Bug#779573: marked as done (bibtool: heap buffer overflow in the bibtool tests)
Your message dated Fri, 20 Mar 2015 03:19:12 +0000
with message-id <E1YYnSq-0004kU-9F@franck.debian.org>
and subject line Bug#779573: fixed in bibtool 2.59+ds-1
has caused the Debian Bug report #779573,
regarding bibtool: heap buffer overflow in the bibtool tests
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
779573: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779573
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: bibtool
Version: 2.57+ds-2
Severity: grave
Tags: security upstream
Justification: causes non-serious data loss
As I get random output corruption (see bug 747519) and valgrind
errors, I tried to rebuild the package with:
DEB_CFLAGS_APPEND="-fsanitize=address" debuild -i -us -uc -b
but one test failed with the following error in Test/rewrite_rule_3.err:
=================================================================
==31050==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000e218 at pc 0x7fa1ceab91e9 bp 0x7fffbca6c470 sp 0x7fffbca6c468
WRITE of size 8 at 0x60200000e218 thread T0
#0 0x7fa1ceab91e8 in add_rule /home/vlefevre/software/bibtool-2.57+ds/rewrite.c:313
#1 0x7fa1ceabd9f3 in set_rsc include/bibtool/resource.h:60
#2 0x7fa1ceab3e7c in read_rsc /home/vlefevre/software/bibtool-2.57+ds/parse.c:1029
#3 0x7fa1cea9c4f9 in main /home/vlefevre/software/bibtool-2.57+ds/main.c:472
#4 0x7fa1cd3f1b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x7fa1cea9d6a6 (/home/vlefevre/software/bibtool-2.57+ds/bibtool+0x116a6)
0x60200000e218 is located 0 bytes to the right of 8-byte region [0x60200000e210,0x60200000e218)
allocated by thread T0 here:
#0 0x7fa1cd9e673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x7fa1ceab9123 in add_rule /home/vlefevre/software/bibtool-2.57+ds/rewrite.c:285
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/vlefevre/software/bibtool-2.57+ds/rewrite.c:313 add_rule
Shadow bytes around the buggy address:
0x0c047fff9bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9c30: fa fa 06 fa fa fa fd fa fa fa 07 fa fa fa fd fa
=>0x0c047fff9c40: fa fa 00[fa]fa fa 00 00 fa fa 00 fa fa fa 00 fa
0x0c047fff9c50: fa fa 00 03 fa fa 00 04 fa fa 00 04 fa fa 00 03
0x0c047fff9c60: fa fa 00 05 fa fa 00 04 fa fa 00 03 fa fa 05 fa
0x0c047fff9c70: fa fa 00 03 fa fa 00 06 fa fa 07 fa fa fa 00 06
0x0c047fff9c80: fa fa 00 05 fa fa 00 01 fa fa 00 06 fa fa 06 fa
0x0c047fff9c90: fa fa 00 06 fa fa 00 06 fa fa 00 05 fa fa 00 05
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==31050==ABORTING
The 2.58 version in experimental is affected too.
rewrite.c:313 is:
stack[stackp++] = field;
With the context:
if ( stackp > stacksize ) /* */
{ stacksize += 8; /* */
if ( (stack=(Uchar**)realloc((char*)stack, /* */
stacksize*sizeof(char*)))==NULL)/* */
{ OUT_OF_MEMORY("rule stack"); } /* */
} /* */
stack[stackp++] = field; /* */
If I understand correctly, it seems that the 8-byte increase is not
sufficient.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages bibtool depends on:
ii dpkg 1.17.24
ii libc6 2.19-15
ii libkpathsea6 2014.20140926.35254-6
ii tex-common 5.03
bibtool recommends no packages.
bibtool suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: bibtool
Source-Version: 2.59+ds-1
We believe that the bug you reported is fixed in the latest version of
bibtool, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 779573@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jerome Benoit <calculus@rezozer.net> (supplier of updated bibtool package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 19 Mar 2015 18:21:33 +0000
Source: bibtool
Binary: bibtool
Architecture: source amd64
Version: 2.59+ds-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Tex Maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Jerome Benoit <calculus@rezozer.net>
Description:
bibtool - tool to manipulate BibTeX files
Closes: 747519 779573
Changes:
bibtool (2.59+ds-1) experimental; urgency=medium
.
