[Bug 2087783] [NEW] heap-buffer overflow in midicsv.c:47

Sun, 10 Nov 2024 04:25:47 -0800 

*** This bug is a security vulnerability ***

Public security bug reported:

$ uname -a
Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 
2024 x86_64 x86_64 x86_64 GNU/Linux

build setting
$ git clone https://git.launchpad.net/ubuntu/+source/midicsv
( also possible https://www.fourmilab.ch/webtools/midicsv/#Download )
$ head Makefile

CC = clang
CFLAGS = -g -Wall -fsanitize=address

INSTALL_DEST = /usr/local

# You shouldn't need to change anything after this line

VERSION = 1.1
PROGRAMS = midicsv csvmidi
( edit Makefile for address sanitizer )

When I run the attached poc file, a heap buffer overflow error occurs as 
follows.
The following is the ASAN crash log that occurred when I ran the poc.

$ ./midicsv /tmp/poc/poc14
...

=================================================================
==52193==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x621000003b09 at pc 0x0000004edf14 bp 0x7ffc85023490 sp 0x7ffc85023488
READ of size 1 at 0x621000003b09 thread T0
    #0 0x4edf13 in vlength /tmp/midicsv/midicsv.c:47:36
    #1 0x4ec018 in trackcsv /tmp/midicsv/midicsv.c:115:17
    #2 0x4ebd26 in main /tmp/midicsv/midicsv.c:505:2
error: failed to decompress '.debug_aranges', zlib is not available
error: failed to decompress '.debug_info', zlib is not available
error: failed to decompress '.debug_abbrev', zlib is not available
error: failed to decompress '.debug_line', zlib is not available
error: failed to decompress '.debug_str', zlib is not available
error: failed to decompress '.debug_loc', zlib is not available
error: failed to decompress '.debug_ranges', zlib is not available
    #3 0x7f534c00c082 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #4 0x41c2ed in _start (/tmp/midicsv/midicsv+0x41c2ed)

** Affects: midicsv (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "poc14"
   https://bugs.launchpad.net/bugs/2087783/+attachment/5836124/+files/poc14

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2087783

Title:
  heap-buffer overflow in midicsv.c:47

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087783/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to