[Bug 2087777] [NEW] heap buffer overflow in midicsv.c:159

Sun, 10 Nov 2024 04:10:43 -0800 

*** This bug is a security vulnerability ***

Public security bug reported:

environment
$ uname -a
Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 
2024 x86_64 x86_64 x86_64 GNU/Linux

build setting
$ git clone https://git.launchpad.net/ubuntu/+source/midicsv
( also possible https://www.fourmilab.ch/webtools/midicsv/#Download )
$ head Makefile

CC = clang
CFLAGS = -g -Wall -fsanitize=address

INSTALL_DEST = /usr/local

# You shouldn't need to change anything after this line

VERSION = 1.1
PROGRAMS = midicsv csvmidi
( edit Makefile for address sanitizer )

When I run the attached poc file, a heap buffer overflow error occurs as 
follows.
The following is the ASAN crash log that occurred when I ran the poc.

$ ./midicsv /tmp/poc/poc1
=================================================================
==44399==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x621000002721 at pc 0x0000004ec3e9 bp 0x7ffe2bb1eb30 sp 0x7ffe2bb1eb28
READ of size 1 at 0x621000002721 thread T0
    #0 0x4ec3e8 in trackcsv /tmp/midicsv/midicsv.c:159:9
    #1 0x4ebd26 in main /tmp/midicsv/midicsv.c:505:2
error: failed to decompress '.debug_aranges', zlib is not available
error: failed to decompress '.debug_info', zlib is not available
error: failed to decompress '.debug_abbrev', zlib is not available
error: failed to decompress '.debug_line', zlib is not available
error: failed to decompress '.debug_str', zlib is not available
error: failed to decompress '.debug_loc', zlib is not available
error: failed to decompress '.debug_ranges', zlib is not available
    #2 0x7f4c94046082 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #3 0x41c2ed in _start (/tmp/midicsv/midicsv+0x41c2ed)

** Affects: midicsv (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "poc1"
   https://bugs.launchpad.net/bugs/2087777/+attachment/5836119/+files/poc1

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2087777

Title:
  heap buffer overflow in midicsv.c:159

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087777/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to