* New upstream version (Closes: #747519, #779573):
- integrate test provided by Vincent Lefevre <vincent@vinc17.net>
to fix issues #747519 and #779573, thanks to him;
- integrate previous Debian micro fix.
* Debianization:
- debian/patches/*, refresh.
Checksums-Sha1:
4ac2b888eed9455e7b4ee591b41daa8138c2b4e3 2103 bibtool_2.59+ds-1.dsc
d4968b918f47e7123fce10227d3ef36963abc2b2 227200 bibtool_2.59+ds.orig.tar.xz
2fdafc455ae916d0600b0dc6ed194653b3e63b9a 12916 bibtool_2.59+ds-1.debian.tar.xz
83235e02456903c9e3fa142a2e57dcde72dd5a56 926440 bibtool_2.59+ds-1_amd64.deb
Checksums-Sha256:
ed586ce64d40f47003de037424e1f163cb1ed5acb0b8f65055ad1e3f9c724c8d 2103 bibtool_2.59+ds-1.dsc
d1eb5d9d95920a37978262e4bea0552a5963db70bcb251889a987f9c982f3e48 227200 bibtool_2.59+ds.orig.tar.xz
86f5291c1fcba4c7bead374611f06e0f1b847180f209b7d1ba7d031bbca8ec7c 12916 bibtool_2.59+ds-1.debian.tar.xz
1a6b057768e7a908dfb2f36d1c98144bdf2f0454f8a4d349de650f73d8933eba 926440 bibtool_2.59+ds-1_amd64.deb
Files:
e1fef791be226066b3a77c35f81552ff 2103 tex optional bibtool_2.59+ds-1.dsc
1f8be7bb2d6397e64e6c41204e333d43 227200 tex optional bibtool_2.59+ds.orig.tar.xz
8235d15de3e7b97aacc78be61e6d9b95 12916 tex optional bibtool_2.59+ds-1.debian.tar.xz
1852680aecad59522370891fc365fc69 926440 tex optional bibtool_2.59+ds-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVQuDamyspEiGDNwTAQgs6A/6AsYUEyPDNnHpe90NgIOVoDBhVpsEo/+Q
4NMOeisVywAaA2SNLWbyncDyMmZR8N6Z7QjCciBC4O2ZeZnyWQ6U5rvl3YhBIlGp
/spCilktyNlJLtwFaYePOdhZ7CUdPlljHWGvlpB4Gj+julae2jd5NcHIVmL3kADz
z2Id56YQX2vdOmyr6gY8g4GJ+KcW8wI9tcZb+Kld6yvIIEdh9taNbMvnWAXB0R2z
L4eyomvxokzpQI0f5dxaoweRPDxY7HHh49dbYLagoG2+V83zcDuLA08WLytCMzww
auvEHeExFmZgdawfelbdztcRue+J8cUsBRvLbjHygHLXj+9t84SCVwQ5/NaqYpPi
VjoBMowlCJTJzr66KqA3ahL2zmnL6f3WkQp6e/blVMTaR78FiL3SZ3Sw2TO53YOD
K+KkIlHy3Qf7bv6YdkLZWdJ4QPn23Nf/YYXvPZj6UqvAgrjbf7+5ThTXxN5MnV6/
UYDx/MDRe7VTu53NYWPlQ52q1x9ftHisGNZfFTRXLoj/D6eTjCuDUcTdoEDTSwCF
ObY0vh1PtemNWjFyBC/xJn6mnM5veNCcaxAR4xfgEXVKb9v8GATFH0ZVeJz3b6th
tfHmUn2S0X34UEvCBQquOQYroo2yCEOtxrv28VMVpOjAvMY3qbSR3Q8651QyV9r/
ALkKdN9cTcw=
=mKj6
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: