Potential security bug: Buffer overflow in gsl_stats_quantile_from

bug-gsl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Potential security bug: Buffer overflow in gsl_stats_quantile_from_sorte

From:	Zhoulai Fu@Gmail
Subject:	Potential security bug: Buffer overflow in gsl_stats_quantile_from_sorted_data (of library Statistics)
Date:	Thu, 3 Dec 2020 15:12:50 +0100

Running the following code (also attached as a file) triggers a
segmentation error.













*#include <stdio.h>#include <gsl/gsl_sort.h>#include
<gsl/gsl_statistics.h>int main(void){  double upperq;  double data[5] =
{17.2, 18.1, 16.5, 18.3, 12.6};  gsl_sort (data, 1, 5);  upperq =
gsl_stats_quantile_from_sorted_data (data, 1, 5, 675);  return 0;}// gcc
statsort_bug.c -lgsl -lgslcblas; ./a.out*

The error points to statistics/quantiles_source.c:41:


*      result = (1 - delta) * sorted_data[lhs * stride] + delta *
sorted_data[(lhs + 1) * stride] ;*
The segmentation error is due to a stack buffer overflow (where
lhs=2700, strid=1 as shown in GDB). The bug could be exploited for
security attack, knowing that it occurs when the quantile "f" is
beyond the expected [0,1] range (f=675 in this case).

BR,
Zhoulai

statsort_bug.c
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

Potential security bug: Buffer overflow in gsl_stats_quantile_from_sorted_data (of library Statistics), Zhoulai Fu@Gmail <=

Next by Date: [bug #59624] Buffer overflow in gsl_stats_quantile_from_sorted_data
Next by thread: [bug #59624] Buffer overflow in gsl_stats_quantile_from_sorted_data
Index(es):
- Date
- Thread