|
From: | Hanno Böck |
Subject: | Invalid memory reads / heap overflows in indent |
Date: | Thu, 7 May 2015 22:13:28 +0200 |
Hi, When compiling indent with address sanitizer (add -fsanitize=address to CFLAGS) it shows several invalid memory accesses / heap overflows. The simplest one is on an empty file: ==8614==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ef2f at pc 0x0000004f8074 bp 0x7fff09efcd10 sp 0x7fff09efcd08 READ of size 1 at 0x60200000ef2f thread T0 #0 0x4f8073 in read_file /f/indent-2.2.11/src/code_io.c:342:9 #1 0x4de558 in indent_single_file /f/indent-2.2.11/src/indent.c:937:25 #2 0x4de558 in indent_all /f/indent-2.2.11/src/indent.c:992 #3 0x4de558 in main /f/indent-2.2.11/src/indent.c:1054 #4 0x7f60c65b2f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289 #5 0x4375e6 in _start (/mnt/ram/indent/indent+0x4375e6) Also on a file simply containing a closing }: ==13768==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000efcc at pc 0x0000004f51a4 bp 0x7fff213e2930 sp 0x7fff213e2928 READ of size 4 at 0x60200000efcc thread T0 #0 0x4f51a3 in parse /f/indent-2.2.11/src/parse.c:465:17 #1 0x510220 in handle_token_rbrace /f/indent-2.2.11/src/handletoken.c:1262:9 #2 0x510220 in handle_the_token /f/indent-2.2.11/src/handletoken.c:2238 #3 0x4e1da3 in indent_main_loop /f/indent-2.2.11/src/indent.c:628:9 #4 0x4e1da3 in indent /f/indent-2.2.11/src/indent.c:715 #5 0x4de75f in indent_single_file /f/indent-2.2.11/src/indent.c:960:19 #6 0x4de75f in indent_all /f/indent-2.2.11/src/indent.c:992 #7 0x4de75f in main /f/indent-2.2.11/src/indent.c:1054 #8 0x7f256664bf9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289 #9 0x4375e6 in _start (/mnt/ram/indent/indent+0x4375e6) I've attached a sample file and full address sanitizer output. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: address@hidden GPG: BBB51E42
indent-heap-overflow-parse.asan.txt
Description: Text document
indent-heap-overflow-parse.c
Description: Text Data
indent-heap-overflow-read_file.asan.txt
Description: Text document
pgpmSWm6VR9rq.pgp
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |