I have identified the same issue. Parsing a relatively small file may
result in a calloc failure because lh_table_new attempts to allocate an
incorrectly size block of memory. In my case it attempted to allocate
over 68 GiB in a single allocation.
The cause seems to be the changes in the CVE patch:
json-c (0.12.1-1.3ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflows
- debian/patches/CVE-2020-12762-*.patch: fix a series of
integer overflows adding checks in linkhash.c, printbuf.c.
- CVE-2020-12762
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020
16:29:02 -0300
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12762
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to json-c in Ubuntu.
https://bugs.launchpad.net/bugs/1878738
Title:
program abort by "lh_table_new: calloc failed"
Status in json-c package in Ubuntu:
Confirmed
Bug description:
I wrote small sample program which abort by lh_table_new calloc failed.
see this.
https://gist.github.com/735eec6fd0869df1facb08da5baa402c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1878738/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
