New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AddressSanitizer: heap-buffer-overflow in S_do_op_dump_bar #15885
Comments
From mtowalski@pentest.net.plHello, I've attached the poc and the asan log. Information about configuration: Distributor ID: Ubuntu Best Regards, |
From mtowalski@pentest.net.pl================================================================= 0x61500000fa00 is located 0 bytes to the right of 512-byte region [0x61500000f800,0x61500000fa00) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/mtowalski/Fuzzing/Programs/perl-git/perl+0x451b32) in __interceptor_strlen.part.45 |
From @hvdsJust updating subject to function name from stack trace. |
From @tonycozOn Wed, 22 Feb 2017 06:55:56 -0800, mtowalski@pentest.net.pl wrote:
Simplifies to: ./perl -Dx -e 'y;;;' The new code in: commit abd07ec handle op_pv better in op_clear() and op_dump() added the dump of the PV, which I think is incorrect, since it's just a bitmap, which may be non-NUL until the end of the memory block. To get any control over this an attacker would need to feed custom code, and the -Dx switch to the interpreter, so this isn't a security issue, so Tony |
The RT System itself - Status changed from 'new' to 'open' |
From @iabynOn Wed, Feb 22, 2017 at 04:02:31PM -0800, Tony Cook via RT wrote:
Now fixed with v5.25.10-44-gf49e846. -- |
@iabyn - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#130836 (status was 'resolved')
Searchable as RT130836$
The text was updated successfully, but these errors were encountered: