Bug#779573: marked as done (bibtool: heap buffer overflow in the bibtool tests)
Your message dated Wed, 04 Mar 2015 12:33:35 +0000
with message-id <E1YT8UZ-0004jP-8y@franck.debian.org>
and subject line Bug#779573: fixed in bibtool 2.57+ds-3
has caused the Debian Bug report #779573,
regarding bibtool: heap buffer overflow in the bibtool tests
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
779573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779573
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: bibtool
Version: 2.57+ds-2
Severity: grave
Tags: security upstream
Justification: causes non-serious data loss
As I get random output corruption (see bug 747519) and valgrind
errors, I tried to rebuild the package with:
DEB_CFLAGS_APPEND="-fsanitize=address" debuild -i -us -uc -b
but one test failed with the following error in Test/rewrite_rule_3.err:
=================================================================
==31050==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000e218 at pc 0x7fa1ceab91e9 bp 0x7fffbca6c470 sp 0x7fffbca6c468
WRITE of size 8 at 0x60200000e218 thread T0
#0 0x7fa1ceab91e8 in add_rule /home/vlefevre/software/bibtool-2.57+ds/rewrite.c:313
#1 0x7fa1ceabd9f3 in set_rsc include/bibtool/resource.h:60
#2 0x7fa1ceab3e7c in read_rsc /home/vlefevre/software/bibtool-2.57+ds/parse.c:1029
#3 0x7fa1cea9c4f9 in main /home/vlefevre/software/bibtool-2.57+ds/main.c:472
#4 0x7fa1cd3f1b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x7fa1cea9d6a6 (/home/vlefevre/software/bibtool-2.57+ds/bibtool+0x116a6)
0x60200000e218 is located 0 bytes to the right of 8-byte region [0x60200000e210,0x60200000e218)
allocated by thread T0 here:
#0 0x7fa1cd9e673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x7fa1ceab9123 in add_rule /home/vlefevre/software/bibtool-2.57+ds/rewrite.c:285
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/vlefevre/software/bibtool-2.57+ds/rewrite.c:313 add_rule
Shadow bytes around the buggy address:
0x0c047fff9bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c30: fa fa 06 fa fa fa fd fa fa fa 07 fa fa fa fd fa
=>0x0c047fff9c40: fa fa 00[fa]fa fa 00 00 fa fa 00 fa fa fa 00 fa
0x0c047fff9c50: fa fa 00 03 fa fa 00 04 fa fa 00 04 fa fa 00 03
0x0c047fff9c60: fa fa 00 05 fa fa 00 04 fa fa 00 03 fa fa 05 fa
0x0c047fff9c70: fa fa 00 03 fa fa 00 06 fa fa 07 fa fa fa 00 06
0x0c047fff9c80: fa fa 00 05 fa fa 00 01 fa fa 00 06 fa fa 06 fa
0x0c047fff9c90: fa fa 00 06 fa fa 00 06 fa fa 00 05 fa fa 00 05
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==31050==ABORTING
The 2.58 version in experimental is affected too.
rewrite.c:313 is:
stack[stackp++] = field;
With the context:
if ( stackp > stacksize ) /* */
{ stacksize += 8; /* */
if ( (stack=(Uchar**)realloc((char*)stack, /* */
stacksize*sizeof(char*)))==NULL)/* */
{ OUT_OF_MEMORY("rule stack"); } /* */
} /* */
stack[stackp++] = field; /* */
If I understand correctly, it seems that the 8-byte increase is not
sufficient.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages bibtool depends on:
ii dpkg 1.17.24
ii libc6 2.19-15
ii libkpathsea6 2014.20140926.35254-6
ii tex-common 5.03
bibtool recommends no packages.
bibtool suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: bibtool
Source-Version: 2.57+ds-3
We believe that the bug you reported is fixed in the latest version of
bibtool, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 779573@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jerome Benoit <calculus@rezozer.net> (supplier of updated bibtool package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Mar 2015 07:28:23 +0000
Source: bibtool
Binary: bibtool
Architecture: source amd64
Version: 2.57+ds-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Tex Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Jerome Benoit <calculus@rezozer.net>
Description:
bibtool - tool to manipulate BibTeX files
Closes: 779573
Changes:
bibtool (2.57+ds-3) unstable; urgency=medium
.
* buffer overflow security fix (Closes: #779573).
Checksums-Sha1:
e3598895f8e288cc4d583bd9463e1b0696f75e80 2103 bibtool_2.57+ds-3.dsc
eb5fede248cd2fa0fbcd5917b09446b2fb4e8f66 13172 bibtool_2.57+ds-3.debian.tar.xz
0181a07d5ddb4968d28675e13c5e00fa73a03c66 924322 bibtool_2.57+ds-3_amd64.deb
Checksums-Sha256:
6f8f0707eee6a4ee01b12f48281714c79bb727d2caed42c5bb16f0fe3dabe86f 2103 bibtool_2.57+ds-3.dsc
ec765919edd911bef45fc9422d0dee7c2fdd677da88b922b480b68a480aaf2c5 13172 bibtool_2.57+ds-3.debian.tar.xz
8a60767e61548e64ff67b69761efbc907ddb96ac8cc986a30cb5444a65994375 924322 bibtool_2.57+ds-3_amd64.deb
Files:
bae50e09514e14fd2d82e38b273a6bc1 2103 tex optional bibtool_2.57+ds-3.dsc
ae9966b8f24d0a45c5c7982c8a881a6e 13172 tex optional bibtool_2.57+ds-3.debian.tar.xz
575c2440ff60df2bce5f7e667eba38cb 924322 tex optional bibtool_2.57+ds-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVPb4KmyspEiGDNwTAQixTA//dCEzvyIcAs7RM/UP2CWU45j+rQJEAzq7
c/fzxO5IMen2A63oK0gre19LgOMx4sdicYbYkiEjGtfR6kjH4KCK4wGITsviZ4Wx
xfpHNfzI3wNoxEON9/jjz20pUXD/KHY7oOfHti/mk3a05q+j7ZqK//ZPfvctYMDF
SHSnfSMKOXgLT2UTe+7FVFHr3tqrIQTX+3uOUCwlEsbDjsCqhz+7kMX0EwKcQ8eB
oAI5pijctZWNhBKzqQa9NkYBGeDwnSV+RPjGg4yLzTPtHRFqte4PVoDCpHQeEl3V
mZVVrdtDB74LTWQanNnFfWzW+CCGxr5nMfgo6RGznKwr5aHF/71eAEvcyMC+1dx6
0uum8F7OfvpZTA+iDCmRurhUNKdDuGvj6SXbtmRdtQDkwl2I42ubdgBc9nlGY0cf
19WAfznaQy+1asoXpQY5NeIQQoahRo4/Jl2WHv7VIDANOHvsA18qUtGQclI1eIXO
yyKgAH3b1JPq4e00o4FixifDOhW8d9xpORl2pTatwCiK0dAbMz1adMu3WX/5Ql2g
tEkcGhOIP13bzK57QdByjXDHR4mNmDM1jy03fZcZgN4XZKNeUlInRRfQkXYdQ/3l
pzJnwPFT753pVJlGVEN19DDnge7wwP1UZ4X4bsrcq+t1jjmoeUZgCSiYDRlS2/A/
bshePCF8fXU=
=iXGy
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: