*** This bug is a security vulnerability *** Public security bug reported:
$ uname -a Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux build setting $ git clone https://git.launchpad.net/ubuntu/+source/midicsv ( also possible https://www.fourmilab.ch/webtools/midicsv/#Download ) $ head Makefile CC = clang CFLAGS = -g -Wall -fsanitize=address INSTALL_DEST = /usr/local # You shouldn't need to change anything after this line VERSION = 1.1 PROGRAMS = midicsv csvmidi ( edit Makefile for address sanitizer ) When I run the attached poc file, a heap buffer overflow error occurs as follows. The following is the ASAN crash log that occurred when I ran the poc. $ ./midicsv /tmp/poc/poc19 0, 0, Header, 1, 13, 384 1, 0, Start_track 1, 0, Time_signature, 4, 2, 24, 8 1, 0, Key_signature, 0, "major" 1, 0, Unknown_event, 00x 1, 100, Unknown_event, 00x 1, 181, Unknown_event, 00x 1, 184, Unknown_event, 00x 1, 190, Pitch_bend_c, 2, 55 ================================================================= ==52723==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000029 at pc 0x0000004ecd01 bp 0x7ffe2d5cf0b0 sp 0x7ffe2d5cf0a8 READ of size 1 at 0x603000000029 thread T0 #0 0x4ecd00 in trackcsv /tmp/midicsv/midicsv.c:221:21 #1 0x4ebd26 in main /tmp/midicsv/midicsv.c:505:2 error: failed to decompress '.debug_aranges', zlib is not available error: failed to decompress '.debug_info', zlib is not available error: failed to decompress '.debug_abbrev', zlib is not available error: failed to decompress '.debug_line', zlib is not available error: failed to decompress '.debug_str', zlib is not available error: failed to decompress '.debug_loc', zlib is not available error: failed to decompress '.debug_ranges', zlib is not available #2 0x7fa008f59082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #3 0x41c2ed in _start (/tmp/midicsv/midicsv+0x41c2ed) ** Affects: midicsv (Ubuntu) Importance: Undecided Status: New ** Attachment added: "poc19" https://bugs.launchpad.net/bugs/2087784/+attachment/5836125/+files/poc19 ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2087784 Title: heap-buffer overflow in midicsv.c:221 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087784/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
