On Mon, Jul 6, 2015 at 5:45 PM, Pádraig Brady <p...@draigbrady.com> wrote: > On 07/07/15 00:29, Hanno Böck wrote: >> Hi, >> >> There is an out of bounds read error in the function genpattern() in >> shred (coreutils 8.23). This issue only appears randomly. >> >> To test: >> a) recompile coreutils 8.23 with address sanitizer: ./configure >> CFLAGS="-fsanitize=address -g" LDFLAGS="-fsanitize=address"; make >> b) create a test file: touch x >> c) run shred multiple times on it with -n 20: >> for i in $(seq 1 1000); do src/shred -n 20 x; done >> >> You will see the errors. Here's the output from Address Sanitizer: >> >> ==25808==ERROR: AddressSanitizer: global-buffer-overflow on address >> 0x000000416628 at pc 0x4047a0 bp 0x7ffc99fee730 sp 0x7ffc99fee720 >> READ of size 4 at 0x000000416628 thread T0 ... >> SUMMARY: AddressSanitizer: global-buffer-overflow src/shred.c:782 genpattern > > > Nice one! > > It looks like the restriction to the k patterns available > was lost with v5.92-1462-g65533e1 and that this should > fix it up. > > diff --git a/src/shred.c b/src/shred.c > index 63bcd6f..74f7ad9 100644 > --- a/src/shred.c > +++ b/src/shred.c > @@ -785,6 +785,7 @@ genpattern (int *dest, size_t num, struct randint_source > *s) > n--; > } > p++; > + k--;
Nice one, indeed. Thanks to both of you!