Your message dated Sat, 11 Nov 2017 13:09:43 +0100
with message-id <[email protected]>
has caused the report #881396,
regarding fig2dev: buffer overflow in note_pattern()
to be marked as having been forwarded to the upstream software
author(s) Thomas Loimer <[email protected]>
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
881396: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881396
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Hi Thomas!
Here's the next input sanitizing bug against fig2dev...
Greetings
Roland
--- Begin Message ---
Package: fig2dev
Version: 1:3.2.6a-5
fig2dev crashes on the attached file:
$ fig2dev -L epic overflow.fig
Segmentation fault
GDB says it's a buffer overflow:
Program received signal SIGSEGV, Segmentation fault.
0x56563a0d in note_pattern (fill_style=123456789) at read.c:1450
warning: Source file is more recent than executable.
1450 pattern_used[fill_style-NUMSHADES-NUMTINTS] = true;
(gdb) bt
#0 0x56563a0d in note_pattern (fill_style=123456789) at read.c:1450
#1 read_splineobject (fp=0x56618838, fp@entry=0x0) at read.c:1054
#2 0x5656522e in read_objects (obj=0x56618838, fp=<optimized out>) at
read.c:380
#3 readfp_fig (fp=<optimized out>, obj=<optimized out>) at read.c:183
#4 0x5655aa47 in main (argc=4, argv=0xffffd744) at fig2dev.c:412
Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Architecture: i386
Versions of packages fig2dev depends on:
ii gawk 1:4.1.4+dfsg-1
ii x11-common 1:7.7+19
ii libc6 2.24-17
ii libpng16-16 1.6.34-1
ii libxpm4 1:3.5.12-1
--
Jakub Wilk
overflow.fig
Description: application/xfig
--- End Message ---
--- End Message ---
