I have identified the same issue. Parsing a relatively small file may
result in a calloc failure because lh_table_new attempts to allocate an
incorrectly size block of memory. In my case it attempted to allocate
over 68 GiB in a single allocation.
The cause seems to be the changes in the CVE patch:
json-c (0.12.1-1.3ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflows
- debian/patches/CVE-2020-12762-*.patch: fix a series of
integer overflows adding checks in linkhash.c, printbuf.c.
- CVE-2020-12762
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020
16:29:02 -0300
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12762
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1878738
Title:
program abort by "lh_table_new: calloc failed"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1878738/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
