Hanno Boeck
2018-11-07 09:55:14 UTC
URL:
<https://savannah.gnu.org/bugs/?54980>
Summary: buffer overread in jhash_string
Project: make
Submitted by: hanno
Submitted on: Wed 07 Nov 2018 10:55:13 AM CET
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Component Version: None
Operating System: None
Fixed Release: None
Triage Status: None
_______________________________________________________
Details:
Compiling make with address sanitize (-fsanitize=address in CFLAGS)
immediately leads to a crash caused by a buffer overread in jhead_string.
Current git code.
ASAN error:
==28371==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55b34a423950 at pc 0x55b34a3c508c bp 0x7ffe7c390690 sp 0x7ffe7c390680
READ of size 4 at 0x55b34a423950 thread T0
#0 0x55b34a3c508b in jhash_string src/hash.c:464
#1 0x55b34a406bef in str_hash_1 src/strcache.c:163
#2 0x55b34a3c2e25 in hash_find_slot src/hash.c:89
#3 0x55b34a406c8c in add_hash src/strcache.c:193
#4 0x55b34a40707a in strcache_add_len src/strcache.c:253
#5 0x55b34a3f596f in construct_include_path src/read.c:2938
#6 0x55b34a3d9bc5 in main src/main.c:1747
#7 0x7fcd3619eae6 in __libc_start_main (/lib64/libc.so.6+0x21ae6)
#8 0x55b34a3a3a29 in _start (/tmp/make+0x22a29)
0x55b34a423950 is located 48 bytes to the left of global variable '*.LC1'
defined in 'src/read.c' (0x55b34a423980) of size 17
'*.LC1' is ascii string '/usr/gnu/include'
0x55b34a423953 is located 0 bytes to the right of global variable '*.LC0'
defined in 'src/read.c' (0x55b34a423940) of size 19
'*.LC0' is ascii string '/usr/local/include'
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?54980>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
<https://savannah.gnu.org/bugs/?54980>
Summary: buffer overread in jhash_string
Project: make
Submitted by: hanno
Submitted on: Wed 07 Nov 2018 10:55:13 AM CET
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Component Version: None
Operating System: None
Fixed Release: None
Triage Status: None
_______________________________________________________
Details:
Compiling make with address sanitize (-fsanitize=address in CFLAGS)
immediately leads to a crash caused by a buffer overread in jhead_string.
Current git code.
ASAN error:
==28371==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55b34a423950 at pc 0x55b34a3c508c bp 0x7ffe7c390690 sp 0x7ffe7c390680
READ of size 4 at 0x55b34a423950 thread T0
#0 0x55b34a3c508b in jhash_string src/hash.c:464
#1 0x55b34a406bef in str_hash_1 src/strcache.c:163
#2 0x55b34a3c2e25 in hash_find_slot src/hash.c:89
#3 0x55b34a406c8c in add_hash src/strcache.c:193
#4 0x55b34a40707a in strcache_add_len src/strcache.c:253
#5 0x55b34a3f596f in construct_include_path src/read.c:2938
#6 0x55b34a3d9bc5 in main src/main.c:1747
#7 0x7fcd3619eae6 in __libc_start_main (/lib64/libc.so.6+0x21ae6)
#8 0x55b34a3a3a29 in _start (/tmp/make+0x22a29)
0x55b34a423950 is located 48 bytes to the left of global variable '*.LC1'
defined in 'src/read.c' (0x55b34a423980) of size 17
'*.LC1' is ascii string '/usr/gnu/include'
0x55b34a423953 is located 0 bytes to the right of global variable '*.LC0'
defined in 'src/read.c' (0x55b34a423940) of size 19
'*.LC0' is ascii string '/usr/local/include'
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?54980>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/