Date: Sun, 16 Nov 2014 22:42:40 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 195086] New: Overflow a2p utility Message-ID: <bug-195086-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195086 Bug ID: 195086 Summary: Overflow a2p utility Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: up201407890@alunos.dcc.fc.up.pt Hello. My name is Federico Manuel Bento, and i have found what it _appears_ to be a buffer overflow on the a2p (awk2perl) utility. It comes by default on several different systems. Tested on Fedora 20, Fedora 19, Debian, and works probably on every UNIX-likes including BSD's, AIX, etc. Eg: [saken@zippy ~]$ python -c "print 'A' * 2048" | a2p >/dev/null [saken@zippy ~]$ python -c "print 'A' * 2049" | a2p >/dev/null [saken@zippy ~]$ python -c "print 'A' * 2050" | a2p >/dev/null Segmentation fault OR [saken@zippy ~]$ python -c "print 'A'*3000" > lel [saken@zippy ~]$ gdb a2p (gdb) r lel Starting program: /usr/bin/a2p lel [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x000000000040b7c5 in yyparse () (gdb) info reg rax 0x4141414141414141 8680820740569200760 rbx 0x1 1 rcx 0x0 0 rdx 0x67d724 6805284 rsi 0x67dab0 6806192 rdi 0x41414141 2021161080 rbp 0x6 0x6 rsp 0x7fffffffe1d0 0x7fffffffe1d0 r8 0x8 8 r9 0x5f 95 r10 0x0 0 r11 0x38e0174b60 244277791584 r12 0x6 6 r13 0x0 0 r14 0x0 0 r15 0x0 0 rip 0x40b7c5 0x40b7c5 <yyparse+757> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 I'd assume this to be a pretty OLD bug. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-195086-8>