[Bug 2087781] [NEW] heap-buffer overflow in midicsv.c:368

Sun, 10 Nov 2024 04:26:12 -0800 

*** This bug is a security vulnerability ***

Public security bug reported:

$ uname -a
Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 
2024 x86_64 x86_64 x86_64 GNU/Linux

build setting
$ git clone https://git.launchpad.net/ubuntu/+source/midicsv
( also possible https://www.fourmilab.ch/webtools/midicsv/#Download )
$ head Makefile

CC = clang
CFLAGS = -g -Wall -fsanitize=address

INSTALL_DEST = /usr/local

# You shouldn't need to change anything after this line

VERSION = 1.1
PROGRAMS = midicsv csvmidi
( edit Makefile for address sanitizer )

When I run the attached poc file, a heap buffer overflow error occurs as 
follows.
The following is the ASAN crash log that occurred when I ran the poc.


$ ./midicsv /tmp/poc/poc10
...
=================================================
==50598==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x621000002721 at pc 0x0000004edc8a bp 0x7ffce4da4250 sp 0x7ffce4da4248
READ of size 1 at 0x621000002721 thread T0
    #0 0x4edc89 in trackcsv /tmp/midicsv/midicsv.c:368:53
    #1 0x4ebd26 in main /tmp/midicsv/midicsv.c:505:2
error: failed to decompress '.debug_aranges', zlib is not available
error: failed to decompress '.debug_info', zlib is not available
error: failed to decompress '.debug_abbrev', zlib is not available
error: failed to decompress '.debug_line', zlib is not available
error: failed to decompress '.debug_str', zlib is not available
error: failed to decompress '.debug_loc', zlib is not available
error: failed to decompress '.debug_ranges', zlib is not available
    #2 0x7fad4f91e082 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #3 0x41c2ed in _start (/tmp/midicsv/midicsv+0x41c2ed)
...

** Affects: midicsv (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "poc10"
   https://bugs.launchpad.net/bugs/2087781/+attachment/5836122/+files/poc10

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2087781

Title:
  heap-buffer overflow in midicsv.c:368

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087781/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to