEL7.
In a quick check, it doesn't crash with ncurses 6.1 release, either.